cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by g3n-h@ckm@n (administrator) on G3N-HCKMN-PC on 07-04-2015 00:26:01
Running from C:\Users\g3n-h@ckm@n\Desktop
Loaded Profiles: g3n-h@ckm@n (Available profiles: g3n-h@ckm@n)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Oracle Corporation) C:\Windows\System32\VBoxService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Windows\System32\VBoxTray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VBoxTray] => C:\Windows\system32\VBoxTray.exe [1537608 2015-02-12] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2345046614-25744674-3356666314-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-fr/?ocid=iehp
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = https://www.google.com/
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = https://www.google.com/
HKU\S-1-5-21-2345046614-25744674-3356666314-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2345046614-25744674-3356666314-1000 -> DefaultScope {FDEEE5E6-3119-4FD9-AF70-FB0A714DE55A} URL = https://www.google.com/
SearchScopes: HKU\S-1-5-21-2345046614-25744674-3356666314-1000 -> {FDEEE5E6-3119-4FD9-AF70-FB0A714DE55A} URL = https://www.google.com/
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 VBoxService; C:\Windows\System32\VBoxService.exe [1778616 2015-02-12] (Oracle Corporation)
S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 VBoxGuest; C:\Windows\System32\DRIVERS\VBoxGuest.sys [152288 2015-02-12] (Oracle Corporation)
R3 VBoxMouse; C:\Windows\System32\DRIVERS\VBoxMouse.sys [120840 2015-02-12] (Oracle Corporation)
R1 VBoxSF; C:\Windows\System32\drivers\VBoxSF.sys [294440 2015-02-12] (Oracle Corporation)
R3 VBoxVideo; C:\Windows\System32\DRIVERS\VBoxVideo.sys [145584 2015-02-12] (Oracle Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 00:26 - 2015-04-07 00:26 - 00004404 _____ () C:\Users\g3n-h@ckm@n\Desktop\FRST.txt
2015-04-07 00:25 - 2015-04-07 00:26 - 00000000 ____D () C:\FRST
2015-04-07 00:25 - 2015-04-07 00:25 - 02095616 _____ (Farbar) C:\Users\g3n-h@ckm@n\Desktop\FRST64.exe
2015-04-07 00:10 - 2015-04-07 00:10 - 00017670 _____ () C:\Users\g3n-h@ckm@n\Desktop\AdsFix_07_04_2015_00_10_09.txt
2015-04-06 22:24 - 2015-04-07 00:10 - 00017670 _____ () C:\AdsFix_07_04_2015_00_10_09.txt
2015-04-06 22:24 - 2015-04-06 22:24 - 00001154 _____ () C:\Users\g3n-h@ckm@n\Desktop\AdsFix_Donate.lnk
2015-04-06 22:23 - 2015-04-07 00:10 - 00000000 ____D () C:\AdsFix
2015-04-06 22:22 - 2015-04-06 22:22 - 02452480 _____ (SosVirus) C:\Users\g3n-h@ckm@n\Desktop\AdsFix.exe
2015-04-06 10:07 - 2015-04-06 10:07 - 00010362 _____ () C:\Users\g3n-h@ckm@n\Desktop\RKreport_DEL_04062015_100706.log
2015-04-06 10:00 - 2015-04-06 10:10 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-06 10:00 - 2015-04-06 10:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-06 09:58 - 2015-04-06 09:58 - 20436568 _____ () C:\Users\g3n-h@ckm@n\Desktop\RogueKillerX64.exe
2015-04-06 01:04 - 2015-04-06 01:07 - 00000000 ____D () C:\AdwCleaner
2015-04-06 01:03 - 2015-04-06 01:03 - 02208768 _____ () C:\Users\g3n-h@ckm@n\Desktop\adwcleaner_4.200.exe
2015-04-06 01:01 - 2015-04-06 01:01 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-06 01:01 - 2015-04-06 01:01 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-06 01:00 - 2015-04-06 01:01 - 00000000 ____D () C:\Users\g3n-h@ckm@n\Desktop\7db323a921ecb161c7becb8f88347456
2015-04-06 01:00 - 2015-04-06 01:00 - 00131193 _____ () C:\Users\g3n-h@ckm@n\Desktop\7db323a921ecb161c7becb8f88347456.zip
2015-04-06 01:00 - 2015-04-06 01:00 - 00000000 ____D () C:\Users\g3n-h@ckm@n\AppData\Local\Google
2015-04-06 00:59 - 2015-04-06 00:59 - 00000000 ____D () C:\Users\g3n-h@ckm@n\Desktop\49d8240a31f4a1c27c959272cf7dedb2
2015-04-06 00:58 - 2015-04-06 00:58 - 00168488 _____ () C:\Users\g3n-h@ckm@n\Desktop\49d8240a31f4a1c27c959272cf7dedb2.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 00:24 - 2015-03-02 12:44 - 01116360 _____ () C:\Windows\WindowsUpdate.log
2015-04-07 00:15 - 2011-04-12 11:16 - 00695004 _____ () C:\Windows\system32\perfh00C.dat
2015-04-07 00:15 - 2011-04-12 11:16 - 00127684 _____ () C:\Windows\system32\perfc00C.dat
2015-04-07 00:15 - 2009-07-14 07:13 - 01524562 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-07 00:10 - 2011-04-12 11:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-07 00:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-07 00:10 - 2009-07-14 06:51 - 00022087 _____ () C:\Windows\setupact.log
2015-04-07 00:10 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 00:10 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-06 11:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-06 10:08 - 2010-11-21 05:47 - 00005856 _____ () C:\Windows\PFRO.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-06 11:03

==================== End Of Log ============================

Publicité


Signaler le contenu de ce document

Publicité