cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by g3n-h@ckm@n (administrator) on G3N-HCKMN-PC on 26-04-2015 23:01:57
Running from C:\Users\g3n-h@ckm@n\Desktop
Loaded Profiles: g3n-h@ckm@n (Available profiles: g3n-h@ckm@n)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Oracle Corporation) C:\Windows\System32\VBoxService.exe
(Oracle Corporation) C:\Windows\System32\VBoxTray.exe
(Microsoft Corp.) C:\Users\g3n-h@ckm@n\Documents\MSDCSC\y3Bj94QUm7rb\msdcsc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
() C:\Users\G3N-H@~1\AppData\Local\Temp\wvlwm.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\G3N-H@~1\AppData\Local\Temp\winckngqn.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VBoxTray] => C:\Windows\system32\VBoxTray.exe [1537608 2015-02-12] (Oracle Corporation)
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\...\Run: [MicroUpdate] => C:\Users\g3n-h@ckm@n\Documents\MSDCSC\y3Bj94QUm7rb\msdcsc.exe [434176 2007-04-16] (Microsoft Corp.)
Startup: C:\Users\g3n-h@ckm@n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qsdwx.exe [2015-04-26] (Microsoft Corp.)
Startup: C:\Users\g3n-h@ckm@n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qsdwx.scr [2015-04-26] (Microsoft Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2345046614-25744674-3356666314-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-fr/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 VBoxService; C:\Windows\System32\VBoxService.exe [1778616 2015-02-12] (Oracle Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 VBoxGuest; C:\Windows\System32\DRIVERS\VBoxGuest.sys [152288 2015-02-12] (Oracle Corporation)
R3 VBoxMouse; C:\Windows\System32\DRIVERS\VBoxMouse.sys [120840 2015-02-12] (Oracle Corporation)
R1 VBoxSF; C:\Windows\System32\drivers\VBoxSF.sys [294440 2015-02-12] (Oracle Corporation)
R3 VBoxVideo; C:\Windows\System32\DRIVERS\VBoxVideo.sys [145584 2015-02-12] (Oracle Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 23:01 - 2015-04-26 23:02 - 00003834 _____ () C:\Users\g3n-h@ckm@n\Desktop\FRST.txt
2015-04-26 23:01 - 2015-04-26 23:02 - 00000000 ____D () C:\FRST
2015-04-26 23:01 - 2015-04-26 23:01 - 02101248 _____ (Farbar) C:\Users\g3n-h@ckm@n\Desktop\FRST64.exe
2015-04-26 22:59 - 2015-04-07 00:23 - 00000252 _____ () C:\Users\g3n-h@ckm@n\Desktop\FRST64.URL
2015-04-26 22:57 - 2007-04-16 00:00 - 00434176 ___SH (Microsoft Corp.) C:\qsdwx.scr
2015-04-26 22:55 - 2007-04-16 00:00 - 00434176 ___SH (Microsoft Corp.) C:\qsdwx.exe
2015-04-26 22:48 - 2015-04-26 22:48 - 01229867 _____ () C:\Users\g3n-h@ckm@n\Desktop\471ff275a21c9e83123904a2b5f226c8.zip
2015-04-26 22:48 - 2015-04-26 22:48 - 00000000 ____D () C:\Users\g3n-h@ckm@n\Desktop\471ff275a21c9e83123904a2b5f226c8
2015-04-26 22:47 - 2015-04-26 22:48 - 00000000 __SHD () C:\Users\g3n-h@ckm@n\Documents\MSDCSC
2015-04-26 22:47 - 2015-04-26 22:47 - 00000000 ____D () C:\Users\g3n-h@ckm@n\Desktop\211c05ef67e232936579f2d30428bdb8
2015-04-26 22:46 - 2015-04-26 22:46 - 00357597 _____ () C:\Users\g3n-h@ckm@n\Desktop\211c05ef67e232936579f2d30428bdb8.zip
2015-04-26 22:43 - 2015-04-26 22:43 - 00101697 _____ () C:\Users\g3n-h@ckm@n\Desktop\22bfa3e778d154545881e49e77fc08ae.zip
2015-04-26 22:43 - 2015-04-26 22:43 - 00000000 ____D () C:\Users\g3n-h@ckm@n\Desktop\22bfa3e778d154545881e49e77fc08ae
2015-04-26 22:41 - 2015-04-26 23:01 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D7D99AF-FF6F-41E1-97F4-8C02D27DC138}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 22:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 22:58 - 2009-07-14 06:51 - 00022087 _____ () C:\Windows\setupact.log
2015-04-26 22:57 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 22:57 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 22:55 - 2011-04-12 11:16 - 00695004 _____ () C:\Windows\system32\perfh00C.dat
2015-04-26 22:55 - 2011-04-12 11:16 - 00127684 _____ () C:\Windows\system32\perfc00C.dat
2015-04-26 22:55 - 2009-07-14 07:13 - 01524562 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-26 22:43 - 2015-03-02 12:45 - 00000000 ____D () C:\Users\g3n-h@ckm@n\AppData\Local\VirtualStore

Some content of TEMP:
====================
C:\Users\g3n-h@ckm@n\AppData\Local\Temp\winckngqn.exe
C:\Users\g3n-h@ckm@n\AppData\Local\Temp\wineouny.exe
C:\Users\g3n-h@ckm@n\AppData\Local\Temp\winkihm.exe
C:\Users\g3n-h@ckm@n\AppData\Local\Temp\wvlwm.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Publicité


Signaler le contenu de ce document

Publicité