cjoint

Publicité


Publicité

Commentaire : julien

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by camille (administrator) on PC-DE-CAMILLE on 14-07-2015 03:40:45
Running from C:\Users\camille\Desktop
Loaded Profiles: camille & (Available Profiles: camille)
Platform: Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 (X86) OS Language: Français (France)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Akamai Technologies, Inc.) C:\Users\camille\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Akamai Technologies, Inc.) C:\Users\camille\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-02-11] (Synaptics, Inc.)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-22] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM\...\RunServices: [FTRTSVC] => C:\Windows\System32\FTRTSVC.exe [40960 2004-08-23] (France Telecom)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000\...\Run: [Akamai NetSession Interface] => C:\Users\camille\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000\...\Run: [Facebook Update] => C:\Users\camille\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000\...\MountPoints2: {64c941c5-8d60-11df-add2-00238b8b6241} - F:\AutoRunCardDetector.exe
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000\...\MountPoints2: {8f4c06ff-7a0d-11df-b6ec-00238b8b6241} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\lAPEg.ExE
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SNAPMA~1.scr [1016337 2013-11-07] (Jan Kolarik & Ondrej Vaverka)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\camille\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\camille\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {64c941c5-8d60-11df-add2-00238b8b6241} - F:\AutoRunCardDetector.exe
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8f4c06ff-7a0d-11df-b6ec-00238b8b6241} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\lAPEg.ExE
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SNAPMA~1.scr [1016337 2013-11-07] (Jan Kolarik & Ondrej Vaverka)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Akamai NetSession Interface] => C:\Users\camille\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Facebook Update] => C:\Users\camille\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {64c941c5-8d60-11df-add2-00238b8b6241} - F:\AutoRunCardDetector.exe
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {8f4c06ff-7a0d-11df-b6ec-00238b8b6241} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\lAPEg.ExE
HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SNAPMA~1.scr [1016337 2013-11-07] (Jan Kolarik & Ondrej Vaverka)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3645650677-1598793115-3816424904-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-27] (Oracle Corporation)
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-27] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3645650677-1598793115-3816424904-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{244184B7-DEE4-4366-847A-B867B917DD22}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{58B1ADDC-E130-4F75-BE82-FFEC4E0A12D7}: [DhcpNameServer] 62.201.142.100
Tcpip\..\Interfaces\{6B98B880-2058-4203-8207-E70C54C893C4}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{BF3CF8BC-6763-486E-B4DC-31DDCF595E9A}: [DhcpNameServer] 192.168.0.254

FireFox:
========
FF ProfilePath: C:\Users\camille\AppData\Roaming\Mozilla\Firefox\Profiles\12h3ve2t.default-1418843498942
FF SelectedSearchEngine:
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-27] (Oracle Corporation)
FF Plugin: @ma-config.com/HardwareDetection -> C:\Program Files\ma-config.com\nphardwaredetection.dll [2012-10-28] (Cybelsoft)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3645650677-1598793115-3816424904-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\camille\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll No File
FF Plugin HKU\S-1-5-21-3645650677-1598793115-3816424904-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\camille\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKU\S-1-5-21-3645650677-1598793115-3816424904-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\camille\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\camille\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll No File
FF Plugin HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\camille\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\camille\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\camille\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll No File
FF Plugin HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\camille\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKU\S-1-5-21-3645650677-1598793115-3816424904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\camille\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-11-01] (Apple Inc.)
FF SearchPlugin: C:\Users\camille\AppData\Roaming\Mozilla\Firefox\Profiles\12h3ve2t.default-1418843498942\searchplugins\cpasbien.xml [2015-05-25]
FF Extension: Ghostery - C:\Users\camille\AppData\Roaming\Mozilla\Firefox\Profiles\12h3ve2t.default-1418843498942\Extensions\firefox@ghostery.com.xpi [2015-07-14]
FF Extension: Adblock Plus - C:\Users\camille\AppData\Roaming\Mozilla\Firefox\Profiles\12h3ve2t.default-1418843498942\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbknnmebcajacipdbplichlbfjbjamlf] - c:\Facemoi\facemoi_chrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [hfimfliilbabfohebppnfomgjljicpdm] - C:\Program Files\MP3 Rocket\MP3RocketDownloader.crx [2012-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-18] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 maconfservice; C:\Program Files\ma-config.com\maconfservice.exe [312264 2012-10-28] (CybelSoft)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 otshot; C:\program files\otshot\ZalmanUpdateService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [244040 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [296200 2013-08-09] (SafeNet Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-19] (Avira Operations GmbH & Co. KG)
S3 driverhardwarev2; C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [16640 2011-07-21] (CybelSoft)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [608648 2013-08-09] (SafeNet Inc.)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [102784 2009-06-15] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2009-06-15] (Huawei Technologies Co., Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2011-12-19] (Windows (R) Win 7 DDK provider)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181912 2013-02-06] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2008-01-21] (Microsoft Corporation)
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCAMPR4; \??\C:\Windows\system32\PCAMPR4.SYS [X]
S3 PCANDIS4; \??\C:\Windows\system32\PCANDIS4.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U4 wlancfg; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 03:34 - 2015-07-14 03:40 - 00126830 _____ C:\Users\camille\Desktop\Addition.txt
2015-07-14 03:33 - 2015-07-14 03:40 - 00025201 _____ C:\Users\camille\Desktop\FRST.txt
2015-07-14 03:32 - 2015-07-14 03:40 - 00000000 ____D C:\FRST
2015-07-14 03:30 - 2015-07-14 03:30 - 01636864 _____ (Farbar) C:\Users\camille\Desktop\FRST.exe
2015-07-14 02:53 - 2015-07-14 02:53 - 00000802 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-07-14 02:53 - 2015-07-14 02:53 - 00000790 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-07-14 02:53 - 2015-07-14 02:53 - 00000000 ____D C:\Program Files\TeamViewer
2015-07-12 17:45 - 2015-07-12 17:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-12 16:20 - 2015-07-12 16:20 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-12 16:20 - 2015-07-12 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-12 16:20 - 2015-07-12 16:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-12 16:20 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-12 16:20 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-12 16:20 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-12 16:09 - 2015-07-13 21:02 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:05 - 2015-07-12 16:08 - 02248704 _____ C:\Users\camille\Desktop\AdwCleaner-4.208.exe
2015-07-04 01:05 - 2015-07-04 18:50 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 03:41 - 2012-07-05 00:23 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 03:17 - 2012-06-08 19:32 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 03:04 - 2006-11-02 14:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 03:04 - 2006-11-02 14:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 02:33 - 2009-07-27 12:35 - 00086393 _____ C:\Windows\WININIT.INI
2015-07-14 02:28 - 2011-10-19 23:18 - 00001104 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3645650677-1598793115-3816424904-1000UA.job
2015-07-14 02:16 - 2012-05-11 20:32 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-07-14 02:04 - 2009-03-12 17:35 - 01506235 _____ C:\Windows\WindowsUpdate.log
2015-07-13 23:28 - 2011-10-19 23:18 - 00001082 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3645650677-1598793115-3816424904-1000Core.job
2015-07-13 21:05 - 2012-07-05 00:23 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 21:04 - 2008-05-29 10:20 - 00000147 _____ C:\Windows\system32\agent.log
2015-07-13 21:04 - 2006-11-02 14:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 21:03 - 2006-11-02 14:58 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-12 17:30 - 2011-12-20 01:24 - 00405608 _____ C:\Windows\PFRO.log
2015-07-12 17:30 - 2009-07-20 17:56 - 00000000 ____D C:\Users\camille
2015-07-12 16:20 - 2012-05-03 10:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-12 12:35 - 2008-01-21 09:24 - 00006164 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 12:31 - 2013-11-07 19:25 - 00000000 ____D C:\Users\camille\Incomplete
2015-07-12 12:04 - 2012-09-14 20:42 - 00000000 ____D C:\Users\camille\AppData\Roaming\MP3Rocket
2015-07-09 20:18 - 2012-06-08 19:32 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-09 20:18 - 2011-05-13 04:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-07 12:30 - 2013-08-05 02:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-04 18:50 - 2012-05-04 17:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-30 10:27 - 2009-07-20 18:41 - 00000000 ____D C:\Users\camille\AppData\Local\Adobe
2015-06-23 13:27 - 2011-07-10 12:51 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-18 12:38 - 2013-08-05 02:45 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-18 12:38 - 2013-08-05 02:45 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-18 12:38 - 2013-08-05 02:45 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-06-14 19:18 - 2014-08-20 20:05 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-14 19:17 - 2013-08-05 02:45 - 00000000 ____D C:\Program Files\Avira
2015-06-14 19:15 - 2011-12-06 21:01 - 00065664 _____ C:\Windows\setupact.log

==================== Files in the root of some directories =======

2009-07-20 21:26 - 2009-07-20 21:26 - 0278528 _____ () C:\Program Files\Common Files\FDEUnInstaller.exe
2011-12-17 13:53 - 2011-12-17 13:53 - 0000006 _____ () C:\Program Files\Common Files\WPVersion.txt
2013-02-17 20:36 - 2013-02-17 20:36 - 0000272 _____ () C:\Users\camille\AppData\Roaming\.backup.dm
2011-05-01 19:16 - 2011-05-01 19:16 - 0000136 _____ () C:\Users\camille\AppData\Roaming\1.gif
2011-05-01 19:27 - 2011-05-03 17:44 - 0000006 _____ () C:\Users\camille\AppData\Roaming\completescan
2012-06-23 17:21 - 2012-06-23 17:25 - 0005289 _____ () C:\Users\camille\AppData\Roaming\hamster_installer_log.txt
2011-05-01 19:17 - 2011-05-01 19:17 - 0000010 _____ () C:\Users\camille\AppData\Roaming\install
2011-02-24 22:07 - 2011-02-24 22:07 - 0000239 _____ () C:\Users\camille\AppData\Roaming\prefsdb.dat
2010-05-02 23:12 - 2010-05-02 23:12 - 0000016 _____ () C:\Users\camille\AppData\Roaming\qvjsge.dat
2013-03-31 13:29 - 2013-03-31 13:30 - 0000004 _____ () C:\Users\camille\AppData\Roaming\skype.ini
2011-05-01 20:45 - 2011-05-03 20:37 - 0000006 _____ () C:\Users\camille\AppData\Roaming\start
2009-07-20 23:09 - 2009-07-20 23:09 - 0026340 _____ () C:\Users\camille\AppData\Roaming\UserTile.png
2009-07-20 18:08 - 2013-03-16 03:40 - 0000494 _____ () C:\Users\camille\AppData\Roaming\wklnhst.dat
2013-05-05 00:31 - 2013-05-05 00:31 - 0000552 _____ () C:\Users\camille\AppData\Local\d3d8caps.dat
2011-03-23 12:31 - 2013-01-01 21:05 - 0001356 _____ () C:\Users\camille\AppData\Local\d3d9caps.dat
2009-07-20 18:23 - 2015-06-04 23:50 - 0127488 _____ () C:\Users\camille\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-23 17:25 - 2012-06-23 17:25 - 0000393 _____ () C:\Users\camille\AppData\Local\HamsterVideoConverterSettings.cfg
2011-05-26 00:40 - 2011-05-26 00:40 - 0000000 _____ () C:\Users\camille\AppData\Local\{1D011599-97EB-4D36-8495-D2B7876C8D43}
2011-05-30 02:29 - 2011-05-30 02:29 - 0000000 _____ () C:\Users\camille\AppData\Local\{39D7FCE3-B675-422E-A553-4BB2A9DE53AE}
2011-05-31 04:02 - 2011-05-31 04:02 - 0000000 _____ () C:\Users\camille\AppData\Local\{40BF2C7E-2C0B-4F50-B1B3-2A88E1ADCBC0}
2011-05-27 15:30 - 2011-05-27 15:30 - 0000000 _____ () C:\Users\camille\AppData\Local\{818917B4-276C-4D7E-959E-03A771C4B75E}
2011-05-07 11:49 - 2011-05-07 11:49 - 0000000 _____ () C:\Users\camille\AppData\Local\{9423DE6D-95C9-47B5-8D63-7F3F4DEE15FD}
2011-05-31 03:59 - 2011-05-31 03:59 - 0000000 _____ () C:\Users\camille\AppData\Local\{B5476DF5-C450-4F5B-BB90-87330B52C256}
2011-05-07 11:47 - 2011-05-07 11:47 - 0000000 _____ () C:\Users\camille\AppData\Local\{EA163AA7-7DEB-43E9-A029-857B0E212AC7}
2010-01-09 06:06 - 2010-01-09 06:06 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\camille\AppData\Roaming\skype.ini


Some files in TEMP:
====================
C:\Users\camille\AppData\Local\Temp\7z920.exe
C:\Users\camille\AppData\Local\Temp\AdbeRdr11010_en_US.exe
C:\Users\camille\AppData\Local\Temp\ApnStub.exe
C:\Users\camille\AppData\Local\Temp\AskSLib.dll
C:\Users\camille\AppData\Local\Temp\avgnt.exe
C:\Users\camille\AppData\Local\Temp\BearShare_setup.exe
C:\Users\camille\AppData\Local\Temp\GenericUninstall.exe
C:\Users\camille\AppData\Local\Temp\Installhelper.dll
C:\Users\camille\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\camille\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\camille\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\camille\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\camille\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\camille\AppData\Local\Temp\kis_setup.exe
C:\Users\camille\AppData\Local\Temp\LollipopInstaller_somoto_14693.exe
C:\Users\camille\AppData\Local\Temp\MsgPlusUninstall.exe
C:\Users\camille\AppData\Local\Temp\Nokia_PC_Suite_fre.exe
C:\Users\camille\AppData\Local\Temp\OB.exe
C:\Users\camille\AppData\Local\Temp\propsys.dll
C:\Users\camille\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\camille\AppData\Local\Temp\TsuA3EAC5E2.dll
C:\Users\camille\AppData\Local\Temp\uninst1.exe
C:\Users\camille\AppData\Local\Temp\WSSetup.exe
C:\Users\camille\AppData\Local\Temp\{E24A24C9-5170-4E06-9CF1-DBBE2BE2BE8D}-GoogleUpdateSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 21:12

==================== End of log ============================

Publicité


Signaler le contenu de ce document

Publicité