Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rat infecting my computer


  • This topic is locked This topic is locked
8 replies to this topic

#1 hadora

hadora

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 20 January 2017 - 07:11 PM

hello all,

 

i have a strong reason to believe my computer (Windows 10) was infected by a rat that was installed by someone that i trusted and personal info was stolen about my health, the reason i'm pretty sure i was infected is because this person started to give hints about my health problems that no one was aware of and i was told that there was some "magic man" that could see everything i do in my house (webcam spying ?)

 

how can i detect this infection ?

 

i scanned my computer with maleware byte antimaleware and avast but nothing was detected then i used tdsskiller and 2 vbs files were found and deleted, i used roguekiller too and 1 suspicious registry key was found (HKEY_CLASSES_ROOT\CLSID|{08D512D2-7D97-4E22-B7DB-82791106C086}

 

i cleaned the computer with CCleaner and used its registry cleaner

 

what should i do now ?

 

 

FRST64:

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017

Exécuté par User (administrateur) sur DESKTOP-0SGPP16 (21-01-2017 01:45:42)
Exécuté depuis C:\Users\User\Desktop
Profils chargés: User (Profils disponibles: User)
Platform: Windows 10 Pro Version 1511 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
 
==================== Processus (Avec liste blanche) =================
 
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\User\AppData\Local\Google\Chrome\User Data\SwReporter\15.86.0\software_reporter_tool.exe
(Google) C:\Users\User\AppData\Local\Google\Chrome\User Data\SwReporter\15.86.0\software_reporter_tool.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\launcher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.51.2220.53\SZBrowser_autoupdate.exe
 
==================== Registre (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804360 2016-03-17] (NVIDIA Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3233976 2015-07-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-17] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1352496369-2782396021-1339894110-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-1352496369-2782396021-1339894110-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-1352496369-2782396021-1339894110-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [798352 2016-09-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1352496369-2782396021-1339894110-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-1352496369-2782396021-1339894110-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [185632 2016-03-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164008 2016-03-17] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-17] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
 
Tcpip\..\Interfaces\{ac875b40-a087-483b-a3b1-2ab794ed68bf}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{dc11d0c2-0020-4caf-8795-0f0ef4b6f58b}: [NameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-07] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: jl03xlii.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jl03xlii.default [2017-01-21]
FF Extension: (Firefox Hotfix) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jl03xlii.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-25]
FF Extension: (Complete YouTube Saver) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jl03xlii.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2017-01-19]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-17]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKU\S-1-5-21-1352496369-2782396021-1339894110-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\TradeManager\nptrademanager.dll [2016-08-03] ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2016-08-03] ( )
FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\4.0.0.101\npaliedit.dll [2015-03-24] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\4.0.0.101\npAliSecCtrl.dll [2015-03-24] (Alipay.com Inc. )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-07] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1352496369-2782396021-1339894110-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2014-10-08] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-1352496369-2782396021-1339894110-1001: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [Pas de fichier]
FF Plugin HKU\S-1-5-21-1352496369-2782396021-1339894110-1001: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [Pas de fichier]
FF Plugin HKU\S-1-5-21-1352496369-2782396021-1339894110-1001: @alipay.com/npalicert -> C:\Users\User\AppData\Roaming\alipay\cf\npalicdo.dll [2014-10-21] (alipay.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll [2016-08-03] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll [2016-08-03] ( )
 
Chrome: 
=======
CHR Session Restore: Default -> est activé.
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-01-21]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-26]
CHR Extension: (TooManyTabs pour Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2016-12-16]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-26]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-26]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-19]
CHR Extension: (Session Buddy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-11-19]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-18]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-26]
CHR Extension: (EditThisCookie) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-11-03]
CHR Extension: (HTTPS partout) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-12-20]
CHR Extension: (Google Docs hors connexion) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26]
CHR Extension: (Le Camelizer) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2016-11-03]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-31]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-01-17]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-17]
CHR Extension: (Bouton Pin It) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-16]
CHR Extension: (ModHeader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-11-03]
CHR Extension: (Tabli) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\igeehkedfibbnhbfponhjjplpkeomghi [2017-01-17]
CHR Extension: (The Great Suspender) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-07-14]
CHR Extension: (IP Address and Domain Information) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgkegeccnckoiliokondpaaalbhafoa [2016-11-03]
CHR Extension: (Service proxy et VPN Hotspot Shield gratuit - Déblocage de sites) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-01-17]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (TunnelBear VPN) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2017-01-18]
CHR Extension: (GoogleGIFs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommpbgoliokoijimalcokhciffhapkdf [2016-11-03]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-07-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
S4 AliSafeEngine Service; C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe [594080 2016-05-10] (阿里巴巴(中国)有限公司)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2017-01-17] (AVAST Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135352 2015-07-10] (ELAN Microelectronics Corp.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S4 pcas; C:\Program Files (x86)\alipay\aliedit\4.0.0.101\pcas.exe [592856 2015-03-24] (Alipay.com Inc. )
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-09-22] (Sandboxie Holdings, LLC)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S4 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2016-10-12] (Alibaba (China) Co., LTD. All rights reserved.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S4 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2904176 2016-07-14] (Alibaba Group)
S3 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [X]
 
===================== Pilotes (Avec liste blanche) ======================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-17] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-17] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [453192 2017-01-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-17] (AVAST Software)
S3 CH341; C:\Windows\system32\DRIVERS\CH341W64.SYS [31232 2012-10-05] (www.winchiphead.com)
S3 CH341_A64; C:\Windows\System32\Drivers\CH341W64.SYS [31232 2012-10-05] (www.winchiphead.com)
R3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-21] (Malwarebytes)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-09-22] (Sandboxie Holdings, LLC)
R3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2016-06-29] (Seiko Epson Corporation)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-12] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [195424 2016-07-12] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Avec liste blanche) ===================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
 
==================== Un mois - Créés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2017-01-21 01:45 - 2017-01-21 01:45 - 00022732 _____ C:\Users\User\Desktop\FRST.txt
2017-01-21 01:45 - 2017-01-21 01:45 - 00000000 ____D C:\FRST
2017-01-21 01:44 - 2017-01-21 01:22 - 02419712 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-01-21 01:02 - 2017-01-21 01:06 - 00006968 _____ C:\TDSSKiller.3.1.0.12_21.01.2017_01.02.55_log.txt
2017-01-21 00:47 - 2017-01-21 00:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Process Hacker 2
2017-01-21 00:18 - 2017-01-21 00:18 - 00000000 ____D C:\Users\User\Desktop\processhacker-2.39-bin
2017-01-21 00:18 - 2017-01-21 00:18 - 00000000 ____D C:\Users\User\Desktop\Autoruns
2017-01-21 00:09 - 2017-01-21 00:05 - 00380928 _____ C:\Users\User\Desktop\4d489vec.exe
2017-01-21 00:09 - 2017-01-21 00:04 - 03392412 ____N C:\Users\User\Desktop\processhacker-2.39-bin.zip
2017-01-21 00:09 - 2017-01-21 00:04 - 01932769 ____N C:\Users\User\Desktop\ProcessExplorer.zip
2017-01-21 00:09 - 2017-01-21 00:04 - 01304400 ____N C:\Users\User\Desktop\Autoruns.zip
2017-01-19 14:28 - 2017-01-19 14:28 - 00000000 ____D C:\Users\User\Desktop\Nouveau dossier (4)
2017-01-19 09:17 - 2017-01-19 09:17 - 00000000 ____D C:\Windows\LastGood
2017-01-19 04:09 - 2017-01-19 04:09 - 06013964 _____ C:\Users\User\Desktop\[001216].zip
2017-01-18 23:07 - 2017-01-18 23:07 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-18 23:05 - 2017-01-19 03:45 - 00217540 _____ C:\Windows\ntbtlog.txt
2017-01-18 22:46 - 2017-01-18 22:58 - 01541844 _____ C:\TDSSKiller.3.1.0.12_18.01.2017_22.46.02_log.txt
2017-01-18 22:10 - 2017-01-18 22:10 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-01-18 22:08 - 2017-01-18 22:08 - 00194232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-18 18:38 - 2017-01-18 22:07 - 00526802 _____ C:\TDSSKiller.3.1.0.12_18.01.2017_18.38.46_log.txt
2017-01-18 18:00 - 2017-01-18 18:18 - 04747704 _____ (AO Kaspersky Lab) C:\Users\User\Downloads\tdsskiller.exe
2017-01-18 17:52 - 2017-01-18 17:55 - 03134592 _____ (ESET) C:\Users\User\Downloads\eset_internet_security_live_installer.exe
2017-01-18 17:48 - 2017-01-19 09:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-18 17:41 - 2017-01-18 17:55 - 21627976 _____ C:\Users\User\Downloads\RogueKiller.exe
2017-01-18 17:35 - 2017-01-18 17:35 - 00282225 _____ C:\Users\User\Downloads\Non confirmé 461478.crdownload
2017-01-18 17:26 - 2017-01-18 17:27 - 05010288 _____ (Check Point Software Technologies Ltd.) C:\Users\User\Downloads\ZASPSetupWeb_150_139_17085(1).exe
2017-01-18 00:02 - 2017-01-21 01:39 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-18 00:01 - 2017-01-18 00:01 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-18 00:01 - 2017-01-18 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-18 00:01 - 2017-01-18 00:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-18 00:01 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-17 23:59 - 2017-01-17 23:55 - 54199488 _____ (Malwarebytes ) C:\Users\User\Desktop\mb3-setup-35891.35891-3.0.5.1299.exe
2017-01-17 23:26 - 2017-01-17 23:29 - 03504448 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\Non confirmé 308417.crdownload
2017-01-17 23:26 - 2017-01-17 23:29 - 03419624 _____ (Malwarebytes ) C:\Users\User\Downloads\Non confirmé 418195.crdownload
2017-01-17 23:17 - 2017-01-17 23:17 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2017-01-17 23:16 - 2017-01-18 18:43 - 00002367 _____ C:\Users\User\Desktop\Reprendre l'installation de ZoneAlarm Security.lnk
2017-01-17 23:16 - 2017-01-17 23:16 - 00000000 ____D C:\ProgramData\CheckPoint
2017-01-17 23:15 - 2017-01-17 23:16 - 05010288 _____ (Check Point Software Technologies Ltd.) C:\Users\User\Downloads\ZASPSetupWeb_150_139_17085.exe
2017-01-17 20:12 - 2017-01-17 20:12 - 00004046 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1484680315
2017-01-17 20:12 - 2017-01-17 20:12 - 00001088 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-01-17 20:12 - 2017-01-17 20:12 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-17 20:11 - 2017-01-17 20:11 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-01-17 19:53 - 2017-01-17 19:53 - 00000000 ____D C:\Users\User\AppData\Roaming\AVAST Software
2017-01-17 19:52 - 2017-01-17 19:52 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2017-01-17 19:52 - 2017-01-17 19:52 - 00001967 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-01-17 19:51 - 2017-01-19 12:36 - 00004278 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-17 19:51 - 2017-01-17 19:52 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-01-17 19:51 - 2017-01-17 19:52 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-01-17 19:51 - 2017-01-17 19:51 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-01-17 19:51 - 2017-01-17 19:50 - 00453192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-01-17 19:51 - 2017-01-17 19:50 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-17 19:51 - 2017-01-17 19:50 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-01-17 19:51 - 2017-01-17 19:50 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-01-17 19:51 - 2017-01-17 19:50 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-01-17 19:51 - 2017-01-17 19:50 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-01-17 19:51 - 2017-01-17 19:50 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-01-17 19:50 - 2017-01-17 19:50 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2017-01-17 19:40 - 2017-01-17 20:11 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-17 19:37 - 2017-01-17 20:11 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-17 19:36 - 2017-01-17 19:37 - 06306264 _____ (AVAST Software) C:\Users\User\Downloads\avast_internet_security_setup_online.exe
2017-01-17 02:54 - 2017-01-17 02:54 - 00000859 _____ C:\Users\User\Desktop\Start Tor Browser.lnk
2017-01-17 02:23 - 2017-01-17 02:30 - 50706736 _____ C:\Users\User\Downloads\torbrowser-install-6.0.8_en-US.exe
2017-01-13 12:01 - 2017-01-13 12:01 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2017-01-07 01:06 - 2017-01-07 01:07 - 00000000 ____D C:\Users\User\Desktop\PHOTO
2016-12-30 15:42 - 2016-12-30 15:42 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign04510a642116d619
2016-12-30 15:41 - 2016-12-30 15:41 - 00003630 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-0SGPP16-User
2016-12-30 15:41 - 2016-12-30 15:41 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign4c1ac8f5ff3029a7
2016-12-30 15:41 - 2016-12-30 15:41 - 00000000 ____D C:\Users\User\AppData\Local\Tempzxpsign0840c1c97ed753be
2016-12-30 15:40 - 2016-12-30 15:40 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2016-12-30 15:40 - 2016-12-30 15:40 - 00000000 ____D C:\Users\User\Documents\Adobe
2016-12-30 12:58 - 2016-12-30 15:40 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-12-30 12:40 - 2016-12-30 12:40 - 00000000 ____D C:\Program Files\Adobe
2016-12-30 12:39 - 2017-01-18 17:24 - 00000000 ___RD C:\Users\User\Creative Cloud Files
2016-12-30 10:51 - 2016-12-30 10:51 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-12-30 10:51 - 2016-12-30 10:51 - 00001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-12-30 10:48 - 2016-12-30 13:35 - 00000000 ____D C:\ProgramData\Adobe
2016-12-30 10:47 - 2016-12-30 10:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-30 09:57 - 2017-01-21 01:41 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2016-12-30 09:57 - 2016-12-30 09:57 - 00804440 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\CreativeCloudSet-Up.exe
2016-12-30 09:50 - 2016-12-30 09:52 - 00000000 ____D C:\Users\User\Desktop\Nouveau dossier (3)
2016-12-25 01:56 - 2016-12-25 01:56 - 00684940 _____ C:\Users\User\Documents\ordonance.jpg
 
==================== Un mois - Modifiés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2017-01-21 01:38 - 2016-02-13 14:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-21 00:49 - 2016-07-13 10:33 - 00003584 _____ C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-21 00:11 - 2016-05-02 18:10 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-01-21 00:10 - 2016-04-26 18:53 - 00005430 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-21 00:10 - 2016-02-13 13:49 - 02587182 _____ C:\Windows\system32\perfh00C.dat
2017-01-21 00:10 - 2016-02-13 13:49 - 00676310 _____ C:\Windows\system32\perfc00C.dat
2017-01-19 09:19 - 2016-07-13 20:15 - 00000000 ____D C:\Program Files\Recuva
2017-01-19 09:17 - 2016-07-12 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-19 09:16 - 2015-10-30 07:28 - 00786432 ___SH C:\Windows\system32\config\BBI
2017-01-18 22:59 - 2016-10-12 10:33 - 00000000 ____D C:\ProgramData\AliAntiVirusED
2017-01-18 22:10 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2017-01-18 19:00 - 2016-05-02 18:51 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-01-18 17:55 - 2016-04-26 18:55 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2017-01-18 17:16 - 2016-11-13 15:21 - 00002616 _____ C:\Windows\Sandboxie.ini
2017-01-18 02:22 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-18 02:22 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2017-01-17 02:54 - 2016-05-12 10:50 - 00000907 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-01-15 23:36 - 2016-04-26 19:43 - 00000000 ____D C:\Windows\Panther
2017-01-12 21:31 - 2016-04-26 19:33 - 00000000 ____D C:\Windows\system32\MRT
2017-01-12 21:28 - 2016-04-26 19:33 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-12 21:28 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2017-01-10 19:13 - 2016-10-12 10:17 - 00000000 ____D C:\Users\User\AppData\Roaming\TaobaoProtect
2017-01-09 22:29 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\NDF
2017-01-06 23:02 - 2016-11-07 18:04 - 00000000 ____D C:\Users\User\Desktop\pics
2017-01-01 07:22 - 2016-10-12 10:30 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-31 16:59 - 2016-04-26 18:55 - 00524288 ___SH C:\Users\User\NTUSER.DAT{c58209f6-d207-11e5-9166-b2df75528388}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 16:59 - 2016-04-26 18:55 - 00065536 ___SH C:\Users\User\NTUSER.DAT{c58209f6-d207-11e5-9166-b2df75528388}.TM.blf
2016-12-31 12:23 - 2016-04-26 18:55 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2016-12-30 15:40 - 2016-04-26 18:55 - 00000000 ___RD C:\Users\User\Documents
2016-12-30 12:58 - 2015-10-30 07:28 - 00000000 ____D C:\Program Files\Common Files
2016-12-30 12:40 - 2015-10-30 08:24 - 00000000 __SHD C:\Windows\Installer
2016-12-30 10:50 - 2016-07-31 15:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-30 10:49 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-30 10:47 - 2015-10-30 07:28 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-30 09:52 - 2016-11-16 19:44 - 00000000 ____D C:\Users\User\Desktop\0DCIM
2016-12-25 03:27 - 2016-06-03 08:58 - 00000000 ___RD C:\Users\User\Documents\Scanned Documents
2016-12-22 23:48 - 2015-10-30 08:26 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-22 23:48 - 2015-10-30 08:26 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Fichiers à la racine de certains dossiers =======
 
2016-04-29 21:29 - 2016-04-29 21:29 - 0000037 ___SH () C:\Users\User\AppData\Local\20986331705021ca58edc424.96250074
2016-07-13 10:33 - 2017-01-21 00:49 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-13 15:26 - 2016-11-13 15:26 - 0000218 _____ () C:\Users\User\AppData\Local\recently-used.xbel
 
Certains fichiers dans TEMP:
====================
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap ======================
 
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
 
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
 
LastRegBack: 2017-01-15 23:34
 
==================== Fin de FRST.txt ============================

Attached Files


Edited by hadora, 20 January 2017 - 08:10 PM.


BC AdBot (Login to Remove)

 


#2 hadora

hadora
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 20 January 2017 - 08:06 PM

im sorry i forgot to post FRST log



#3 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 22 January 2017 - 10:04 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(it takes a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:



createsrpoint;
filesrcm; 
uninstall-list;
iedefaults;
ffdefaults;
chrdefaults;
emptyclsid;
emptyalltemp;
autoclean;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Copy and paste the log to your next reply please.
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 24 January 2017 - 10:09 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 hadora

hadora
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 26 January 2017 - 06:01 AM

hi sorry for the late reply

here are the logs

 

CLEANUP.TXT :

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
Avast Antivirus    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 91  
 Java version 32-bit out of Date! 
 Mozilla Firefox (47.0.2) 
 Google Chrome (55.0.2883.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

 

 
 
 
ZOEK RESULTS :
 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by User on 26/01/2017 at 11:17:55,06.
Microsoft Windows 10 Professionnel 10.0.10586  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
26/01/2017 11:21:28 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\iMobie deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\Users\Administrateur\AppData\LocalLow deleted successfully
C:\Users\Administrateur\AppData\Local\ActiveSync deleted successfully
C:\Users\User\AppData\Local\ActiveSync deleted successfully
C:\Users\User\AppData\Local\icsxml deleted successfully
C:\Users\User\AppData\Local\Package Cache deleted successfully
C:\Users\User\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jl03xlii.default\prefs.js:
 
Added to C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jl03xlii.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\iMobie not found
C:\PROGRA~2\Free Download Manager deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
"C:\Users\User\AppData\Roaming\DMCache" deleted
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2017-01-17 18:50:45 12EBDA58437CD1EA7066FCB6455241D2 53208 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\User\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2017-01-18 21:08:36 B82175C8BAE718D9AAD2FD67CA6897D1 194232 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2017-01-17 18:51:03 E43AEE6A66067C6535C1F994BCFB93A1 391496 ----a-w- C:\Windows\Sysnative\aswBoot.exe
====== C:\Windows\Sysnative\drivers =====
2017-01-17 23:02:11 ABB371D9AEF728B0489B0E6872B4A1C0 250816 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2017-01-17 23:01:43 4D7F3114147C31390262F19F74E5BF07 77416 ----a-w- C:\Windows\Sysnative\drivers\mbae64.sys
2017-01-17 19:11:37 06362BBA1347CBA0996F4B39BB1D8353 37144 ----a-w- C:\Windows\Sysnative\drivers\aswKbd.sys
2017-01-17 18:51:18 D60D9201739400F0FBDB9E36A3212D91 293352 ----a-w- C:\Windows\Sysnative\drivers\aswvmm.sys
2017-01-17 18:51:18 9C58B6E9663D0A76D00D83E43C765BDF 163416 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys
2017-01-17 18:51:18 9B480B472D6826E7257C90E2D0EE2954 37656 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys
2017-01-17 18:51:18 937885085BFE5BD08EC1BC0245DD203B 74544 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2017-01-17 18:51:18 75325BC6BE15471331FFCEEC14E1DA03 453192 ----a-w- C:\Windows\Sysnative\drivers\aswNetSec.sys
2017-01-17 18:51:18 7010B57D708DA5C9686A5923EE621776 103064 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2017-01-17 18:51:18 28213B34725B18387CC1B8C3D73858A1 513632 ----a-w- C:\Windows\Sysnative\drivers\aswsp.sys
2017-01-17 18:51:18 1BB00571CC2C78463ABD7E9C32970758 108816 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2017-01-17 18:51:18 0B6352251C5D84130DF4252D33D266C2 969184 ----a-w- C:\Windows\Sysnative\drivers\aswsnx.sys
2017-01-13 11:01:03 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_WinUSB_01007.Wdf
====== C:\Windows\Tasks ======
2017-01-18 22:07:33 65F3AC2B12A337F97171F23E9DB17161 214 ----a-w- C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-17 19:12:02 B935AB32B8D1C9C7E2D1ECAAF5D5BC07 4046 ----a-w- C:\Windows\Sysnative\Tasks\SafeZone scheduled Autoupdate 1484680315
2017-01-17 18:51:28 72A4735A9B6BFD372AFD62973CEA514F 4278 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
2016-12-30 14:41:03 90DA141BF023058100AA871957083DBE 3630 ----a-w- C:\Windows\Sysnative\Tasks\AdobeAAMUpdater-1.0-DESKTOP-0SGPP16-User
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-12-30 11:58:19 -------- d-----w- C:\Program Files\Common Files\Adobe
2016-12-30 11:40:09 -------- d---a-w- C:\Program Files\Adobe
======= C:\PROGRA~2 =====
2017-01-17 22:17:20 -------- d-----w- C:\PROGRA~2\CheckPoint
2016-12-30 09:47:42 -------- d-----w- C:\PROGRA~2\Adobe
2016-12-30 09:47:41 -------- d---a-w- C:\PROGRA~2\COMMON~1\Adobe
======= C: =====
====== C:\Users\User\AppData\Roaming ======
2017-01-20 11:41:35 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CrashDumps
2016-12-30 14:42:12 -------- d-----w- C:\Users\User\AppData\Local\Tempzxpsign04510a642116d619
2016-12-30 14:41:21 -------- d-----w- C:\Users\User\AppData\Local\Tempzxpsign4c1ac8f5ff3029a7
2016-12-30 14:41:20 -------- d-----w- C:\Users\User\AppData\Local\Tempzxpsign0840c1c97ed753be
2016-12-30 08:57:46 -------- d-----w- C:\Users\User\AppData\Local\Adobe
====== C:\Users\User ======
2017-01-21 00:44:54 C7A6988D551842145BCD10C386802035 2419712 ----a-w- C:\Users\User\Desktop\FRST64.exe
2017-01-20 23:09:30 E9DC058440D321AA17D0600B3CA0AB04 380928 ----a-w- C:\Users\User\Desktop\4d489vec.exe
2017-01-18 17:00:55 603BDB470FA2F1C5B6CA1BCCDF508A45 4747704 ----a-w- C:\Users\User\Downloads\tdsskiller.exe
2017-01-18 16:41:06 08F76615321957C083D4AA0E79E49086 21627976 ----a-w- C:\Users\User\Downloads\RogueKiller.exe
2017-01-18 16:26:42 AE33E82EF7E83CA84A8D695C3CDA9E1C 5010288 ----a-w- C:\Users\User\Downloads\ZASPSetupWeb_150_139_17085(1).exe
2017-01-17 22:59:16 C5EE10B806249B92666E8AA1415C6FBC 54199488 ----a-w- C:\Users\User\Desktop\mb3-setup-35891.35891-3.0.5.1299.exe
2017-01-17 22:16:56 -------- d-----w- C:\ProgramData\CheckPoint
2017-01-17 22:15:17 AE33E82EF7E83CA84A8D695C3CDA9E1C 5010288 ----a-w- C:\Users\User\Downloads\ZASPSetupWeb_150_139_17085.exe
2017-01-17 18:53:34 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\.oracle_jre_usage
2017-01-17 01:23:51 E09A80C66E7D18A348E6F728CAF115A2 50706736 ----a-w- C:\Users\User\Downloads\torbrowser-install-6.0.8_en-US.exe
2016-12-30 11:39:37 -------- d-----r- C:\Users\User\Creative Cloud Files
2016-12-30 09:48:25 -------- d-----w- C:\ProgramData\Adobe
 
====== C: exe-files ==
2017-01-21 00:44:54 C7A6988D551842145BCD10C386802035 2419712 ----a-w- C:\Users\User\Desktop\FRST64.exe
2017-01-20 23:46:48 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\User\AppData\Local\Temp\76A8DAD5-19DE-4D24-9D22-A3C343ED01D4\DismHost.exe
2017-01-20 23:32:17 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\User\AppData\Local\Temp\DB7D53ED-3182-4F41-A630-FDEDCCB42AC5\DismHost.exe
2017-01-20 23:18:42 DDE1F44789CD50C1F034042D337DEAE3 234528 ----a-w- C:\Users\User\Desktop\processhacker-2.39-bin\x64\peview.exe
2017-01-20 23:18:42 B365AF317AE730A67C936F21432B9C71 1719840 ----a-w- C:\Users\User\Desktop\processhacker-2.39-bin\x64\ProcessHacker.exe
2017-01-20 23:18:42 711BE6337CB78A948F04759A0BD210CE 208928 ----a-w- C:\Users\User\Desktop\processhacker-2.39-bin\x86\peview.exe
2017-01-20 23:18:42 68F9B52895F4D34E74112F3129B3B00D 1464352 ----a-w- C:\Users\User\Desktop\processhacker-2.39-bin\x86\ProcessHacker.exe
2017-01-20 23:18:37 F79AC417D93C32467347AD057764E38C 743600 ------w- C:\Users\User\Desktop\Autoruns\autorunsc64.exe
2017-01-20 23:18:37 D510609047DEE6DF0A5DDBF84EA196FB 629928 ------w- C:\Users\User\Desktop\Autoruns\autorunsc.exe
2017-01-20 23:18:37 3D5554237D26BEE4B146193121FEA746 843440 ------w- C:\Users\User\Desktop\Autoruns\Autoruns64.exe
2017-01-20 23:18:37 088E659223761E033284CE23CABFF819 715424 ------w- C:\Users\User\Desktop\Autoruns\Autoruns.exe
2017-01-20 23:09:30 E9DC058440D321AA17D0600B3CA0AB04 380928 ----a-w- C:\Users\User\Desktop\4d489vec.exe
=== C: other files ==
2017-01-20 23:18:42 6365FE1D37545C71CBE2719AC7831BDD 41624 ----a-w- C:\Users\User\Desktop\processhacker-2.39-bin\x86\kprocesshacker.sys
2017-01-20 23:18:42 1B5C3C458E31BEDE55145D0644E88D75 45208 ----a-w- C:\Users\User\Desktop\processhacker-2.39-bin\x64\kprocesshacker.sys
2017-01-20 23:09:42 A822B9E6EEDF69211013E192967BF523 56584 ----a-w- C:\Users\User\AppData\Local\Temp\agtdyfob.sys
2017-01-20 23:09:25 4D96F8E2BAD1AD13DB934209A7036372 1304400 ------w- C:\Users\User\Desktop\Autoruns.zip
2017-01-20 23:09:20 B444CF14642CE9B8D75E079166A5DF0B 3392412 ------w- C:\Users\User\Desktop\processhacker-2.39-bin.zip
2017-01-20 23:09:17 04DDA981386F30030004A91C4014723A 1932769 ------w- C:\Users\User\Desktop\ProcessExplorer.zip
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jl03xlii.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [17/01/2017 19:51]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [17/01/2017 19:51]
 


#6 hadora

hadora
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 26 January 2017 - 07:07 AM

concerning zoek tool i was only able to copy paste a part of the log

 

i waited more than 2 hours but it seem that zoek is stuck at "FireFox extensions" and i'm still waiting for the analysis to complete

 

is this normal ?


Edited by hadora, 26 January 2017 - 07:12 AM.


#7 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 26 January 2017 - 07:26 AM

Hello again,

last week another user had Problems with this tool.

Leave ZOEK alone and follow these steps:


:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---


:step4: How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 29 January 2017 - 10:38 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:21 PM

Posted 01 February 2017 - 02:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users