cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by SANS at 2015-05-10 20:10:03
Running from C:\Users\SANS\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrateur (S-1-5-21-124460436-388412118-2226886812-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-124460436-388412118-2226886812-1002 - Limited - Enabled)
Invité (S-1-5-21-124460436-388412118-2226886812-501 - Limited - Disabled)
SANS (S-1-5-21-124460436-388412118-2226886812-1000 - Administrator - Enabled) => C:\Users\SANS

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{F7F1A2DA-481A-1B41-8959-4B224C6B20B6}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
calibre 64bit (HKLM\...\{DD84AFA7-867C-428A-8FA4-59A98AB60A1F}) (Version: 2.7.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Étude pour l'amélioration du produit HP Deskjet 2540 series (HKLM\...\{B01F43B5-AD90-417C-BDF8-4E5A96530476}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glary Utilities 5.8 (HKLM-x32\...\Glary Utilities 5) (Version: 5.8.0.15 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
HP Deskjet 2540 series Aide (HKLM-x32\...\{2FAD0F16-4309-4D22-AE73-F4CCA737D013}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Webcam HD 2300 Software (HKLM-x32\...\{74E6771A-47B5-433E-A96F-15E29F70F920}) (Version: 1.00.0000 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
INFORAD MANAGER 3.9 (HKLM-x32\...\INFORAD MANAGER 3.9_is1) (Version: - )
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 9.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Logiciel de base du périphérique HP Deskjet 2540 series (HKLM\...\{3330B490-86DE-4E57-AE3A-14AECC0ACC52}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office XP Professional avec FrontPage (HKLM-x32\...\{9028040C-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM-x32\...\{64D114CE-4234-45C2-B60A-2B07D5A48F72}) (Version: 07.02.0000 - Microsoft Corporation)
Module de compatibilité pour Microsoft Office System 2007 (HKLM-x32\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Moveslink2 (HKU\S-1-5-21-124460436-388412118-2226886812-1000\...\09caaf8ee8bfbd57) (Version: 1.3.17.5501 - Suunto)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NETGEAR WNA3100M N300 Wireless USB Adapter (HKLM-x32\...\{D3580358-0F78-402A-BE53-2E9D06383E04}) (Version: 1.0.0.17 - NETGEAR)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoFiltre 7 (HKU\S-1-5-21-124460436-388412118-2226886812-1000\...\PhotoFiltre 7) (Version: - )
Photorécit 3 pour Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Renault Media Nav Toolbox (HKLM-x32\...\Renault Media Nav Toolbox) (Version: 3.18.4.502485 - NNG Llc.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SONY Photosizetool (HKLM-x32\...\{05920D61-7B23-47ED-A3F5-6B1936A95AE0}) (Version: 1.0.2.1 - Colorplaza SA)
TKexe (HKLM-x32\...\Kalender) (Version: - )
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visionneuse Microsoft PowerPoint (HKLM-x32\...\{95140000-00AF-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

10-05-2015 08:44:31 Windows Update
10-05-2015 08:55:05 Opération de restauration
10-05-2015 10:15:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {009D29E4-3A2B-41D3-BB0B-8B28E64F2E60} - System32\Tasks\{ADFCC971-86E9-4AC6-B56E-1ABFA30C4858} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag"
Task: {09A4E2DF-0B80-45BE-862B-3D7921E27562} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {11A6B0C4-29AF-4F90-899B-666B359B6EE8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-02] (Google Inc.)
Task: {16D56A01-49F7-4BFB-93C6-6C85F04158D6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1D99B82E-4DE3-4787-9BFC-E6B33FFB3C5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-02] (Google Inc.)
Task: {2FFC2634-6C3B-41C9-B50C-EB7ECFE242D2} - System32\Tasks\{465C2CF8-C0D4-4B34-A06E-55F2F4248C29} => Chrome.exe
Task: {36E7BB9B-D239-4386-9475-6DE71D8FAF71} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-09-15] (Glarysoft Ltd)
Task: {4AFA8ABE-1F58-420B-9A29-C5E795671091} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: {691DA193-F11C-4E15-BD8B-0CEC78F5D993} - System32\Tasks\{29F5F106-F367-40A9-ACA7-B24C301EAD2B} => C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
Task: {6CA792B1-8BE1-49ED-9B98-7AFB32306495} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {7CCDF008-40A1-4C26-BD0E-6643182748F2} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {81A00F14-5A46-4AEA-9D7D-F37E396A16A5} - System32\Tasks\{A4FE6248-3C48-4864-94EE-29D49DE1611D} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag\ZHPFix"
Task: {8784E90D-9403-400D-9A46-768E3289A0C3} - System32\Tasks\{3EE4C61C-DF9D-4A09-BBA6-1AD333FAEE71} => Chrome.exe
Task: {89905649-F9C2-4443-968D-33A4E2C9316C} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: {977EED4E-0425-4739-9CA7-CDB4B81B1157} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {ADC2CC15-4409-45E3-9B4A-CDA91B402852} - System32\Tasks\{E34970D3-13D3-4B0F-9C15-437934D4E567} => C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe [2012-05-02] ()
Task: {B89552C1-51B5-4B1E-A1CB-89C1C6F96809} - System32\Tasks\{7583D91B-E124-4B53-96A3-2525F4EF70A3} => C:\Program Files (x86)\ArcSoft\PhotoImpression 4\PhotoImpression.exe [2003-01-07] (ArcSoft)
Task: {B89B5F7E-FE2A-4429-B517-5DAA1ADE7F9D} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-09-15] (Glarysoft Ltd)
Task: {BE1FC1C2-724A-418A-A631-E8FDCB92BAD6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {C4E8C807-BED7-40A3-B02F-851C45678BE1} - System32\Tasks\{37C926AD-6185-4DC0-9293-285CE7251C5D} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\unins000.exe"
Task: {C87828C4-6B73-4BE0-850A-C7D42835590B} - System32\Tasks\{64F64042-3EE6-4A9B-87A9-2F219A5BE966} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag\ZHPFix"
Task: {D6B90C70-FEB1-4090-8126-7439279CEAA6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {E4105C8F-077C-4365-9365-3568A0FD2EA8} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {E9685C78-0A28-4A20-B8DF-FBCC5B5988F0} - System32\Tasks\{57071C0D-01C2-3345-927B-5D76560C0B73} => C:\Users\SANS\AppData\Roaming\azureus\active\qiqpmgd.exe
Task: {ED1E8646-E2C3-43F9-B4B5-254473806DDF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F496671F-BF30-49FA-996C-CC780B454C48} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD1463EC-1528-48FB-ABF4-5D52E16F89DD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-24 21:05 - 2012-02-17 21:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-06-15 15:14 - 2012-02-24 10:31 - 00307456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
2014-06-15 15:14 - 2012-04-18 13:20 - 00413696 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiLib.dll
2015-04-30 19:19 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 19:19 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2014-09-15 09:45 - 2014-09-15 09:45 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-04-30 19:19 - 2015-04-28 04:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-124460436-388412118-2226886812-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SANS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: Moveslink2 => C:\Users\SANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
MSCONFIG\startupreg: SSC Service Utility => C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe /s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{159B23AA-C867-429B-A199-76938DC270A3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F4A833E3-CF98-4E9C-A7E6-1EF4B4354DDE}] => (Allow) LPort=2869
FirewallRules: [{D777716E-CF5C-4860-A06C-BC0FA25DEBA0}] => (Allow) LPort=1900
FirewallRules: [{93AFC773-B091-4BA9-9B01-829BBE7B3012}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B8F9DC29-B7A0-41D2-A1FF-00A1738ED1FA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{60B7A5A0-AF30-48F6-8806-3452D764BA08}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{09207B01-BD4C-4A63-ACB0-26633EF418D3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{40253422-1961-4AA7-851D-2FBF2884F681}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B2169489-0CF6-4EA6-B2D6-0E82130A5A8C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{94178254-1C33-4009-A193-D4E43E2D011B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{089727B9-D342-458B-83EE-AA2D021073EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D20B535C-4C4E-4561-BAE5-FC17A6811E9B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{081DDCBE-8EC7-4F7C-8531-8165DB0695A9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9B0F8DBB-743B-48D8-A2F4-24E584769A2F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{58F20E34-146D-4E76-8B38-93999760F2A4}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{69CB5378-6F8F-40A5-9A9A-80FC997E4C67}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{AA221EC3-ACE3-4A23-8366-C0E5966CA72B}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{74CDCBA9-572C-4230-BD42-219004A5750A}] => (Allow) LPort=5357
FirewallRules: [{B22EF29C-C5B4-48C7-8EB3-35619C6823BD}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{54D6066C-CC30-42CC-BF3B-1E8F1FCBD180}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8C02A53B-327B-4ED7-BA35-DE089B196D88}C:\users\sans\downloads\ffinstonline.exe] => (Block) C:\users\sans\downloads\ffinstonline.exe
FirewallRules: [UDP Query User{5276A503-8F77-4341-8DC7-E87B277D329D}C:\users\sans\downloads\ffinstonline.exe] => (Block) C:\users\sans\downloads\ffinstonline.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2015 07:57:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2015 10:05:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2015 08:30:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2015 01:58:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme DllHost.exe version 6.1.7600.16385 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : 3638

Heure de début : 01d08a4ea0adf51f

Heure de fin : 203

Chemin d’accès de l’application : C:\Windows\system32\DllHost.exe

ID de rapport : b7f581b2-f642-11e4-8c58-eca86ba2e472

Error: (05/09/2015 09:52:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2015 08:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2015 06:27:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2015 10:35:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1 ». Erreur dans le fichier de manifeste ou de stratégie « C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2 » à la ligne C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
Les composants en conflit sont :
Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant 2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/05/2015 06:38:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2015 06:38:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/10/2015 07:54:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service WSWNA3100M n’a pas pu démarrer en raison de l’erreur :
%%1053

Error: (05/10/2015 07:54:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service WSWNA3100M.

Error: (05/10/2015 07:54:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN s’est arrêté de façon inattendue.

Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll

Error: (05/10/2015 07:54:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN s’est arrêté de façon inattendue.

Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll

Error: (05/10/2015 07:54:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Adobe Acrobat Update Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (05/10/2015 07:54:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Service Partage réseau du Lecteur Windows Media s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (05/10/2015 07:54:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (05/10/2015 07:54:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service WSWNA3100M s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 5000 millisecondes : Redémarrer le service.

Error: (05/10/2015 07:54:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service MBAMService s’est terminé de façon inattendue pour la 1ème fois.

Error: (05/10/2015 07:54:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service MBAMScheduler s’est terminé de façon inattendue pour la 1ème fois.


Microsoft Office Sessions:
=========================
Error: (05/10/2015 07:57:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2015 10:05:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2015 08:30:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2015 01:58:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DllHost.exe6.1.7600.16385363801d08a4ea0adf51f203C:\Windows\system32\DllHost.exeb7f581b2-f642-11e4-8c58-eca86ba2e472

Error: (05/09/2015 09:52:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2015 08:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2015 06:27:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2015 10:35:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestD:\raccourcis\factory.exe

Error: (05/05/2015 06:38:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2015 06:38:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2014-04-27 10:15:21.213
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2014-04-27 10:14:45.934
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2013-06-15 13:27:57.046
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Users\SANS\AppData\Local\Temp\mbr.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-06-15 13:27:56.836
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Users\SANS\AppData\Local\Temp\mbr.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-06-14 19:05:56.208
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Users\SANS\AppData\Local\Temp\mbr.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-06-14 19:05:56.010
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Users\SANS\AppData\Local\Temp\mbr.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-01-11 06:38:37.212
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-01-11 06:38:37.150
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-01-10 06:40:44.371
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-01-10 06:40:44.293
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.


==================== Memory info ===========================

Processor: AMD E-350 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 45%
Total physical RAM: 3576.26 MB
Available physical RAM: 1944.91 MB
Total Pagefile: 7150.71 MB
Available Pagefile: 4330.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:454.95 GB) (Free:384.37 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.46 GB) (Free:439.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F29C4EDB)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Publicité


Signaler le contenu de ce document

Publicité