cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2015
Ran by user (administrator) on VBOX on 26-04-2015 11:09:03
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user & Administrateur)
Platform: Microsoft Windows 7 Professionnel Service Pack 1 (X86) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Oracle Corporation) C:\Windows\System32\VBoxService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Oracle Corporation) C:\Windows\System32\VBoxTray.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\Defender.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Tweaking.com) C:\Users\user\Desktop\Tweaking.com - Windows Repair\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\OLBPre\OLBPre.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VBoxTray] => C:\Windows\system32\VBoxTray.exe [1340848 2014-11-21] (Oracle Corporation)
HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [373480 2015-01-01] (SHADOWDEFENDER.COM)
HKU\S-1-5-21-8605231-3056671493-1948616188-1001\...\MountPoints2: {d644f698-79ef-11e4-bc1d-806e6f6e6963} - D:\reatogoMenu.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk [2015-04-26]
ShortcutTarget: Heimdal.lnk -> C:\Program Files\Heimdal\Client\HeimdalAgent.exe (No File)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acronis True Image 2015 v18.0.5539 Bootable Media iSO Activator.lnk [2015-04-26]
ShortcutTarget: Acronis True Image 2015 v18.0.5539 Bootable Media iSO Activator.lnk -> C:\ProgramData\{1468d0ac-ba95-09df-1468-8d0acba942b2}\Acronis True Image 2015 v18.0.5539 Bootable Media iSO Activator.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2015-04-26]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\OLBPre\OLBPre.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-8605231-3056671493-1948616188-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8&q={searchTerms}
HKU\S-1-5-21-8605231-3056671493-1948616188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8
HKU\S-1-5-21-8605231-3056671493-1948616188-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-fr/?ocid=iehp
HKU\S-1-5-21-8605231-3056671493-1948616188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8&q={searchTerms}
SearchScopes: HKU\S-1-5-21-8605231-3056671493-1948616188-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8&q={searchTerms}
SearchScopes: HKU\S-1-5-21-8605231-3056671493-1948616188-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8&q={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default\searchplugins\mystartsearch.xml [2015-04-26]
FF Extension: HTTPS-Everywhere - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default\Extensions\https-everywhere@eff.org [2015-04-26]
FF Extension: SalePPlus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default\Extensions\OBOQ24g@N.com [2015-04-26]
FF Extension: Search Enginer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default\Extensions\sweetsearch@gmail.com [2015-04-26]
FF Extension: bestadblocker - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default\Extensions\z@F.co.uk [2015-04-26]
FF Extension: WOT - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-02]
FF Extension: Ghostery - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default\Extensions\firefox@ghostery.com.xpi [2015-01-21]
FF Extension: IPFlood - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default\Extensions\ipfuck@p4ul.info.xpi [2014-12-02]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-02]
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qvs9wchz.default\extensions\sweetsearch@gmail.com

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1430038472&from=wpc&uid=VBOXXHARDDISK_VBe509a3cf-c489a8b8&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (uBlock Origin) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-04-18]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (Bookmark Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06]
CHR Extension: (My theme for Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcheaaplkhblheokaibpndonpnejpe [2015-04-26]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 bff42538; c:\Program Files\UpgradeLeader\UpgradeLeader.dll [1592832 2015-04-26] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 VBoxService; C:\Windows\System32\VBoxService.exe [1535536 2014-11-21] (Oracle Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [72888 2015-01-01] (SHADOWDEFENDER.COM)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [341048 2015-01-01] (SHADOWDEFENDER.COM)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 VBoxGuest; C:\Windows\System32\DRIVERS\VBoxGuest.sys [117768 2014-11-21] (Oracle Corporation)
R3 VBoxMouse; C:\Windows\System32\DRIVERS\VBoxMouse.sys [100240 2014-11-21] (Oracle Corporation)
R1 VBoxSF; C:\Windows\System32\drivers\VBoxSF.sys [245488 2014-11-21] (Oracle Corporation)
R3 VBoxVideo; C:\Windows\System32\DRIVERS\VBoxVideo.sys [118792 2014-11-21] (Oracle Corporation)
U3 mbr; \??\C:\Users\user\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 11:07 - 2015-04-26 11:07 - 00101953 _____ () C:\Users\user\Desktop\ZHPDiag.txt
2015-04-26 11:04 - 2015-04-26 11:04 - 00008007 _____ () C:\Users\user\Desktop\AdwCleaner[R0].txt
2015-04-26 11:03 - 2015-04-26 11:04 - 00000000 ____D () C:\AdwCleaner
2015-04-26 11:03 - 2015-04-26 11:03 - 02224640 _____ () C:\Users\user\Desktop\adwcleaner_4.202.exe
2015-04-26 10:55 - 2015-04-26 10:56 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-04-26 10:55 - 2015-04-26 10:55 - 00001891 _____ () C:\Users\Public\Desktop\EZDownloader.lnk
2015-04-26 10:55 - 2015-04-26 10:55 - 00001805 _____ () C:\Users\user\Desktop\MyPC Backup.lnk
2015-04-26 10:55 - 2015-04-26 10:55 - 00000000 ____D () C:\Windows\system32\X86
2015-04-26 10:55 - 2015-04-26 10:55 - 00000000 ____D () C:\Windows\system32\AMD64
2015-04-26 10:55 - 2015-04-26 10:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\EZDownloader
2015-04-26 10:55 - 2015-04-26 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2015-04-26 10:55 - 2015-04-26 10:55 - 00000000 ____D () C:\Program Files\OLBPre
2015-04-26 10:55 - 2015-04-26 10:55 - 00000000 ____D () C:\Program Files\EZDownloader
2015-04-26 10:54 - 2015-04-26 10:54 - 00000000 ____D () C:\Program Files\UpgradeLeader
2015-04-26 10:53 - 2015-04-26 10:53 - 00000000 ____D () C:\ProgramData\7268114318990765546
2015-04-26 10:53 - 2015-04-26 10:53 - 00000000 ____D () C:\Program Files\SalePPlus
2015-04-26 10:53 - 2015-04-26 10:53 - 00000000 ____D () C:\Program Files\SalePlus
2015-04-26 10:53 - 2015-04-26 10:53 - 00000000 ____D () C:\Program Files\My theme for Google
2015-04-26 10:53 - 2015-04-26 10:53 - 00000000 ____D () C:\Program Files\bestadblocker
2015-04-26 10:52 - 2015-04-26 10:52 - 00000000 ____D () C:\ProgramData\dpfmacdimlpelphdibbnjapdihdbjbia
2015-04-26 10:50 - 2015-04-26 10:50 - 00000442 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-04-26 10:50 - 2015-04-26 10:50 - 00000000 ____D () C:\ProgramData\{1468d0ac-ba95-09df-1468-8d0acba942b2}
2015-04-26 10:45 - 2015-04-26 10:50 - 00384000 _____ () C:\Users\user\Desktop\Acronis True Image 2015 v18.0.5539 Bootable Media iSO Activator.exe
2015-04-26 10:12 - 2015-04-26 11:09 - 00012765 _____ () C:\Users\user\Desktop\FRST.txt
2015-04-26 10:12 - 2015-04-26 10:12 - 00016134 _____ () C:\Users\user\Desktop\Addition.txt
2015-04-26 10:11 - 2015-04-26 10:59 - 00010959 _____ () C:\Users\user\Desktop\ZHPCleaner.txt
2015-04-26 08:55 - 2015-04-26 08:59 - 01196032 _____ () C:\Users\user\Desktop\CTR.exe
2015-04-26 08:51 - 2015-04-26 08:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-26 08:33 - 2015-04-26 08:33 - 00000000 ____D () C:\ProgramData\CSIS
2015-04-26 08:32 - 2015-04-26 08:32 - 28266496 ___SH () C:\diskpt0.sys
2015-04-24 10:56 - 2015-04-24 10:56 - 00059986 _____ () C:\Users\user\Desktop\OTL.Txt
2015-04-24 10:56 - 2015-04-24 10:56 - 00028714 _____ () C:\Users\user\Desktop\Extras.Txt
2015-04-23 10:43 - 2015-04-23 10:43 - 16609716 _____ () C:\Users\user\Downloads\Hash_Suite_Free_3_1.zip
2015-04-23 09:52 - 2015-04-23 09:53 - 00000000 ____D () C:\Users\user\Downloads\REvo
2015-04-20 12:32 - 2015-04-20 12:32 - 00058016 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-18 16:34 - 2015-04-26 08:31 - 00000560 _____ () C:\Windows\setupact.log
2015-04-18 16:34 - 2015-04-18 16:34 - 00267168 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-18 16:34 - 2015-04-18 16:34 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-18 14:46 - 2015-04-18 14:46 - 00000000 _____ () C:\Users\user\Desktop\Nouveau document texte (2).txt
2015-04-18 11:07 - 2015-04-18 11:07 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe
2015-04-18 08:37 - 2015-04-18 08:37 - 00000000 ____D () C:\Users\user\Downloads\InCtrl5
2015-04-16 20:25 - 2015-04-16 20:25 - 00000000 ____D () C:\Users\user\AppData\Local\CutePDF Writer
2015-04-16 20:20 - 2015-04-16 20:20 - 00302011 _____ () C:\Users\user\Downloads\WindowsUpdateDiagnostic.diagcab
2015-04-16 16:30 - 2015-04-16 16:32 - 239126136 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v34-x86.msu
2015-04-16 15:11 - 2015-04-16 15:12 - 00000000 ____D () C:\Users\user\Desktop\Tweaking.com - Windows Repair
2015-04-15 11:42 - 2015-04-26 10:08 - 01811968 _____ () C:\Users\user\ZHPCleaner.exe
2015-04-15 11:27 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 11:27 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 11:27 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 11:27 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 11:27 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 11:27 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 11:27 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 11:27 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:27 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 11:27 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 11:27 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 11:27 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:27 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 11:27 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 11:27 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 11:27 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 11:27 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 11:27 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 11:27 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 11:27 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 11:27 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 11:27 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:27 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 11:27 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 11:27 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 11:27 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 11:27 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 11:27 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 11:27 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 11:27 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 11:27 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 11:27 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 11:27 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 11:27 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 11:27 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 11:27 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 11:27 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 11:27 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 11:27 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 11:27 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 11:27 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 11:27 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 11:27 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 11:27 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 11:27 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 11:27 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 11:27 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 11:27 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 11:27 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 11:27 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 11:27 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 11:27 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 11:27 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 11:27 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 11:27 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 11:27 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 11:27 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 11:27 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 11:27 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 11:27 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 11:27 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 11:27 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 11:27 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 11:27 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 11:27 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 11:27 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 11:27 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 11:27 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 11:27 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 11:27 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 11:27 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 11:27 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 14:39 - 2015-04-26 10:12 - 01139200 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2015-04-14 14:22 - 2015-04-14 14:22 - 00139264 _____ () C:\Users\user\Desktop\SystemLook.exe
2015-04-10 09:07 - 2015-04-10 09:07 - 00000416 _____ () C:\Users\user\Desktop\restau.zip
2015-04-10 06:51 - 2015-04-26 10:56 - 00000825 _____ () C:\Users\user\Desktop\ZHPCleaner.lnk
2015-04-10 06:49 - 2015-04-10 06:49 - 01786880 _____ () C:\Users\user\Desktop\ZHPCleaner.exe
2015-04-04 11:21 - 2015-04-04 11:21 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 08:40 - 2015-04-04 08:40 - 00000456 _____ () C:\blitzblank.log
2015-04-04 08:36 - 2015-04-04 10:03 - 00000043 _____ () C:\Users\user\Desktop\beurk.txt
2015-04-02 17:24 - 2015-04-02 17:24 - 00000000 ____D () C:\MGADiagToolOutput
2015-04-02 17:23 - 2015-04-02 17:23 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-04-02 17:22 - 2015-04-02 17:22 - 01607032 _____ (Microsoft Corporation) C:\Users\user\Desktop\MGADiag.exe
2015-04-02 17:21 - 2015-04-02 17:21 - 00817893 _____ () C:\Users\user\Desktop\InfoVersWin.exe
2015-04-02 17:21 - 2015-04-02 17:21 - 00000282 _____ () C:\Users\user\Desktop\InfosWindows.txt
2015-03-31 15:29 - 2015-03-31 15:29 - 00841728 _____ () C:\Users\user\Desktop\PtRestau.exe
2015-03-31 10:23 - 2015-03-31 10:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adersoft
2015-03-31 09:56 - 2015-03-31 09:56 - 00000370 _____ () C:\Users\user\Desktop\Untitled.vbs
2015-03-31 09:55 - 2015-03-31 09:55 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vbsedit.lnk
2015-03-31 09:55 - 2015-03-31 09:55 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Htaedit.lnk
2015-03-31 09:55 - 2015-03-31 09:55 - 00000000 ____D () C:\Users\user\AppData\Local\Adersoft
2015-03-31 09:55 - 2015-03-31 09:55 - 00000000 ____D () C:\ProgramData\Vbsedit
2015-03-31 09:55 - 2015-03-31 09:55 - 00000000 ____D () C:\Program Files\Vbsedit
2015-03-31 09:54 - 2015-03-31 10:53 - 00000376 _____ () C:\Users\user\Desktop\restau.vbs
2015-03-31 09:46 - 2015-03-31 09:46 - 09069112 _____ (Adersoft) C:\Users\user\Downloads\vbsedit.exe
2015-03-31 09:37 - 2015-03-31 09:38 - 00000000 ____D () C:\Users\user\Downloads\QRM3
2015-03-31 09:27 - 2015-03-31 09:30 - 00000123 _____ () C:\Users\user\Desktop\restau.txt
2015-03-29 18:24 - 2015-03-29 18:24 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-VBOX-Windows-7-Professional-(32-bit).dat
2015-03-29 18:24 - 2015-03-29 18:24 - 00000000 ____D () C:\RegBackup
2015-03-28 08:20 - 2015-03-28 08:26 - 00000174 _____ () C:\Users\user\Desktop\test zhp.txt
2015-03-28 08:20 - 2015-03-28 08:21 - 00002027 _____ () C:\Users\user\Desktop\ZHP_Quarantine.lnk
2015-03-28 08:06 - 2015-03-28 08:06 - 00000000 ____D () C:\Nouveau dossier
2015-03-28 07:59 - 2015-04-04 08:40 - 00000000 _____ () C:\pabo.txt
2015-03-28 07:59 - 2015-03-28 08:26 - 00001355 _____ () C:\Users\user\Desktop\ZHPFixReport.txt
2015-03-28 07:57 - 2015-04-04 10:02 - 00000009 _____ () C:\Users\user\Desktop\pabo.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 11:09 - 2015-02-05 17:42 - 00000000 ____D () C:\FRST
2015-04-26 11:07 - 2015-02-05 20:09 - 00000000 _____ () C:\PhysicalDisk0_MBR.bin
2015-04-26 11:07 - 2014-12-02 11:24 - 00000000 ____D () C:\Program Files\ZHPDiag
2015-04-26 11:06 - 2014-12-02 11:24 - 00000000 ____D () C:\Users\user\AppData\Roaming\ZHP
2015-04-26 10:24 - 2015-01-02 10:14 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 10:12 - 2015-03-14 11:27 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2015-04-26 10:08 - 2014-12-02 09:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-26 08:51 - 2014-12-02 11:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 08:39 - 2009-07-14 06:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 08:39 - 2009-07-14 06:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 08:36 - 2010-11-20 23:01 - 01668084 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-26 08:35 - 2014-12-02 08:56 - 01061888 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 08:31 - 2015-01-02 10:14 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 08:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 10:28 - 2015-03-11 15:44 - 00005111 _____ () C:\Users\user\Desktop\prog.txt
2015-04-23 09:37 - 2014-12-02 11:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-20 16:16 - 2014-12-03 19:49 - 00000000 ____D () C:\Users\user\Documents\Outils
2015-04-20 12:32 - 2015-01-01 14:42 - 00000000 ____D () C:\coucou
2015-04-20 09:46 - 2014-12-02 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-16 10:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-16 10:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 09:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 11:36 - 2014-12-10 12:12 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 11:36 - 2014-12-02 10:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 11:36 - 2014-12-02 10:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 11:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-04-15 11:34 - 2014-12-02 10:17 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 11:33 - 2014-12-10 12:14 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-04-15 11:32 - 2014-12-10 12:14 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 11:32 - 2014-12-10 12:14 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 09:37 - 2014-12-02 11:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-12-02 11:28 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-12-02 11:28 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-02 17:27 - 2014-12-02 11:40 - 00000000 ____D () C:\Users\user\Desktop\Rapports
2015-03-31 09:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-28 08:18 - 2015-02-09 17:40 - 00000980 _____ () C:\Users\user\Desktop\Nouveau document texte.txt
2015-03-27 21:15 - 2014-12-02 11:25 - 00000000 ____D () C:\Program Files\ZebHelpProcess
2015-03-27 21:15 - 2014-12-02 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

Files to move or delete:
====================
C:\Users\user\ZHPCleaner.exe


Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\9000.exe
C:\Users\user\AppData\Local\Temp\D400.exe
C:\Users\user\AppData\Local\Temp\OnlineBackup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 10:03

==================== End Of Log ============================

Publicité


Signaler le contenu de ce document

Publicité