Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website redirected to information4all.com


  • This topic is locked This topic is locked
6 replies to this topic

#1 ozstrik3r69

ozstrik3r69

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 31 May 2017 - 09:08 PM

Dears good evening,
 
I came on this forum asking for a huge help.
 
Since few days I try to open my website on my computer and unfortunately after few second I am redirected to a website (a java update *Fake*) with the following link :
 
hxxttp://information4all.loan/xxx/?zjzpLT
<script src="hxxttp://www.weebly.com/uploads/1/0/2/5/10251423/arb.facebook_future_0.2.js"> </script>
I tried already to clean my computer :
* CCleaner
* Malwarebyte
* Spybot
and so on. But till now nothing fixed this issue.
 
I was even wondering if it was not my blog who was infected.
Normally my blog is hxxttp://www.clubedafraldinha.com(maternity blog)
 
If someone can help me please i will be very grateful
In advance thank you
 
Ozstrik3r69

Attached Files


Edited by nasdaq, 03 June 2017 - 08:19 AM.
Blog obfuscated.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 AM

Posted 02 June 2017 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

#3 ozstrik3r69

ozstrik3r69
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 02 June 2017 - 09:31 PM

Dear Nasdaq good evening.

 

please find enclosed reports :

 

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2017
Exécuté par Santos (administrateur) sur DESKTOP-1GBIL98 (02-06-2017 23:20:07)
Exécuté depuis C:\Users\Santos\Downloads
Profils chargés: Santos (Profils disponibles: Santos)
Platform: Windows 10 Home Version 1511 (X64) Langue: Francês (França)
Internet Explorer Version 11 (Navigateur par défaut: Edge)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\ASUS\CxUtilSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\ASUS\SmartAudio3.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(ultracopier.first-world.info) C:\Program Files\Supercopier\supercopier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
Impossible d'accéder au processus -> McTkSchedulerService.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe

==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [CXAPOAgent] => C:\Windows\System32\CXAPOAgent64.exe [788672 2015-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\Conexant\SA3\ASUS\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files (x86)\Iphone\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [330240 2015-02-26] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3422915452-2330799525-1443206229-1001\...\Run: [ultracopier] => C:\Program Files\Supercopier\supercopier.exe [1144320 2016-01-01] (ultracopier.first-world.info)
HKU\S-1-5-21-3422915452-2330799525-1443206229-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9772248 2017-05-05] (Piriform Ltd)
HKU\S-1-5-21-3422915452-2330799525-1443206229-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3422915452-2330799525-1443206229-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3422915452-2330799525-1443206229-1001\...\Run: [EPLTarget\P0000000000000003] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIN8E.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3422915452-2330799525-1443206229-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIPCE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3422915452-2330799525-1443206229-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2016-10-25] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Pas de fichier
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{61e1bf40-8e9e-486a-86d6-102a7f3ceede}: [DhcpNameServer] 40.51.1.11
Tcpip\..\Interfaces\{650bf2e2-bf04-4738-a991-4b1895f45376}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3422915452-2330799525-1443206229-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-3422915452-2330799525-1443206229-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3422915452-2330799525-1443206229-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3422915452-2330799525-1443206229-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-15] (Microsoft Corporation)
BHO: Pas de nom -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> Pas de fichier
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-15] (Microsoft Corporation)
Toolbar: HKLM - Pas de nom - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  Pas de fichier
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: vk3tacuo.default
FF ProfilePath: C:\Users\Santos\AppData\Roaming\Mozilla\Firefox\Profiles\vk3tacuo.default [2017-05-24]
FF Homepage: Mozilla\Firefox\Profiles\vk3tacuo.default -> hxxp://www.google.com/
FF Extension: (Adblock Plus) - C:\Users\Santos\AppData\Roaming\Mozilla\Firefox\Profiles\vk3tacuo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-09-01]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [111416 2015-06-26] (ASUSTek Computer Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [326392 2015-12-03] (Windows ® Win 7 DDK provider)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-15] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-31] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\ASUS\CxUtilSvc.exe [135288 2015-08-08] (Conexant Systems, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1407144 2015-08-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373744 2015-12-25] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-21] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [330240 2015-02-26] () [Fichier non signé]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-02-26] () [Fichier non signé]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe [133480 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [Fichier non signé]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [Fichier non signé]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-08-25] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-08-25] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-04-28] (Microsoft Corporation)

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S3 AsusSGDrv; C:\Windows\system32\DRIVERS\AsusSGDrv.sys [141304 2015-12-18] (ASUS Corporation)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314128 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-05-15] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-05-15] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-05-15] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [570320 2017-05-15] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340824 2017-05-15] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.)
R3 cx2072x; C:\Windows\system32\DRIVERS\cx2072x.sys [60408 2015-12-07] (Conexant System, Inc.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2015-08-11] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-08-11] (Intel Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [251384 2015-08-11] (Intel Corporation)
R3 iagpioe; C:\Windows\System32\drivers\iagpioe.sys [41984 2015-12-27] (Intel® Corporation)
R3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [90104 2015-10-19] (Intel® Corporation)
R3 iaspie; C:\Windows\System32\drivers\iaspie.sys [62976 2015-06-23] (Intel® Corporation)
R3 iauarte; C:\Windows\System32\drivers\iauarte.sys [103936 2015-06-24] (Intel® Corporation)
R3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [7339504 2015-12-25] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [705024 2015-12-09] ()
R0 MBI; C:\Windows\System32\drivers\MBI.sys [32736 2015-06-23] (Intel® Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [100864 2015-09-30] (Intel® Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2401720 2016-08-11] (Qualcomm Atheros, Inc.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [148280 2015-07-02] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-05-23] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-23] (Zemana Ltd.)
U0 msahci; system32\drivers\msahci.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-06-02 23:20 - 2017-06-02 23:21 - 00019165 _____ C:\Users\Santos\Downloads\FRST.txt
2017-06-02 23:19 - 2017-06-02 23:20 - 00000000 ____D C:\FRST
2017-06-02 23:17 - 2017-06-02 23:17 - 00002560 _____ C:\Windows\system32\Drivers\201762_231736868_CheckPoint_Dump.txt
2017-06-02 23:17 - 2017-06-02 23:17 - 00000256 _____ C:\Windows\system32\Drivers\201762_231736868_SHIM_Dump.txt
2017-06-02 21:41 - 2017-06-02 23:19 - 02433536 _____ (Farbar) C:\Users\Santos\Downloads\FRST64.exe
2017-06-02 16:34 - 2017-06-02 16:34 - 00056880 _____ C:\Users\Santos\Downloads\F983C616-5985-4B4E-9AE0-82715D0BD1BD.pdf
2017-06-02 09:17 - 2017-06-02 09:17 - 23915368 _____ C:\Users\Santos\Downloads\FacebookAutomation.rar
2017-05-31 08:56 - 2017-05-31 08:56 - 00002560 _____ C:\Windows\system32\Drivers\2017531_85616462_CheckPoint_Dump.txt
2017-05-31 08:56 - 2017-05-31 08:56 - 00000256 _____ C:\Windows\system32\Drivers\2017531_85616462_SHIM_Dump.txt
2017-05-29 22:27 - 2017-05-29 22:27 - 00002560 _____ C:\Windows\system32\Drivers\2017529_222756207_CheckPoint_Dump.txt
2017-05-29 22:27 - 2017-05-29 22:27 - 00000256 _____ C:\Windows\system32\Drivers\2017529_222756207_SHIM_Dump.txt
2017-05-27 13:09 - 2017-05-27 13:09 - 00002560 _____ C:\Windows\system32\Drivers\2017527_13919293_CheckPoint_Dump.txt
2017-05-27 13:09 - 2017-05-27 13:09 - 00000256 _____ C:\Windows\system32\Drivers\2017527_13919293_SHIM_Dump.txt
2017-05-25 14:03 - 2017-05-25 14:03 - 00341160 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-25 14:03 - 2017-05-25 14:03 - 00002560 _____ C:\Windows\system32\Drivers\2017525_14319854_CheckPoint_Dump.txt
2017-05-25 14:03 - 2017-05-25 14:03 - 00000256 _____ C:\Windows\system32\Drivers\2017525_14319854_SHIM_Dump.txt
2017-05-23 23:21 - 2017-05-23 23:21 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-23 23:21 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-05-23 23:00 - 2016-12-21 22:15 - 00000862 _____ C:\Windows\system32\Drivers\etc\hosts.20170523-230055.backup
2017-05-23 21:40 - 2017-05-23 21:40 - 00002560 _____ C:\Windows\system32\Drivers\2017523_21404514_CheckPoint_Dump.txt
2017-05-23 21:40 - 2017-05-23 21:40 - 00000256 _____ C:\Windows\system32\Drivers\2017523_21404514_SHIM_Dump.txt
2017-05-23 21:19 - 2017-05-23 22:44 - 00000000 ____D C:\Program Files (x86)\PCFixKit
2017-05-23 21:19 - 2017-05-23 21:19 - 00000000 ____D C:\Users\Santos\AppData\Roaming\PCFixKit
2017-05-23 21:18 - 2017-05-23 21:19 - 02266000 _____ (www.PCFixKit.com ) C:\Users\Santos\Downloads\PCFixKit_Setup.exe
2017-05-23 21:15 - 2017-05-23 21:15 - 00002560 _____ C:\Windows\system32\Drivers\2017523_211520570_CheckPoint_Dump.txt
2017-05-23 21:15 - 2017-05-23 21:15 - 00000256 _____ C:\Windows\system32\Drivers\2017523_211520570_SHIM_Dump.txt
2017-05-23 21:10 - 2017-05-23 21:10 - 02126848 _____ C:\Users\Santos\Downloads\adwcleaner-4-111-multi-win.exe
2017-05-23 21:06 - 2017-05-23 21:06 - 00000000 ____D C:\Program Files\HitmanPro
2017-05-23 21:05 - 2017-05-23 21:27 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-23 21:03 - 2017-06-02 23:21 - 00054552 _____ C:\Windows\ZAM.krnl.trace
2017-05-23 21:03 - 2017-06-02 23:21 - 00020099 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-23 21:03 - 2017-05-23 21:03 - 14554768 _____ (Copyright 2017.) C:\Users\Santos\Downloads\Zemana.AntiMalware.Portable (1).exe
2017-05-23 21:03 - 2017-05-23 21:03 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-05-23 21:03 - 2017-05-23 21:03 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-05-23 21:03 - 2017-05-23 21:03 - 00000000 ____D C:\Users\Santos\AppData\Local\Zemana
2017-05-23 21:02 - 2017-05-23 21:03 - 14554768 _____ (Copyright 2017.) C:\Users\Santos\Downloads\Zemana.AntiMalware.Portable.exe
2017-05-23 21:00 - 2017-05-23 21:05 - 11584088 _____ (SurfRight B.V.) C:\Users\Santos\Downloads\hitmanpro_x64.exe
2017-05-23 20:52 - 2017-05-23 20:52 - 00002560 _____ C:\Windows\system32\Drivers\2017523_20523604_CheckPoint_Dump.txt
2017-05-23 20:52 - 2017-05-23 20:52 - 00000256 _____ C:\Windows\system32\Drivers\2017523_20523604_SHIM_Dump.txt
2017-05-22 23:22 - 2017-05-22 23:22 - 00002560 _____ C:\Windows\system32\Drivers\2017522_232239519_CheckPoint_Dump.txt
2017-05-22 23:22 - 2017-05-22 23:22 - 00000256 _____ C:\Windows\system32\Drivers\2017522_232239519_SHIM_Dump.txt
2017-05-22 22:54 - 2017-05-22 22:54 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-05-22 22:53 - 2017-05-24 06:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-22 22:53 - 2017-05-23 23:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-22 22:53 - 2017-05-22 22:53 - 00001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-22 22:53 - 2017-05-22 22:53 - 00001454 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-22 22:53 - 2017-05-22 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-22 22:53 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-05-22 22:51 - 2017-05-22 22:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Santos\Downloads\spybot-2.4.exe
2017-05-22 13:49 - 2017-05-22 13:49 - 00002560 _____ C:\Windows\system32\Drivers\2017522_134916653_CheckPoint_Dump.txt
2017-05-22 13:49 - 2017-05-22 13:49 - 00000256 _____ C:\Windows\system32\Drivers\2017522_134916653_SHIM_Dump.txt
2017-05-19 14:34 - 2017-05-19 14:34 - 00002560 _____ C:\Windows\system32\Drivers\2017519_143419445_CheckPoint_Dump.txt
2017-05-19 14:34 - 2017-05-19 14:34 - 00000256 _____ C:\Windows\system32\Drivers\2017519_143419445_SHIM_Dump.txt
2017-05-18 17:59 - 2017-05-18 17:59 - 00002560 _____ C:\Windows\system32\Drivers\2017518_175934283_CheckPoint_Dump.txt
2017-05-18 17:59 - 2017-05-18 17:59 - 00000256 _____ C:\Windows\system32\Drivers\2017518_175934283_SHIM_Dump.txt
2017-05-17 19:39 - 2017-05-17 19:39 - 00002560 _____ C:\Windows\system32\Drivers\2017517_193928491_CheckPoint_Dump.txt
2017-05-17 19:39 - 2017-05-17 19:39 - 00000256 _____ C:\Windows\system32\Drivers\2017517_193928491_SHIM_Dump.txt
2017-05-16 08:08 - 2017-05-16 08:08 - 00002560 _____ C:\Windows\system32\Drivers\2017516_8820548_CheckPoint_Dump.txt
2017-05-16 08:08 - 2017-05-16 08:08 - 00000256 _____ C:\Windows\system32\Drivers\2017516_8820548_SHIM_Dump.txt
2017-05-15 22:13 - 2017-05-15 22:14 - 00000000 ____D C:\Users\Santos\AppData\LocalLow\Mozilla
2017-05-15 22:13 - 2017-05-15 22:13 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-15 22:13 - 2017-05-15 22:13 - 00001222 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-15 22:13 - 2017-05-15 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-15 21:48 - 2017-05-15 21:48 - 00002560 _____ C:\Windows\system32\Drivers\2017515_214859828_CheckPoint_Dump.txt
2017-05-15 21:48 - 2017-05-15 21:48 - 00000256 _____ C:\Windows\system32\Drivers\2017515_214859875_SHIM_Dump.txt
2017-05-15 20:25 - 2017-05-15 20:25 - 00000000 ____D C:\Users\Santos\AppData\Roaming\AVG
2017-05-15 20:24 - 2017-06-02 20:24 - 00004282 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-05-15 20:23 - 2017-05-15 20:23 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-05-15 20:23 - 2017-05-15 20:23 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-05-15 20:23 - 2017-05-15 20:23 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-05-15 20:23 - 2017-05-15 20:23 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-05-15 20:23 - 2017-05-15 20:23 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-05-15 20:23 - 2017-05-15 20:23 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-05-15 20:23 - 2017-05-15 20:22 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-05-15 20:23 - 2017-05-15 20:22 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-05-15 20:23 - 2017-05-15 20:22 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-05-15 20:23 - 2017-05-15 20:22 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-05-15 20:23 - 2017-05-15 20:22 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-05-15 20:23 - 2017-05-15 20:22 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-05-15 20:20 - 2017-05-31 22:46 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-15 20:20 - 2017-05-31 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-15 20:18 - 2017-06-02 08:22 - 00003668 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-15 20:18 - 2017-05-15 20:21 - 00000000 ____D C:\Program Files (x86)\AVG
2017-05-15 20:09 - 2017-05-15 21:31 - 00000000 ____D C:\ProgramData\Avg
2017-05-15 20:09 - 2017-05-15 20:20 - 00000000 ____D C:\Users\Santos\AppData\Local\AvgSetupLog
2017-05-15 20:09 - 2017-05-15 20:09 - 00000000 ____D C:\Users\Santos\AppData\Local\Avg
2017-05-15 20:01 - 2017-05-15 20:01 - 00002560 _____ C:\Windows\system32\Drivers\2017515_20124815_CheckPoint_Dump.txt
2017-05-15 20:01 - 2017-05-15 20:01 - 00000256 _____ C:\Windows\system32\Drivers\2017515_20124815_SHIM_Dump.txt
2017-05-15 18:18 - 2017-05-15 18:18 - 00002560 _____ C:\Windows\system32\Drivers\2017515_181834278_CheckPoint_Dump.txt
2017-05-15 18:18 - 2017-05-15 18:18 - 00000256 _____ C:\Windows\system32\Drivers\2017515_181834325_SHIM_Dump.txt
2017-05-15 13:57 - 2017-05-15 13:57 - 00002560 _____ C:\Windows\system32\Drivers\2017515_135757861_CheckPoint_Dump.txt
2017-05-15 13:57 - 2017-05-15 13:57 - 00000256 _____ C:\Windows\system32\Drivers\2017515_135757861_SHIM_Dump.txt
2017-05-15 10:12 - 2017-05-15 10:12 - 00002560 _____ C:\Windows\system32\Drivers\2017515_101249819_CheckPoint_Dump.txt
2017-05-15 10:12 - 2017-05-15 10:12 - 00000256 _____ C:\Windows\system32\Drivers\2017515_101249819_SHIM_Dump.txt
2017-05-13 16:35 - 2017-05-13 16:35 - 00002560 _____ C:\Windows\system32\Drivers\2017513_163533512_CheckPoint_Dump.txt
2017-05-13 16:35 - 2017-05-13 16:35 - 00000256 _____ C:\Windows\system32\Drivers\2017513_163533512_SHIM_Dump.txt
2017-05-12 16:16 - 2017-05-12 16:16 - 00002560 _____ C:\Windows\system32\Drivers\2017512_161618327_CheckPoint_Dump.txt
2017-05-12 16:16 - 2017-05-12 16:16 - 00000256 _____ C:\Windows\system32\Drivers\2017512_161618327_SHIM_Dump.txt
2017-05-10 19:55 - 2017-05-10 19:55 - 00002560 _____ C:\Windows\system32\Drivers\2017510_195510637_CheckPoint_Dump.txt
2017-05-10 19:55 - 2017-05-10 19:55 - 00000256 _____ C:\Windows\system32\Drivers\2017510_195510637_SHIM_Dump.txt
2017-05-09 15:54 - 2017-04-28 00:59 - 01862000 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2017-05-09 15:54 - 2017-04-28 00:59 - 00602256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-09 15:54 - 2017-04-28 00:31 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-05-09 15:54 - 2017-04-28 00:25 - 06536248 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2017-05-09 15:54 - 2017-04-28 00:04 - 00881664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-05-09 15:54 - 2017-04-27 23:57 - 01813408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-09 15:54 - 2017-04-27 23:57 - 00959144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-09 15:54 - 2017-04-27 23:56 - 02945648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-09 15:54 - 2017-04-27 23:56 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-05-09 15:54 - 2017-04-27 23:53 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-05-09 15:54 - 2017-04-27 23:52 - 05240448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2017-05-09 15:54 - 2017-04-27 23:45 - 01536600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-09 15:54 - 2017-04-27 23:19 - 01370224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-09 15:54 - 2017-04-27 23:16 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-05-09 15:54 - 2017-04-27 23:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-05-09 15:54 - 2017-04-27 22:59 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-05-09 15:54 - 2017-04-27 22:58 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2017-05-09 15:54 - 2017-04-27 22:50 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-05-09 15:54 - 2017-04-27 22:39 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2017-05-09 15:54 - 2017-04-27 22:23 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-05-09 15:54 - 2017-04-27 22:21 - 00256512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2017-05-09 15:54 - 2017-04-27 22:21 - 00205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oemlicense.dll
2017-05-09 15:54 - 2017-04-27 22:19 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-05-09 15:54 - 2017-04-27 22:19 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-05-09 15:54 - 2017-04-27 22:15 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2017-05-09 15:54 - 2017-04-27 22:11 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2017-05-09 15:54 - 2017-04-27 22:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2017-05-09 15:54 - 2017-04-27 22:07 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2017-05-09 15:54 - 2017-04-27 22:04 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-09 15:54 - 2017-04-27 22:01 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-05-09 15:54 - 2017-04-27 21:57 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2017-05-09 15:54 - 2017-04-27 21:55 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-09 15:54 - 2017-04-27 21:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-09 15:54 - 2017-04-27 21:51 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-09 15:54 - 2017-04-27 21:49 - 00805888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2017-05-09 15:54 - 2017-04-27 21:47 - 03695104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-05-09 15:54 - 2017-04-27 21:47 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-05-09 15:54 - 2017-04-27 21:46 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licensingdiag.exe
2017-05-09 15:54 - 2017-04-27 21:32 - 04078080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2017-05-09 15:54 - 2017-04-27 21:25 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-09 15:54 - 2017-04-27 21:22 - 04412928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-05-09 15:54 - 2017-04-27 21:22 - 02878976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-09 15:54 - 2017-04-27 21:21 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-05-09 15:54 - 2017-04-27 21:20 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2017-05-09 15:54 - 2017-04-27 21:19 - 06296064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2017-05-09 15:54 - 2017-04-27 21:06 - 04404736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2017-05-09 15:54 - 2017-04-27 21:04 - 02911744 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2017-05-09 15:54 - 2017-04-27 20:57 - 02604032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2017-05-09 15:54 - 2017-04-27 20:55 - 00339456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-09 15:54 - 2017-04-27 20:29 - 00461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-05-09 15:53 - 2017-04-28 01:30 - 01997840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-09 15:53 - 2017-04-28 01:30 - 00800080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-09 15:53 - 2017-04-28 00:59 - 01558280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-09 15:53 - 2017-04-28 00:38 - 01060432 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-05-09 15:53 - 2017-04-28 00:28 - 22560744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-05-09 15:53 - 2017-04-28 00:27 - 06604992 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2017-05-09 15:53 - 2017-04-27 23:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-05-09 15:53 - 2017-04-27 23:24 - 00824320 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2017-05-09 15:53 - 2017-04-27 22:40 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2017-05-09 15:53 - 2017-04-27 22:35 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-09 15:53 - 2017-04-27 22:35 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-09 15:53 - 2017-04-27 22:00 - 05123072 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2017-05-09 15:53 - 2017-04-27 21:44 - 07977984 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2017-05-09 15:53 - 2017-04-27 21:25 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-05-09 15:53 - 2017-04-27 20:58 - 00821248 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2017-05-09 15:53 - 2017-04-27 20:57 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-05-09 15:53 - 2017-04-27 20:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-05-09 15:52 - 2017-04-28 01:30 - 07465816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-09 15:52 - 2017-04-28 01:30 - 02656960 _____ C:\Windows\system32\CoreUIComponents.dll
2017-05-09 15:52 - 2017-04-28 01:30 - 01098640 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2017-05-09 15:52 - 2017-04-28 01:08 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2017-05-09 15:52 - 2017-04-28 00:32 - 02608912 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-09 15:52 - 2017-04-28 00:32 - 01323272 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-09 15:52 - 2017-04-28 00:31 - 03699280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-09 15:52 - 2017-04-28 00:31 - 00026464 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2017-05-09 15:52 - 2017-04-28 00:23 - 00609056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-05-09 15:52 - 2017-04-28 00:20 - 01848584 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-09 15:52 - 2017-04-27 23:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2017-05-09 15:52 - 2017-04-27 23:15 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-09 15:52 - 2017-04-27 23:11 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-09 15:52 - 2017-04-27 23:05 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-05-09 15:52 - 2017-04-27 23:03 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2017-05-09 15:52 - 2017-04-27 23:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\oemlicense.dll
2017-05-09 15:52 - 2017-04-27 23:01 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.ps.dll
2017-05-09 15:52 - 2017-04-27 22:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-09 15:52 - 2017-04-27 22:55 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-09 15:52 - 2017-04-27 22:54 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-05-09 15:52 - 2017-04-27 22:53 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-09 15:52 - 2017-04-27 22:52 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-09 15:52 - 2017-04-27 22:51 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2017-05-09 15:52 - 2017-04-27 22:50 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-05-09 15:52 - 2017-04-27 22:46 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-09 15:52 - 2017-04-27 22:41 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-09 15:52 - 2017-04-27 22:38 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-05-09 15:52 - 2017-04-27 22:33 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2017-05-09 15:52 - 2017-04-27 22:32 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-09 15:52 - 2017-04-27 22:31 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-09 15:52 - 2017-04-27 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-09 15:52 - 2017-04-27 22:30 - 00602624 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-09 15:52 - 2017-04-27 22:29 - 02127872 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-09 15:52 - 2017-04-27 22:28 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-09 15:52 - 2017-04-27 22:26 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-05-09 15:52 - 2017-04-27 22:24 - 01752576 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-09 15:52 - 2017-04-27 22:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2017-05-09 15:52 - 2017-04-27 22:15 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-09 15:52 - 2017-04-27 22:15 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-09 15:52 - 2017-04-27 22:13 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-09 15:52 - 2017-04-27 22:11 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-05-09 15:52 - 2017-04-27 22:07 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-09 15:52 - 2017-04-27 21:56 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-09 15:52 - 2017-04-27 21:55 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-09 15:52 - 2017-04-27 21:54 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-09 15:52 - 2017-04-27 21:53 - 01729536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-09 15:52 - 2017-04-27 21:50 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-09 15:52 - 2017-04-27 21:47 - 03404800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-09 15:52 - 2017-04-27 21:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2017-05-09 15:52 - 2017-04-27 21:36 - 16985600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-05-09 15:52 - 2017-04-27 21:27 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-09 15:52 - 2017-04-27 21:16 - 22375424 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-05-09 15:52 - 2017-04-27 21:12 - 04889600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-09 15:52 - 2017-04-27 21:11 - 06312448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2017-05-09 15:52 - 2017-04-27 21:09 - 13393920 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-09 15:52 - 2017-04-27 21:06 - 12139008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-09 15:52 - 2017-04-27 21:05 - 24605184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-09 15:52 - 2017-04-27 21:04 - 19344896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-09 15:52 - 2017-04-27 21:04 - 03660288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-09 15:52 - 2017-04-27 21:03 - 18673152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-05-09 15:52 - 2017-04-27 20:50 - 07853568 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-05-09 15:52 - 2017-04-27 20:47 - 05670912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-05-09 15:51 - 2017-04-28 01:32 - 01030416 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-09 15:51 - 2017-04-28 01:30 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-09 15:51 - 2017-04-28 01:27 - 00754664 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-05-09 15:51 - 2017-04-28 00:28 - 00566104 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-05-09 15:51 - 2017-04-28 00:26 - 01540224 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-05-09 15:51 - 2017-04-28 00:26 - 00692136 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-05-09 15:51 - 2017-04-28 00:24 - 01128104 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-05-09 15:51 - 2017-04-28 00:24 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2017-05-09 15:51 - 2017-04-27 23:53 - 01987424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-09 15:51 - 2017-04-27 23:52 - 01594928 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-09 15:51 - 2017-04-27 23:23 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2017-05-09 15:51 - 2017-04-27 23:13 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2017-05-09 15:51 - 2017-04-27 22:55 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2017-05-09 15:51 - 2017-04-27 22:53 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-09 15:51 - 2017-04-27 22:51 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2017-05-09 15:51 - 2017-04-27 22:49 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2017-05-09 15:51 - 2017-04-27 22:45 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2017-05-09 15:51 - 2017-04-27 22:38 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-05-09 15:51 - 2017-04-27 22:32 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Bluetooth.dll
2017-05-09 15:51 - 2017-04-27 22:31 - 00584704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2017-05-09 15:51 - 2017-04-27 22:31 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2017-05-09 15:51 - 2017-04-27 22:28 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-05-09 15:51 - 2017-04-27 22:20 - 04456448 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-05-09 15:51 - 2017-04-27 22:19 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\licensingdiag.exe
2017-05-09 15:51 - 2017-04-27 22:03 - 03586048 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-05-09 15:51 - 2017-04-27 22:03 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-05-09 15:51 - 2017-04-27 21:47 - 04826624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-05-09 15:51 - 2017-04-27 21:35 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-05-09 15:51 - 2017-04-27 21:08 - 03993600 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-05-09 15:51 - 2017-04-27 21:04 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-09 15:51 - 2017-04-27 20:45 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2017-05-09 14:59 - 2017-05-09 14:59 - 00002560 _____ C:\Windows\system32\Drivers\201759_14590106_CheckPoint_Dump.txt
2017-05-09 14:59 - 2017-05-09 14:59 - 00000256 _____ C:\Windows\system32\Drivers\201759_14590106_SHIM_Dump.txt
2017-05-07 19:27 - 2017-05-07 19:27 - 00000769 _____ C:\Users\Santos\Desktop\Documentos - Atalho.lnk
2017-05-07 10:21 - 2017-06-02 23:21 - 00000951 _____ C:\Windows\Tasks\EPSON L375 Series Update {396B978A-B959-4C2B-8EF2-5843952F1C19}.job
2017-05-07 10:21 - 2017-05-07 10:21 - 00004144 _____ C:\Windows\System32\Tasks\EPSON L375 Series Update {396B978A-B959-4C2B-8EF2-5843952F1C19}
2017-05-06 16:47 - 2017-05-06 16:47 - 00002560 _____ C:\Windows\system32\Drivers\201756_16472104_CheckPoint_Dump.txt
2017-05-06 16:47 - 2017-05-06 16:47 - 00000256 _____ C:\Windows\system32\Drivers\201756_16472104_SHIM_Dump.txt
2017-05-05 11:02 - 2017-05-05 11:02 - 00002560 _____ C:\Windows\system32\Drivers\201755_11210872_CheckPoint_Dump.txt
2017-05-05 11:02 - 2017-05-05 11:02 - 00000256 _____ C:\Windows\system32\Drivers\201755_11210888_SHIM_Dump.txt
2017-05-04 16:15 - 2017-05-04 16:15 - 00002560 _____ C:\Windows\system32\Drivers\201754_161551991_CheckPoint_Dump.txt
2017-05-04 16:15 - 2017-05-04 16:15 - 00000256 _____ C:\Windows\system32\Drivers\201754_161551991_SHIM_Dump.txt

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-06-02 23:19 - 2016-10-07 22:05 - 00000000 ___RD C:\Users\Santos\Google Drive
2017-06-02 23:18 - 2016-02-29 08:48 - 00000000 __SHD C:\Users\Santos\IntelGraphicsProfiles
2017-06-02 23:18 - 2016-02-29 08:45 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-02 23:17 - 2015-11-24 01:49 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-02 18:31 - 2016-02-29 07:27 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-06-02 17:11 - 2016-08-30 23:32 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D741AF11-C8EE-44EF-A8A6-908AA824C32C}
2017-06-02 09:45 - 2016-10-21 18:01 - 00000000 ____D C:\Windows\Minidump
2017-06-02 08:54 - 2016-02-29 08:48 - 00000000 ____D C:\Users\Santos\AppData\Local\Packages
2017-06-02 08:28 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\AppReadiness
2017-05-31 22:50 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-31 22:47 - 2016-10-07 22:41 - 02345562 _____ C:\Windows\system32\prfh0416.dat
2017-05-31 22:47 - 2016-10-07 22:41 - 01395628 _____ C:\Windows\system32\prfc0416.dat
2017-05-31 22:47 - 2015-11-24 09:32 - 02368746 _____ C:\Windows\system32\perfh013.dat
2017-05-31 22:47 - 2015-11-24 09:32 - 01400676 _____ C:\Windows\system32\perfc013.dat
2017-05-31 22:47 - 2015-11-24 09:18 - 02373736 _____ C:\Windows\system32\perfh00C.dat
2017-05-31 22:47 - 2015-11-24 09:18 - 01396580 _____ C:\Windows\system32\perfc00C.dat
2017-05-31 22:47 - 2015-11-24 09:11 - 02324624 _____ C:\Windows\system32\perfh007.dat
2017-05-31 22:47 - 2015-11-24 09:11 - 01396460 _____ C:\Windows\system32\perfc007.dat
2017-05-31 22:47 - 2015-11-24 01:55 - 00005558 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-31 00:43 - 2015-10-30 03:28 - 01310720 ___SH C:\Windows\system32\config\BBI
2017-05-31 00:09 - 2015-11-24 02:08 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-30 00:56 - 2016-02-29 08:48 - 00000000 ____D C:\Users\Santos
2017-05-29 22:51 - 2016-10-07 22:05 - 00001777 _____ C:\Users\Santos\Desktop\Google Drive.lnk
2017-05-27 00:04 - 2017-01-27 15:46 - 00003292 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-27 00:04 - 2016-02-29 08:51 - 00002378 _____ C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-27 00:04 - 2016-02-29 08:51 - 00000000 ___RD C:\Users\Santos\OneDrive
2017-05-26 23:00 - 2015-10-30 04:21 - 00000000 ____D C:\Windows\INF
2017-05-22 23:36 - 2016-09-07 16:48 - 00000000 ____D C:\Windows\system32\MRT
2017-05-22 23:33 - 2016-09-07 16:48 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-22 22:38 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-22 22:38 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-17 19:39 - 2015-11-24 02:07 - 00000424 _____ C:\Windows\Tasks\WpsUpdateTask_Administrator.job
2017-05-17 19:39 - 2015-11-24 02:07 - 00000424 _____ C:\Windows\Tasks\WpsNotifyTask_Administrator.job
2017-05-17 19:36 - 2015-11-24 09:45 - 00000000 ____D C:\Windows\Panther
2017-05-16 22:20 - 2016-11-21 07:50 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-16 21:06 - 2015-11-24 02:07 - 00003066 _____ C:\Windows\System32\Tasks\WpsUpdateTask_Administrator
2017-05-16 21:06 - 2015-11-24 02:07 - 00003066 _____ C:\Windows\System32\Tasks\WpsNotifyTask_Administrator
2017-05-16 21:01 - 2016-10-08 16:27 - 00000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2017-05-15 21:22 - 2015-10-30 04:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-15 21:18 - 2015-11-24 02:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-15 20:17 - 2016-11-29 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-05-15 20:17 - 2016-11-21 00:38 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2017-05-15 20:17 - 2016-02-29 07:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-10 21:16 - 2016-02-29 14:08 - 00000000 ____D C:\Users\Santos\AppData\Local\MicrosoftEdge
2017-05-10 21:16 - 2016-02-29 07:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-10 19:53 - 2015-10-30 04:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-05-10 19:53 - 2015-10-30 04:24 - 00000000 ___SD C:\Windows\system32\F12
2017-05-10 19:53 - 2015-10-30 04:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-05-10 19:53 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2017-05-10 19:53 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\system32\en-GB
2017-05-10 19:53 - 2015-10-30 04:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 19:53 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-10 19:53 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-05-10 19:53 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-10 19:53 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-09 20:02 - 2015-10-30 04:11 - 00000000 ____D C:\Windows\CbsTemp

==================== Fichiers à la racine de certains dossiers =======

2017-01-27 15:55 - 2017-01-27 15:55 - 318912029 _____ () C:\Users\Santos\AppData\Local\ACCCx3_9_5_353.zip.aamdownload
2017-01-27 15:55 - 2017-01-27 15:55 - 0003560 _____ () C:\Users\Santos\AppData\Local\ACCCx3_9_5_353.zip.aamdownload.aamd

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2015-11-24 01:46

==================== Fin de FRST.txt ============================

 

Hope you will be able to help me

 

Waiting for your feedback

Regards

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 AM

Posted 03 June 2017 - 08:17 AM

Hi,

I was even wondering if it was not my blog who was infected.
Normally my blog is http://www.clubedafraldinha.com(maternity blog)


Yes I visited the site and my Norton Blocked a redirection issue.

Is this your blog?

#5 ozstrik3r69

ozstrik3r69
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 03 June 2017 - 10:14 AM

Dear Nasdaq

 

Thank you for this quick answer.

It is my wife´s blog.

 

What i do not understand is, thru my macbook i do not have this redirection.

Thru her computer I have this redirection. (it is the way that I found this problem actually).

 

I am not gonna lie saying that every plugs that I have on the wordpress are free... Unfortunatly some of them are coming from warez...

 

I will try to deactivate them and check one by one if it is affecting the blog.

Maybe I will have to check on the code. I do not know if there is a way to do it fast... ?

 

If you have some advices, ideas, I´ll take it.

 

 

Waiting for your feedback

Regards



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 AM

Posted 03 June 2017 - 01:14 PM



Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/
===

If that fails, try this.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
=

Keep me posted.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:07 AM

Posted 09 June 2017 - 08:04 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users