cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014 02
Ran by Jeabony (administrator) on MR-428397D4F527 on 12-12-2014 08:44:51
Running from C:\Documents and Settings\Jeabony\Bureau
Loaded Profile: Jeabony (Available profiles: Jeabony & jeanarlette)
Platform: Microsoft Windows XP Édition familiale Service Pack 3 (X86) OS Language: Français (France)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
() C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SMSNotifier.exe
() C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BusinessEverywhere.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\Jeabony\LOCALS~1\Temp\RtkBtMnt.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Silicon Integrated Systems Corporation) C:\WINDOWS\system32\sistray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-03-04] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Start_Update_{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}] => C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\UpdteApp.exe [981960 2012-10-31] ()
HKLM\...\Run: [Start_SMSNotifier_{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}] => C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SMSNotifier.exe [1375696 2012-10-31] ()
HKLM\...\Run: [Start_BusinessEverywhere_{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}] => C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BusinessEverywhere.exe [3455456 2012-10-31] ()
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SiSPower] => Rundll32.exe SiSPower.dll,ModeAgent
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-10-08] (Agere Systems)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-725345543-573735546-839522115-1004\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-725345543-573735546-839522115-1004\...\Run: [EPSON SX218 Series (Copie 1)] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-725345543-573735546-839522115-1004\...\Run: [EPSON SX218 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-725345543-573735546-839522115-1004\...\MountPoints2: {e86cda44-6b61-11e0-89dd-0016361d8d0c} - G:\AutoRunCardDetector.exe
Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
ShortcutTarget: Utility Tray.lnk -> C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Fichiers hors connexion] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-725345543-573735546-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-725345543-573735546-839522115-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://google.com" <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-725345543-573735546-839522115-1004 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=1I7ADFA_frFR430
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-725345543-573735546-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_2_1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINDOWS\system32\mswsock.dll [247808] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jeabony\Application Data\Mozilla\Firefox\Profiles\mpsrj0gi.default
FF DefaultSearchEngine:
FF DefaultSearchUrl: https://fr.search.yahoo.com/yhs/search
FF SelectedSearchEngine:
FF Homepage: hxxp://www.orange.fr/portail
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Jeabony\Application Data\Mozilla\Firefox\Profiles\mpsrj0gi.default\searchplugins\yahoo-avast.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-04]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Documents and Settings\Jeabony\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Jeabony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-01]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Jeabony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jeabony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-31]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-31] (AVAST Software)
R2 BEWConfigSrv; C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe [195536 2012-10-31] () [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 odserv; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-31] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-31] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-31] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-31] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-31] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-31] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-31] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2967168 2010-04-09] (Broadcom Corporation)
S3 hwusbfake; C:\WINDOWS\System32\DRIVERS\ewusbfake.sys [102656 2009-06-15] (Huawei Technologies Co., Ltd.)
R0 imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [5504 2004-03-02] (Ahead Software AG) [File not signed]
R0 imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [125184 2004-03-02] (Ahead Software AG) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-12] (Malwarebytes Corporation)
S3 PCAMPR5; C:\WINDOWS\system32\PCAMPR5.SYS [34688 2008-02-20] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [32128 2008-02-20] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [325120 2010-10-26] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [19200 2010-10-26] (Silicon Integrated Systems Corporation)
S3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2004-08-03] (SiS Corporation)
U3 DfSdkS; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 08:44 - 2014-12-12 08:45 - 00019410 _____ () C:\Documents and Settings\Jeabony\Bureau\FRST.txt
2014-12-12 08:44 - 2014-12-12 08:45 - 00000000 ____D () C:\FRST
2014-12-12 08:43 - 2014-12-12 08:41 - 01111040 _____ (Farbar) C:\Documents and Settings\Jeabony\Bureau\FRST.exe
2014-12-11 10:40 - 2014-12-11 10:40 - 00267008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-11 10:27 - 2014-12-11 10:27 - 00001628 _____ () C:\Documents and Settings\Jeabony\Bureau\ZHPFix.lnk
2014-12-11 10:27 - 2014-12-11 10:27 - 00001523 _____ () C:\Documents and Settings\Jeabony\Bureau\ZHPDiag.lnk
2014-12-11 10:27 - 2014-12-11 10:27 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
2014-12-11 10:26 - 2014-12-11 10:27 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-12-11 09:06 - 2014-12-11 09:06 - 00008156 _____ () C:\Documents and Settings\jeanarlette\Mes documents\cc_20141211_090601.reg
2014-12-11 09:02 - 2014-12-11 09:02 - 00000682 _____ () C:\Documents and Settings\jeanarlette\Bureau\Raccourci vers CCleaner.lnk
2014-12-10 20:50 - 2014-12-11 08:51 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\2D713A3D.sys
2014-12-10 20:39 - 2014-12-10 20:39 - 00002393 _____ () C:\Documents and Settings\Jeabony\Mes documents\RKreport_DEL_12102014_203746.log
2014-12-10 16:28 - 2014-12-11 09:49 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-10 16:28 - 2014-12-10 16:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-12-10 16:27 - 2014-12-10 16:27 - 00000728 _____ () C:\Documents and Settings\Jeabony\Bureau\Raccourci vers RogueKiller.lnk
2014-12-08 20:56 - 2014-12-12 07:51 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 20:54 - 2014-12-08 20:54 - 00000777 _____ () C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
2014-12-08 20:54 - 2014-12-08 20:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-08 20:54 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-08 20:54 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-08 18:44 - 2014-12-08 18:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-08 18:41 - 2014-12-08 18:40 - 01707646 _____ (Thisisu) C:\Documents and Settings\Jeabony\Bureau\JRT.exe
2014-12-08 18:17 - 2014-12-08 18:21 - 00000000 ____D () C:\AdwCleaner
2014-12-08 18:17 - 2014-12-08 18:17 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 18:15 - 2014-12-08 18:14 - 02153472 _____ () C:\Documents and Settings\Jeabony\Bureau\adwcleaner_4.104.exe
2014-12-08 09:53 - 2014-12-08 09:53 - 00006652 _____ () C:\Documents and Settings\Jeabony\Bureau\ZHPCleaner.txt
2014-12-08 09:53 - 2014-12-08 09:53 - 00000000 _____ () C:\essai.txt
2014-12-08 09:48 - 2014-12-08 09:49 - 00000815 _____ () C:\Documents and Settings\Jeabony\Bureau\ZHPCleaner.lnk
2014-12-08 09:48 - 2014-12-08 09:48 - 01409536 _____ () C:\Documents and Settings\Jeabony\ZHPCleaner.exe
2014-12-07 08:28 - 2014-12-07 08:28 - 00000000 ____D () C:\Program Files\Ashampoo
2014-12-07 08:28 - 2014-12-07 08:28 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Ashampoo
2014-12-07 08:28 - 2014-12-07 08:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ashampoo
2014-12-07 08:28 - 2009-08-24 22:08 - 00028160 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2014-12-05 09:50 - 2014-12-05 09:50 - 00000724 _____ () C:\Documents and Settings\jeanarlette\Bureau\Raccourci vers firefox.lnk
2014-12-05 09:06 - 2014-12-05 09:06 - 00068848 _____ () C:\Documents and Settings\Jeabony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-02 08:29 - 2014-12-02 08:29 - 00000724 _____ () C:\Documents and Settings\Jeabony\Bureau\Raccourci vers firefox.lnk
2014-12-02 08:16 - 2014-12-02 08:16 - 00000682 _____ () C:\Documents and Settings\Jeabony\Bureau\Raccourci vers CCleaner.lnk
2014-12-02 07:55 - 2014-12-02 07:55 - 00000000 ____D () C:\Program Files\Fichiers communs\Java
2014-12-02 07:55 - 2014-12-02 07:55 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Java
2014-12-02 07:55 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-12-02 07:55 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-12-02 07:55 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-12-02 07:55 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-12-02 07:55 - 2014-09-26 18:16 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-12-02 07:54 - 2014-12-02 07:55 - 00004388 _____ () C:\WINDOWS\system32\jupdate-1.7.0_71-b14.log
2014-11-29 10:14 - 2014-12-08 09:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BMXTFAJs
2014-11-29 10:12 - 2014-11-29 10:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PDF Architect 2
2014-11-29 09:18 - 2014-11-29 09:19 - 00000000 ____D () C:\Program Files\GPLGS
2014-11-26 11:29 - 2014-11-29 17:54 - 00000000 ____D () C:\Documents and Settings\Jeabony\Mes documents\Diapo Stag
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2014-11-12 09:12 - 2014-12-08 09:32 - 00000000 ____D () C:\Documents and Settings\Jeabony\Mes documents\Doc Stage

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 08:45 - 2011-04-17 21:44 - 00000000 ____D () C:\Documents and Settings\Jeabony\Local Settings\Temp
2014-12-12 08:44 - 2011-04-17 21:44 - 00000000 ____D () C:\Documents and Settings\Jeabony\Bureau
2014-12-12 08:43 - 2012-03-27 08:19 - 00000000 ____D () C:\Documents and Settings\Jeabony\Mes documents\Téléchargements
2014-12-12 08:38 - 2011-04-17 21:22 - 01243772 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-12 08:25 - 2012-04-04 07:25 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-12 07:51 - 2013-09-13 08:21 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-12-12 07:41 - 2014-03-07 08:55 - 00000226 _____ () C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
2014-12-12 07:41 - 2011-06-22 07:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-12 07:41 - 2011-06-22 07:30 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-12 07:41 - 2011-04-17 21:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-11 18:49 - 2011-04-17 21:44 - 00000184 ___SH () C:\Documents and Settings\Jeabony\ntuser.ini
2014-12-11 18:49 - 2011-04-17 21:43 - 00032602 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-11 13:29 - 2011-04-19 18:24 - 00000184 __SHC () C:\Documents and Settings\jeanarlette\ntuser.ini
2014-12-11 13:28 - 2011-04-19 18:24 - 00000000 ____D () C:\Documents and Settings\jeanarlette\Local Settings\Temp
2014-12-11 10:29 - 2014-07-25 07:33 - 00000000 ____D () C:\Documents and Settings\Jeabony\Application Data\ZHP
2014-12-11 10:27 - 2011-04-17 23:04 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Démarrer\Programmes
2014-12-11 09:04 - 2011-04-19 18:24 - 00000000 ____D () C:\Documents and Settings\jeanarlette
2014-12-11 09:02 - 2011-04-19 18:24 - 00000000 ____D () C:\Documents and Settings\jeanarlette\Bureau
2014-12-11 08:31 - 2012-04-04 07:25 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-11 08:31 - 2011-06-25 06:22 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-10 17:59 - 2012-07-13 07:24 - 00000000 ___RD () C:\Documents and Settings\Jeabony\Mes documents\Ma musique
2014-12-10 09:29 - 2011-04-19 18:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-10 08:53 - 2013-09-09 20:22 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 08:35 - 2011-04-19 18:36 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 08:15 - 2004-08-05 13:00 - 00000507 _____ () C:\WINDOWS\win.ini
2014-12-10 08:15 - 2004-08-05 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-10 08:14 - 2011-04-17 23:04 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
2014-12-09 09:27 - 2011-04-17 22:56 - 00000000 ____D () C:\WINDOWS\msagent
2014-12-08 20:54 - 2011-04-17 23:04 - 00000000 ____D () C:\Documents and Settings\All Users\Bureau
2014-12-08 12:08 - 2011-04-19 18:48 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2014-12-08 09:48 - 2011-04-17 21:44 - 00000000 ____D () C:\Documents and Settings\Jeabony
2014-12-07 08:06 - 2013-09-13 07:54 - 00000000 ____D () C:\WINDOWS\pss
2014-12-07 07:54 - 2004-08-05 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-05 08:20 - 2011-04-17 21:55 - 00000000 __SHD () C:\Documents and Settings\Jeabony\UserData
2014-12-02 08:26 - 2011-04-17 21:44 - 00000000 ___RD () C:\Documents and Settings\Jeabony\Mes documents\Mes images
2014-12-02 07:55 - 2014-03-07 08:23 - 00000000 ____D () C:\Program Files\Java
2014-12-02 07:55 - 2011-04-17 23:04 - 00000000 ____D () C:\Program Files\Fichiers communs
2014-12-01 11:16 - 2014-04-04 07:45 - 00000000 ____D () C:\Documents and Settings\jeanarlette\Application Data\Malwarebytes
2014-11-26 09:53 - 2012-03-20 08:22 - 00033792 _____ () C:\Documents and Settings\Jeabony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-26 08:24 - 2013-09-13 08:21 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys

Files to move or delete:
====================
C:\Documents and Settings\Jeabony\ZHPCleaner.exe


Some content of TEMP:
====================
C:\Documents and Settings\Jeabony\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Jeabony\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Jeabony\Local Settings\Temp\RtkBtMnt.EXE
C:\Documents and Settings\Jeabony\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\jeanarlette\Local Settings\Temp\BrowsingHistoryView.exe
C:\Documents and Settings\jeanarlette\Local Settings\Temp\RtkBtMnt.EXE
C:\Documents and Settings\jeanarlette\Local Settings\Temp\{8EE1EED4-8264-4108-BFFF-DA9DC7D1ED3E}-GoogleToolbarInstaller_updater_signed.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

Publicité


Signaler le contenu de ce document

Publicité