cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by marie (administrator) on MARIE-PC on 16-06-2015 16:07:14
Running from C:\Users\marie\Desktop
Loaded Profiles: marie (Available Profiles: marie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
() C:\Windows\Installer\{00752825-A7FB-EE18-4629-95F325D19A0D}\syshost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
() C:\ProgramData\{e113485b-6f52-034a-e113-3485b6f5216d}\El Viento Manu Chao.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(France Telecom SA) C:\Program Files (x86)\CardDetector\HUAWEI160\CardDetector.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM-x32\...\Run: [CardDetectorHUAWEI160] => C:\Program Files (x86)\CardDetector\HUAWEI160\CardDetector.exe [270336 2008-08-05] (France Telecom SA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DeviceClient] => [X]
HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\...\Run: [WindApp] => "C:\Users\marie\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\...\Run: [Selection Tools] => "C:\Users\marie\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\...\Run: [GoogleChromeAutoLaunch_F574411A75D6388BE1E38FFAAA995135] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-03-04] (Crossbrowse)
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\...\MountPoints2: {c11a2dc8-d14b-11e4-b5ca-68a3c4a26c95} - F:\LGAutoRun.exe
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\...\MountPoints2: {ce5a25f1-9b09-11e3-b21d-b870f4b63c64} - F:\Startme.exe
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\...\MountPoints2: {df6b634c-3542-11e4-b5fd-68a3c4a26c95} - F:\Startme.exe
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\...\MountPoints2: {e0047737-b29f-11e3-859f-68a3c4a26c95} - F:\AutoRunCardDetector.exe
Startup: C:\Users\marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\El Viento Manu Chao.lnk [2015-04-30]
ShortcutTarget: El Viento Manu Chao.lnk -> C:\ProgramData\{e113485b-6f52-034a-e113-3485b6f5216d}\El Viento Manu Chao.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3029558862-492339097-4002458702-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1426536159&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1426536159&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1426536258&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1426536258&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1426536159&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1426536159&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW&q={searchTerms}
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dspp&ts=1426536258&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW&q={searchTerms}
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1426536258&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW
HKU\S-1-5-21-3029558862-492339097-4002458702-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dspp&ts=1426536258&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3029558862-492339097-4002458702-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3029558862-492339097-4002458702-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW&ts=1426536273&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3029558862-492339097-4002458702-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3029558862-492339097-4002458702-1000 -> {FF52B570-C338-41CC-9103-38109D7B0383} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW&ts=1426536273&type=default&q={searchTerms}
Toolbar: HKU\S-1-5-21-3029558862-492339097-4002458702-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1426536159&from=tugs&uid=ST9500325AS_S2W23AHWXXXXS2W23AHW

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3029558862-492339097-4002458702-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-22] (Sony Network Entertainment International LLC)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\marie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (QR Code Maker and Decoder) - C:\Users\marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkkpjnnhmokcnfdllcgldppopnneooi [2015-06-11]
CHR Extension: (Avira Browser Safety) - C:\Users\marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-09]
CHR Extension: (WWhhitaeCouponn) - C:\Users\marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgaaoibgnppcgladpafeadgleoalmeh [2015-06-11]
CHR Extension: (Google Wallet) - C:\Users\marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Locked "f5b0ea6d5011c139" service could not be unlocked. <===== ATTENTION

R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [867712 2011-01-05] (Acer Incorporated)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-01] (WildTangent)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [39528 2011-01-18] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
R2 syshost32; C:\Windows\Installer\{00752825-A7FB-EE18-4629-95F325D19A0D}\syshost.exe [85504 2014-08-14] () [File not signed]
U4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-23] (AVAST Software)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-21] () [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
R3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-07-04] () [File not signed]
R0 Compbatt; C:\Windows\System32\drivers\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-21] () [File not signed]
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-21] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983488 2013-08-01] () [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] () [File not signed]
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] () [File not signed]
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [135560 2010-04-13] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
U5 f5b0ea6d5011c139; C:\Windows\System32\Drivers\f5b0ea6d5011c139.sys [41424 2014-08-14] () <===== ATTENTION Necurs Rootkit?
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] () [File not signed]
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] () [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-21] () [File not signed]
R3 HECIx64; C:\Windows\system32\drivers\HECIx64.sys [56344 2009-09-17] () [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] () [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-21] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-21] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] () [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] () [File not signed]
R0 iaStor; C:\Windows\System32\drivers\iaStor.sys [540696 2010-04-13] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-07-14] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10603904 2010-07-20] () [File not signed]
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] () [File not signed]
R3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-27] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2399848 2010-06-22] () [File not signed]
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [287232 2010-06-21] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-21] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-04] () [File not signed]
R3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [384040 2010-05-15] () [File not signed]
R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [50768 2009-07-14] () [File not signed]
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [33280 2010-11-21] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2014-04-12] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155072 2014-04-12] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\46CD7FA5.sys [136408 2015-06-16] (Malwarebytes Corporation)
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-07-14] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-07-14] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-21] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] ()
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2009-05-06] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-07-14] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-07-14] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55856 2010-03-19] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [243712 2010-09-22] () [File not signed]
R3 rtl8192se; C:\Windows\System32\DRIVERS\rtl8192se.sys [1108000 2010-05-21] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-07-14] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-07-14] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-07-14] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-21] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () [File not signed]
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [16896 2009-05-06] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [File not signed]
R3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-07-14] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows (R) Win 7 DDK provider)
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] () [File not signed]
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
U5 f5b0ea6d5011c139; <===== ATTENTION Locked Service

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 16:07 - 2015-06-16 16:07 - 00036080 _____ C:\Users\marie\Desktop\FRST.txt
2015-06-16 16:02 - 2015-06-16 16:07 - 00000000 ____D C:\FRST
2015-06-16 16:02 - 2015-06-16 16:02 - 02109952 _____ (Farbar) C:\Users\marie\Desktop\FRST64.exe
2015-06-16 15:40 - 2015-06-16 15:40 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\46CD7FA5.sys
2015-06-16 15:38 - 2015-06-16 15:38 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\marie\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-16 14:42 - 2015-06-16 14:42 - 00000000 _____ C:\autoexec.bat
2015-06-16 14:23 - 2015-06-16 15:46 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-06-16 14:22 - 2015-06-16 14:22 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\marie\Downloads\SpyHunter-Installer.exe
2015-06-16 14:03 - 2015-06-16 14:03 - 00347816 _____ (Microsoft Corporation) C:\Users\marie\Downloads\MicrosoftFixit.Devices.Run.exe
2015-06-16 13:10 - 2015-06-16 13:10 - 00002345 _____ C:\Users\marie\Desktop\Lanceur d'applications Google Chrome.lnk
2015-06-16 13:10 - 2015-06-16 13:10 - 00000000 ____D C:\Users\marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-16 13:05 - 2015-06-16 14:04 - 00006322 _____ C:\Windows\WindowsUpdate.log
2015-06-16 13:01 - 2015-06-16 15:46 - 00000280 _____ C:\Windows\setupact.log
2015-06-16 13:01 - 2015-06-16 13:01 - 00066072 _____ C:\Users\marie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 13:01 - 2015-06-16 13:01 - 00000000 _____ C:\Windows\setuperr.log
2015-06-16 13:00 - 2015-06-16 15:46 - 00000714 _____ C:\Windows\PFRO.log
2015-06-16 13:00 - 2015-06-16 13:01 - 00306240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 12:56 - 2015-06-16 12:56 - 00000000 ____D C:\ProgramData\3888032800003f92
2015-06-15 20:24 - 2015-06-15 20:33 - 00000000 ____D C:\Users\marie\Desktop\a vendre
2015-06-13 14:44 - 2015-06-13 14:44 - 00000000 ____D C:\Windows\pss
2015-06-13 14:41 - 2015-06-13 14:41 - 00000000 ____D C:\OETemp
2015-06-13 14:28 - 2015-06-13 14:28 - 00021504 ___SH C:\Users\marie\Downloads\Thumbs.db
2015-06-13 11:08 - 2015-06-13 11:08 - 00000000 ___HD C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
2015-06-11 16:45 - 2015-06-15 22:58 - 00000000 ____D C:\Users\marie\Desktop\maria
2015-06-11 12:38 - 2015-06-16 12:38 - 00000354 _____ C:\Windows\Tasks\WeddingWiz.job
2015-06-11 12:38 - 2015-06-11 18:38 - 00000000 ____D C:\ProgramData\{ca9d1145-aede-6a9f-ca9d-d1145aed4516}
2015-06-11 12:38 - 2015-06-11 12:38 - 00004096 _____ C:\Windows\SysWOW64\ntwdblib.dll
2015-06-11 12:38 - 2015-06-11 12:38 - 00003266 _____ C:\Windows\System32\Tasks\WeddingWiz
2015-06-07 20:02 - 2015-06-11 12:39 - 00000000 ____D C:\Program Files (x86)\500Caoupons
2015-06-07 20:02 - 2015-06-07 20:02 - 00000000 ____D C:\Program Files (x86)\Radioplayer
2015-06-07 20:02 - 2015-06-07 20:02 - 00000000 ____D C:\Program Files (x86)\50Couponse
2015-06-03 11:59 - 2015-06-03 11:59 - 00000975 _____ C:\Users\marie\Desktop\AVI Player.lnk
2015-06-03 11:59 - 2015-06-03 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVI Player
2015-06-03 11:59 - 2015-06-03 11:59 - 00000000 ____D C:\Program Files (x86)\AVI Player
2015-06-03 11:45 - 2015-06-16 15:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\453E5479.sys
2015-06-03 11:45 - 2015-06-03 11:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7D865438.sys
2015-06-03 11:42 - 2015-04-14 09:37 - 00107736 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-03 11:42 - 2015-04-14 09:37 - 00063704 _____ C:\Windows\system32\Drivers\mwac.sys
2015-06-03 10:49 - 2015-06-03 11:50 - 00000165 _____ C:\Windows\Reimage.ini
2015-06-03 10:11 - 2015-06-03 15:58 - 00000000 ____D C:\Users\marie\Desktop\cam exter
2015-06-03 09:13 - 2015-06-03 09:13 - 00000000 ____D C:\Program Files (x86)\IMG inspector
2015-06-02 23:09 - 2015-06-02 23:09 - 00000000 ____D C:\Users\marie\AppData\Roaming\WebcamMax
2015-06-02 23:08 - 2015-06-02 23:14 - 00000000 ____D C:\Users\marie\AppData\Local\Chromium
2015-06-02 23:08 - 2015-06-02 23:08 - 00003268 _____ C:\Windows\System32\Tasks\Chromium
2015-06-02 23:08 - 2015-06-02 23:08 - 00000328 _____ C:\Windows\Tasks\Chromium.job
2015-06-02 22:27 - 2015-06-02 22:27 - 00000818 _____ C:\Users\marie\Desktop\XXCAMERA.lnk
2015-06-02 22:27 - 2015-06-02 22:27 - 00000000 ____D C:\Users\marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeviceClient
2015-06-02 22:15 - 2012-11-21 06:50 - 01859584 _____ (object) C:\Users\marie\Desktop\search Tool.exe
2015-06-02 22:02 - 2015-06-16 13:10 - 00000024 _____ C:\Users\marie\AppData\Roaming\appdataFr25.bin
2015-06-02 14:27 - 2015-06-15 23:06 - 00000000 ____D C:\Users\marie\AppData\Roaming\vlc
2015-06-02 14:26 - 2015-06-02 14:26 - 00001078 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-06-02 14:26 - 2015-06-02 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-06-02 14:26 - 2015-06-02 14:26 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-06-02 13:09 - 2015-06-02 23:42 - 00000000 ____D C:\Inetpub
2015-06-02 13:09 - 2015-06-02 13:48 - 00000000 ____D C:\rec
2015-06-02 13:08 - 2015-06-03 09:02 - 00000000 ____D C:\Program Files (x86)\DeviceClient
2015-06-02 13:08 - 2015-06-02 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeviceClient
2015-05-26 17:20 - 2015-05-26 17:20 - 00000000 ____D C:\Users\marie\AppData\Local\{5B861858-8DFB-4995-856E-9B8FDEEB2E99}
2015-05-25 18:44 - 2015-05-25 18:44 - 00000000 ____D C:\Users\marie\AppData\Local\{4AEB7FC4-C495-4727-A6DD-4376319A16FD}
2015-05-21 20:44 - 2015-05-21 20:44 - 00000000 ____D C:\Users\marie\AppData\Local\{5EB1B199-60D6-48B6-BC33-1F4CB8DB6D2C}
2015-05-19 15:01 - 2015-05-19 15:01 - 00132120 _____ C:\Windows\system32\Drivers\avipbb.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 16:03 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-16 16:03 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-16 15:54 - 2014-02-12 19:42 - 01250304 ___SH C:\Users\marie\Desktop\Thumbs.db
2015-06-16 15:46 - 2015-03-16 22:18 - 00001056 _____ C:\Windows\Tasks\Crossbrowse.job
2015-06-16 15:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-16 14:41 - 2013-03-07 18:30 - 00000000 ____D C:\Users\marie
2015-06-16 13:13 - 2013-03-08 23:49 - 00000000 ____D C:\Users\marie\AppData\Local\CrashDumps
2015-06-16 12:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-16 11:30 - 2015-04-30 11:24 - 00000352 _____ C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-06-15 22:47 - 2014-05-31 15:10 - 00000000 ____D C:\Users\marie\Desktop\video 2014
2015-06-13 14:41 - 2014-03-13 18:21 - 00000000 ____D C:\ProgramData\Avira
2015-06-11 14:22 - 2013-03-08 02:28 - 00747904 _____ C:\Windows\system32\perfh00C.dat
2015-06-11 14:22 - 2013-03-08 02:28 - 00150396 _____ C:\Windows\system32\perfc00C.dat
2015-06-11 14:22 - 2009-07-14 07:13 - 01669628 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 12:40 - 2015-05-14 23:23 - 00000000 ____D C:\Program Files (x86)\SystemContinue
2015-06-11 12:39 - 2015-05-15 12:16 - 00000000 ____D C:\ProgramData\18148262431867286175
2015-06-09 18:35 - 2013-03-07 22:10 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-08 18:35 - 2014-03-29 03:13 - 00028672 ___SH C:\Users\marie\Documents\Thumbs.db
2015-05-22 00:19 - 2013-03-07 22:14 - 00000000 ____D C:\Program Files\Google

==================== Files in the root of some directories =======

2015-06-02 22:02 - 2015-06-16 13:10 - 0000024 _____ () C:\Users\marie\AppData\Roaming\appdataFr25.bin
2015-03-16 22:10 - 2015-03-16 22:11 - 0001309 _____ () C:\Users\marie\AppData\Roaming\Bubble Dock.boostrap.log
2013-03-07 19:09 - 2015-03-16 22:11 - 0021390 _____ () C:\Users\marie\AppData\Roaming\Bubble Dock.installation.log
2015-03-16 22:11 - 2015-03-16 22:11 - 0000078 _____ () C:\Users\marie\AppData\Roaming\Selection Tools.installation.log
2015-03-16 22:05 - 2015-03-16 22:05 - 2035200 _____ (ObjectB) C:\Users\marie\AppData\Roaming\VWRA.exe
2015-03-16 22:10 - 2015-03-16 22:10 - 0000097 _____ () C:\Users\marie\AppData\Roaming\WindApp.boostrap.log
2015-03-16 22:11 - 2015-03-16 22:11 - 0000078 _____ () C:\Users\marie\AppData\Roaming\WindApp.installation.log
2015-05-15 15:19 - 2015-05-15 15:19 - 0000000 _____ () C:\Users\marie\AppData\Local\Temp.dat

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.12508.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 05:23] - [2010-11-21 05:23] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-06-13 00:52

==================== End of log ============================

Publicité


Signaler le contenu de ce document

Publicité