cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by HELLTRITTON (administrator) on UTILISATEUR on 08-03-2015 21:39:06
Running from C:\Users\HELLTRITTON\Downloads
Loaded Profiles: HELLTRITTON (Available profiles: HELLTRITTON)
Platform: Windows 7 Ultimate (X64) OS Language: Anglais (États-Unis)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Farbar) C:\Users\HELLTRITTON\Downloads\FRST64 (2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\Run: [Google Update] => C:\Users\HELLTRITTON\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc.)
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\Run: [GoogleChromeAutoLaunch_4D19D04A0D60B6D3180E99242B01FD53] => C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\MountPoints2: {02592d00-c9cb-11e1-9132-00247e4c82ba} - G:\Startme.exe
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\MountPoints2: {4fbb10cd-b530-11e0-91da-00238b9617dc} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\MountPoints2: {526e5f18-fb05-11e3-973c-00247e4c82ba} - I:\Startme.exe
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\MountPoints2: {6913cd56-2ff1-11e3-9add-00247e4c82ba} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\MountPoints2: {6bd45d57-e840-11e1-8707-00247e4c82ba} - H:\iStudio.exe
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\MountPoints2: {cbdb57d0-7933-11e4-a358-00238b9617dc} - H:\Startme.exe
HKU\S-1-5-21-951615273-994606791-96939523-1000\...\MountPoints2: {f63281d5-c0ee-11e1-90d3-00247e4c82ba} - G:\Startme.exe
HKU\S-1-5-21-951615273-994606791-96939523-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SO_X64~1.BOO => C:\Program Files (x86)\SO_x64.Booster [4210176 2014-05-31] ()
AppInit_DLLs-x32: c:\progra~2\so0cb7~1.boo => c:\Program Files (x86)\SO.Booster [4296192 2014-05-31] ()
Lsa: [Notification Packages] scecli DPPWDFLT
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1425301620&from=cor&uid=ST9250827AS_5RG81V6C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1425301620&from=cor&uid=ST9250827AS_5RG81V6C&q={searchTerms}
HKU\S-1-5-21-951615273-994606791-96939523-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-951615273-994606791-96939523-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
HKU\S-1-5-21-951615273-994606791-96939523-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1425301620&from=cor&uid=ST9250827AS_5RG81V6C&q={searchTerms}
HKU\S-1-5-21-951615273-994606791-96939523-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=fr-FR&Src=MSE&Tid=000328B0&OHP=about%3Ablank&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-951615273-994606791-96939523-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-951615273-994606791-96939523-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @ma-config.com/HardwareDetection -> C:\Program Files\ma-config.com\x64\nphardwaredetection.dll [2011-11-14] (Cybelsoft)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @ma-config.com/HardwareDetection -> C:\Program Files\ma-config.com\nphardwaredetection.dll [2011-11-14] (Cybelsoft)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-951615273-994606791-96939523-1000: @tools.google.com/Google Update;version=3 -> C:\Users\HELLTRITTON\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-951615273-994606791-96939523-1000: @tools.google.com/Google Update;version=9 -> C:\Users\HELLTRITTON\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-951615273-994606791-96939523-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\HELLTRITTON\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2012-04-06]
FF HKU\S-1-5-21-951615273-994606791-96939523-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1425301620&from=cor&uid=ST9250827AS_5RG81V6C"
CHR Profile: C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (apkekhcjmilamfcfeabnaidffgenboeg) - C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\apkekhcjmilamfcfeabnaidffgenboeg [2015-03-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]
CHR Extension: (Facebook Chat Platinum) - C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadjnjjgcjdhpcjhoplojnicjgeajah [2015-03-03]
CHR Extension: (Facebook Color Changer Enhancer) - C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbdkclmnkbjelpeddibimjmgofgkdagn [2015-02-28]
CHR Extension: (mihcahmgecmbnbcchbopgniflfhgnkff) - C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-03-02]
CHR Extension: (mkpckdjkmmgflnghjdokniaakigbfofa) - C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkpckdjkmmgflnghjdokniaakigbfofa [2015-03-07]
CHR Extension: (Google Wallet) - C:\Users\HELLTRITTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-12-01] (DigitalPersona, Inc.) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [719152 2008-09-16] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2008-09-16] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-22] (AVerMedia TECHNOLOGIES, Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-12] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-08] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 vfs101a; C:\Windows\System32\drivers\vfs101a.sys [49968 2008-09-16] (Validity Sensors, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-09] (CyberLink Corp.)
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [X]
U4 eabfiltr; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 21:36 - 2015-03-08 21:36 - 02095104 _____ (Farbar) C:\Users\HELLTRITTON\Downloads\FRST64 (2).exe
2015-03-08 21:33 - 2015-03-08 21:33 - 00004413 _____ () C:\Users\HELLTRITTON\Desktop\RKreport_DEL_03082015_213308.log
2015-03-08 20:43 - 2015-03-08 21:19 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-08 20:43 - 2015-03-08 21:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-08 20:43 - 2015-03-08 20:43 - 15568472 _____ () C:\Users\HELLTRITTON\Downloads\RogueKiller.exe
2015-03-08 20:39 - 2015-03-08 20:39 - 00000085 _____ () C:\Windows\wininit.ini
2015-03-08 19:27 - 2015-03-08 19:28 - 02095104 _____ (Farbar) C:\Users\HELLTRITTON\Downloads\FRST64 (1).exe
2015-03-08 19:10 - 2015-03-08 19:10 - 00001098 _____ () C:\Users\HELLTRITTON\Desktop\Continue Live Installation.lnk
2015-03-03 11:55 - 2015-03-03 11:55 - 00000000 ____D () C:\Program Files\NeWSaVEr
2015-03-03 11:55 - 2015-03-03 11:55 - 00000000 ____D () C:\Program Files\FinndoBestDueeal
2015-03-03 11:55 - 2015-03-03 11:55 - 00000000 ____D () C:\Program Files\EnujjoayyCooUpon
2015-03-03 11:53 - 2015-03-03 11:54 - 00000000 ____D () C:\Program Files\Facebook Chat Platinum
2015-03-03 11:53 - 2015-03-03 11:53 - 00000000 ____D () C:\ProgramData\dmkbbjbbpfophpaclioinaahahnbomoa
2015-03-03 11:52 - 2015-03-08 21:38 - 00000000 ____D () C:\Program Files\CoupExxtensuiOn
2015-03-03 11:52 - 2015-03-08 21:38 - 00000000 ____D () C:\Program Files\AlelCHeapPricee
2015-03-03 11:52 - 2015-03-03 11:55 - 00000000 ____D () C:\ProgramData\5205933011098939034UL
2015-03-02 15:45 - 2015-03-02 15:52 - 1461013586 _____ () C:\Users\HELLTRITTON\Downloads\The.Hunger.Games.Mockingjay.Part.1.2014.FRENCH.BRRiP.XviD.AC3-Slay3R.zone-telechargement.com.avi
2015-03-02 15:13 - 2015-03-02 15:13 - 00887718 _____ () C:\Users\HELLTRITTON\Downloads\flines_2015.zip
2015-03-02 14:17 - 2015-03-02 14:17 - 00033499 _____ () C:\Users\HELLTRITTON\Downloads\Addition.txt
2015-03-02 14:15 - 2015-03-08 21:39 - 00020143 _____ () C:\Users\HELLTRITTON\Downloads\FRST.txt
2015-03-02 14:15 - 2015-03-08 21:39 - 00000000 ____D () C:\FRST
2015-03-02 14:14 - 2015-03-02 14:14 - 02092544 _____ (Farbar) C:\Users\HELLTRITTON\Downloads\FRST64.exe
2015-03-02 14:07 - 2015-03-02 14:07 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-02 14:07 - 2015-03-02 14:07 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-02 14:07 - 2015-03-02 14:07 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-03-02 14:04 - 2015-03-02 14:04 - 01388333 _____ (Thisisu) C:\Users\HELLTRITTON\Downloads\JRT.exe
2015-03-02 10:40 - 2015-03-08 20:40 - 00006264 _____ () C:\Windows\PFRO.log
2015-03-02 10:40 - 2015-03-08 19:13 - 00000000 ____D () C:\ProgramData\f9c5601563b94c00bad70d941b29c80d
2015-03-02 10:23 - 2015-03-02 10:23 - 02126848 _____ () C:\Users\HELLTRITTON\Downloads\adwcleaner_4.111 (2).exe
2015-02-28 10:43 - 2015-02-28 10:43 - 00000000 ____D () C:\Program Files\Facebook Color Changer Enhancer
2015-02-28 10:41 - 2015-02-28 10:42 - 00000000 ____D () C:\Program Files\EnjoyCuoupon
2015-02-27 13:39 - 2015-03-08 20:45 - 00475605 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 13:38 - 2015-03-08 20:41 - 00002184 _____ () C:\Windows\setupact.log
2015-02-27 13:38 - 2015-02-27 13:38 - 04975920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-27 13:38 - 2015-02-27 13:38 - 00110712 _____ () C:\Users\HELLTRITTON\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-27 13:38 - 2015-02-27 13:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-27 13:34 - 2015-02-27 13:34 - 02126848 _____ () C:\Users\HELLTRITTON\Downloads\adwcleaner_4.111 (1).exe
2015-02-27 11:29 - 2015-02-27 12:08 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-02-27 11:17 - 2015-02-27 11:18 - 00000000 ____D () C:\Users\HELLTRITTON\Documents\DoctorPC
2015-02-27 11:15 - 2015-02-27 11:17 - 00000000 ____D () C:\Users\HELLTRITTON\AppData\Roaming\39464E43-1425035739-4B34-4D42-00238B9617DC
2015-02-27 11:10 - 2015-02-27 11:10 - 00003178 _____ () C:\Windows\System32\Tasks\{DD889E95-11A1-4DAB-86F6-4CAD72FC9205}
2015-02-27 11:08 - 2015-02-27 11:08 - 00006170 _____ () C:\Windows\System32\Tasks\b41f0551-98e5-4bd4-ac77-f420eca1b1de-1-6
2015-02-27 11:08 - 2015-02-27 11:08 - 00005480 _____ () C:\Windows\System32\Tasks\b41f0551-98e5-4bd4-ac77-f420eca1b1de-5
2015-02-27 11:07 - 2015-02-27 11:08 - 00006508 _____ () C:\Windows\System32\Tasks\b41f0551-98e5-4bd4-ac77-f420eca1b1de-1-7
2015-02-27 11:07 - 2015-02-27 11:07 - 00008894 _____ () C:\Windows\System32\Tasks\b41f0551-98e5-4bd4-ac77-f420eca1b1de-6
2015-02-27 11:06 - 2015-02-27 12:33 - 00000000 ____D () C:\Program Files (x86)\917f487a-d29d-47cb-9866-ab4a1db43b18
2015-02-27 11:06 - 2015-02-27 11:07 - 00008552 _____ () C:\Windows\System32\Tasks\b41f0551-98e5-4bd4-ac77-f420eca1b1de-7
2015-02-27 11:06 - 2015-02-27 11:06 - 00003078 _____ () C:\Windows\System32\Tasks\CheckMeUp Update
2015-02-27 11:05 - 2015-02-27 11:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMK_01009.Wdf
2015-02-27 11:04 - 2015-02-27 11:05 - 00000000 ____D () C:\ProgramData\LolliScan
2015-02-27 11:04 - 2015-02-27 11:04 - 00205272 _____ () C:\Users\HELLTRITTON\Downloads\24ba6b3.exe
2015-02-27 11:04 - 2015-02-27 11:04 - 00205272 _____ () C:\Users\HELLTRITTON\Downloads\04.exe
2015-02-27 11:02 - 2015-02-27 11:02 - 00541312 _____ () C:\Users\HELLTRITTON\Downloads\Setup (2).exe
2015-02-26 19:14 - 2015-02-26 19:16 - 368312320 _____ () C:\Users\HELLTRITTON\Downloads\Arrow.S03E15.FASTSUB.VOSTFR.HDTV.XviD-ZT.zone-telechargement.com.avi
2015-02-26 18:47 - 2015-02-26 18:56 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-26 18:45 - 2015-02-26 18:46 - 13444288 _____ (BlueStack Systems Inc.) C:\Users\HELLTRITTON\Downloads\BlueStacks-SplitInstaller_native-clash-of-clans.exe
2015-02-26 18:24 - 2015-02-26 18:25 - 02126848 _____ () C:\Users\HELLTRITTON\Downloads\adwcleaner_4.111.exe
2015-02-25 14:39 - 2015-02-25 14:39 - 00000000 ____D () C:\Program Files\SSavErEXteNsioun
2015-02-25 14:39 - 2015-02-25 14:39 - 00000000 ____D () C:\Program Files\Center'd Center the new YT
2015-02-25 14:37 - 2015-02-25 14:38 - 00000000 ____D () C:\Program Files\EnjOYCouppon
2015-02-25 14:37 - 2015-02-25 14:38 - 00000000 ____D () C:\Program Files\AlllCHeapPrice
2015-02-22 18:34 - 2015-02-22 18:34 - 00007989 _____ () C:\Users\HELLTRITTON\Desktop\adbook.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 21:22 - 2012-08-22 09:56 - 00057727 _____ () C:\Users\HELLTRITTON\Desktop\achat materiel flines.xlsx
2015-03-08 20:54 - 2011-07-23 23:36 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-951615273-994606791-96939523-1000UA.job
2015-03-08 20:49 - 2012-11-11 17:54 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 20:47 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 20:47 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 20:41 - 2013-10-17 19:19 - 00000000 ____D () C:\Temp
2015-03-08 20:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 20:40 - 2014-06-23 09:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-08 20:39 - 2013-07-21 10:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-08 13:31 - 2013-03-10 14:28 - 00121856 _____ () C:\Users\HELLTRITTON\Desktop\deplacement 2014-2015.xls
2015-03-03 14:17 - 2011-07-23 14:59 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 19:54 - 2011-07-23 23:36 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-951615273-994606791-96939523-1000Core.job
2015-03-02 10:38 - 2014-06-27 15:30 - 00000000 ____D () C:\AdwCleaner
2015-03-02 10:21 - 2011-12-17 14:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-02 10:16 - 2012-09-30 09:07 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-02 10:16 - 2012-09-30 09:04 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-03-02 10:16 - 2012-09-30 09:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-03-02 10:16 - 2012-09-30 09:03 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-02 10:15 - 2009-07-14 03:34 - 00001897 _____ () C:\Windows\win.ini
2015-03-02 10:10 - 2014-06-23 18:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-02 10:08 - 2014-06-23 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-02 10:07 - 2014-06-23 18:24 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-03-02 10:07 - 2014-06-23 18:24 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-03-02 10:07 - 2014-06-23 18:24 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-03-02 10:07 - 2014-06-23 18:24 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-02 10:07 - 2012-09-16 08:55 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-27 11:48 - 2011-07-23 23:40 - 00002391 _____ () C:\Users\HELLTRITTON\Desktop\Google Chrome.lnk
2015-02-27 11:48 - 2011-07-23 14:14 - 00001194 _____ () C:\Users\HELLTRITTON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-27 11:48 - 2011-07-23 14:14 - 00001015 _____ () C:\Users\HELLTRITTON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-26 19:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-26 18:16 - 2011-07-23 14:23 - 00748290 _____ () C:\Windows\system32\perfh00C.dat
2015-02-26 18:16 - 2011-07-23 14:23 - 00149898 _____ () C:\Windows\system32\perfc00C.dat
2015-02-26 18:16 - 2009-07-14 06:13 - 01670416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 19:49 - 2011-07-23 23:36 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-951615273-994606791-96939523-1000UA
2015-02-06 19:49 - 2011-07-23 23:36 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-951615273-994606791-96939523-1000Core

==================== Files in the root of some directories =======

2014-05-31 23:09 - 2014-05-31 23:09 - 4296192 _____ () C:\Program Files (x86)\SO.Booster
2014-05-31 23:09 - 2014-05-31 23:09 - 0174928 _____ () C:\Program Files (x86)\SOSvc.dll
2014-05-31 23:09 - 2014-05-31 23:09 - 4210176 _____ () C:\Program Files (x86)\SO_x64.Booster
2011-12-09 17:30 - 2010-01-26 11:11 - 0444283 _____ () C:\Program Files (x86)\Common Files\WinPcapNmap.exe
2011-12-18 13:23 - 2011-12-18 13:18 - 0114688 _____ () C:\Users\HELLTRITTON\AppData\Roaming\chrtmp
2009-05-05 07:20 - 2009-05-05 07:20 - 0000456 _____ () C:\Users\HELLTRITTON\AppData\Roaming\settings.ini
2013-12-19 15:47 - 2014-03-31 06:52 - 0000155 _____ () C:\Users\HELLTRITTON\AppData\Roaming\WB.CFG
2011-07-23 15:54 - 2011-07-23 15:54 - 0000000 _____ () C:\Users\HELLTRITTON\AppData\Local\AtStart.txt
2011-07-23 15:23 - 2013-07-26 20:57 - 0008704 _____ () C:\Users\HELLTRITTON\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-23 15:54 - 2011-07-23 15:54 - 0000000 _____ () C:\Users\HELLTRITTON\AppData\Local\DSwitch.txt
2011-07-23 15:54 - 2011-07-23 15:54 - 0000000 _____ () C:\Users\HELLTRITTON\AppData\Local\QSwitch.txt
2013-08-15 16:14 - 2013-08-15 16:14 - 0000218 _____ () C:\Users\HELLTRITTON\AppData\Local\recently-used.xbel
2012-03-09 08:29 - 2015-03-08 20:41 - 0000183 _____ () C:\ProgramData\HPWALog.txt

Files to move or delete:
====================
C:\Users\HELLTRITTON\AppData\Roaming\settings.ini


Some content of TEMP:
====================
C:\Users\HELLTRITTON\AppData\Local\Temp\dllnt_dump.dll
C:\Users\HELLTRITTON\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\HELLTRITTON\AppData\Local\Temp\Quarantine.exe
C:\Users\HELLTRITTON\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 13:49

==================== End Of Log ============================

Publicité


Signaler le contenu de ce document

Publicité