cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2015 01
Ran by manon (administrator) on DANY on 20-07-2015 00:20:58
Running from C:\Users\manon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1VECFGS
Loaded Profiles: manon (Available Profiles: manon)
Platform: Microsoft Windows 8 Professionnel N (X86) OS Language: Français (France)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\80824C73-1433788722-DF11-B3BC-958429BE7C90\knsw635D.tmp
() C:\Program Files\80824C73-1433788722-DF11-B3BC-958429BE7C90\knsh63EA.tmp
() C:\Program Files\Stout Maintenance\Stout Maintenance.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(DTools LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Users\manon\AppData\Local\gmsd_be_009010035\upgmsd_be_009010035.exe
() C:\Program Files\gmsd_be_009010035\gmsd_be_009010035.exe
(WS) C:\Program Files\WordShark_1.10.0.19\Service\wssvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SoftBrain Technologies Ltd.) C:\Users\manon\AppData\Local\SmartWeb\SmartWebHelper.exe
(SoftBrain Technologies Ltd.) C:\Users\manon\AppData\Local\SmartWeb\SmartWebApp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Crossbrowse) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(XTab system) C:\Program Files\MiuiTab\ProtectService.exe
(SearchProtect) C:\Program Files\MiuiTab\CmdShell.exe
() C:\Users\manon\AppData\Local\gmsd_be_005010035\upgmsd_be_005010035.exe
() C:\Program Files\gmsd_be_005010035\gmsd_be_005010035.exe
(Cinema PlusV19.07) C:\Program Files\CinemaPlus-3.2cV19.07\40cf77b1-b211-435f-926e-137684f7b5ce-10.exe
(Cinema PlusV19.07) C:\Program Files\CinemaPlus-3.2cV19.07\40cf77b1-b211-435f-926e-137684f7b5ce-6.exe
(Cinema PlusV19.07) C:\Program Files\CinemaPlus-3.2cV19.07\40cf77b1-b211-435f-926e-137684f7b5ce-1-6.exe
(XTab system) C:\Program Files\MiuiTab\HPNotify.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mbot_be_92] => [X]
HKLM\...\Run: [gmsd_be_236] => [X]
HKLM\...\Run: [gmsd_be_005010025] => [X]
HKLM\...\Run: [gmsd_be_005010026] => [X]
HKLM\...\Run: [gmsd_be_005010028] => [X]
HKLM\...\Run: [gmsd_be_005010030] => [X]
HKLM\...\Run: [gmsd_be_009010035] => C:\Program Files\gmsd_be_009010035\gmsd_be_009010035.exe [3977872 2015-07-19] ()
HKLM\...\Run: [SmartWeb] => C:\Users\manon\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM\...\Run: [gmsd_be_005010035] => C:\Program Files\gmsd_be_005010035\gmsd_be_005010035.exe [3978896 2015-07-19] ()
HKLM\...\RunOnce: [upgmsd_be_009010035.exe] => C:\Users\manon\AppData\Local\gmsd_be_009010035\upgmsd_be_009010035.exe [3288208 2015-07-19] ()
HKLM\...\RunOnce: [upgmsd_be_005010035.exe] => C:\Users\manon\AppData\Local\gmsd_be_009010035\upgmsd_be_005010035.exe -runonce
HKU\S-1-5-21-2300252248-1329961125-3451811598-1001\...\Run: [GoogleChromeAutoLaunch_A940CBA3600483422EEEC616BA56C290] => C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
HKU\S-1-5-21-2300252248-1329961125-3451811598-1001\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro 3.99\OptProLauncher.exe [148112 2015-07-03] ()
Startup: C:\Users\manon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-07-19]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\manon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-19]
ShortcutTarget: SmartWeb.lnk -> C:\Users\manon\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1437337830&z=a09f1263c72f2ead477c3dagczfc9m2cac7m6bagec&from=ium6&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1437337830&z=a09f1263c72f2ead477c3dagczfc9m2cac7m6bagec&from=ium6&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2300252248-1329961125-3451811598-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1437337830&z=a09f1263c72f2ead477c3dagczfc9m2cac7m6bagec&from=ium6&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393&q={searchTerms}
HKU\S-1-5-21-2300252248-1329961125-3451811598-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-be/?ocid=iehp
HKU\S-1-5-21-2300252248-1329961125-3451811598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1437337830&z=a09f1263c72f2ead477c3dagczfc9m2cac7m6bagec&from=ium6&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393
HKU\S-1-5-21-2300252248-1329961125-3451811598-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1437337830&z=a09f1263c72f2ead477c3dagczfc9m2cac7m6bagec&from=ium6&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393
HKU\S-1-5-21-2300252248-1329961125-3451811598-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1437337830&z=a09f1263c72f2ead477c3dagczfc9m2cac7m6bagec&from=ium6&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1437339749&z=92210fa0d45d25d9cc473f4g3z3c5m7cbcbtem4c3g&from=cmi&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1437339749&z=92210fa0d45d25d9cc473f4g3z3c5m7cbcbtem4c3g&from=cmi&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2300252248-1329961125-3451811598-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393&ts=1437339806&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2300252248-1329961125-3451811598-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393&ts=1437339806&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2300252248-1329961125-3451811598-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393&ts=1437339806&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2300252248-1329961125-3451811598-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393&ts=1437339806&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2300252248-1329961125-3451811598-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393&ts=1437339806&type=default&q={searchTerms}
BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited)
Tcpip\Parameters: [DhcpNameServer] 109.88.203.3 62.197.111.140
Tcpip\..\Interfaces\{1ED58125-905A-4983-BF70-98EA4F8DA7CC}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{47EE111B-1060-4D01-A859-BD2BECA87E35}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{47EE111B-1060-4D01-A859-BD2BECA87E35}: [DhcpNameServer] 109.88.203.3 62.197.111.140
Tcpip\..\Interfaces\{4BAA812B-872C-4DEE-B294-00D983D775BF}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{6749e4c9-d6ef-11e1-a2bb-806e6f6e6963}: [NameServer] 52.18.92.32,8.8.8.8
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1437337830&z=a09f1263c72f2ead477c3dagczfc9m2cac7m6bagec&from=ium6&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393

FireFox:
========
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-19] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-19] (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\manon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\manon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Google Search) - C:\Users\manon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\manon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-09]
CHR Extension: (Google Wallet) - C:\Users\manon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-08]
CHR Extension: (CinemaPlus-3.2cV19.07) - C:\Users\manon\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-07-19]
CHR Extension: (Gmail) - C:\Users\manon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1437339749&z=92210fa0d45d25d9cc473f4g3z3c5m7cbcbtem4c3g&from=cmi&uid=WDCXWD2500BEVT-22A23T0_WD-WXA1A600439304393

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 001964cc; c:\Program Files\Optimizer Pro 3.99\OptProMon.dll [2570896 2015-07-19] () <==== ATTENTION
R2 gifuqygu; C:\Program Files\80824C73-1433788722-DF11-B3BC-958429BE7C90\knsw635D.tmp [620544 2015-07-19] () [File not signed]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-19] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-19] (globalUpdate) [File not signed] <==== ATTENTION
R2 gybonure; C:\Program Files\80824C73-1433788722-DF11-B3BC-958429BE7C90\knsh63EA.tmp [620544 2015-07-19] () [File not signed]
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2004488 2015-07-06] (Electronic Arts)
R2 Stout Maintenance; C:\Program Files\Stout Maintenance\Stout Maintenance.exe [8016425 2015-07-10] () [File not signed] <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2015-01-31] (Microsoft Corporation)
R4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-19] (DTools LIMITED) <==== ATTENTION
R2 wssvc_1.10.0.19; C:\Program Files\WordShark_1.10.0.19\Service\wssvc.exe [299096 2015-06-16] (WS)
S2 xoperoze; C:\Users\manon\AppData\Roaming\80824C73-1433788722-DF11-B3BC-958429BE7C90\jnsn6640.tmp [X]
S2 zedepory; C:\Users\manon\AppData\Roaming\80824C73-1433788722-DF11-B3BC-958429BE7C90\hnsw7C89.tmp [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63.sys [4704256 2012-06-02] (Broadcom Corporation)
R1 MpKsl35761b68; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B14BE47E-A0A5-4890-8752-E5304393DCE1}\MpKsl35761b68.sys [39168 2015-07-19] (Microsoft Corporation)
R1 wsfd_1_10_0_19; C:\Windows\System32\drivers\wsfd_1_10_0_19.sys [48512 2015-06-16] (WS)
S1 jfnbohrk; \??\C:\Windows\system32\drivers\jfnbohrk.sys [X]
S1 wsfd_vw_1_10_0_20; system32\drivers\wsfd_vw_1_10_0_20.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 00:20 - 2015-07-20 00:21 - 00000000 ____D C:\FRST
2015-07-19 23:37 - 2015-07-20 00:10 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-07-19 23:37 - 2015-07-20 00:10 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-07-19 23:37 - 2015-07-20 00:10 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-07-19 23:37 - 2015-07-19 23:37 - 00001007 _____ C:\Users\manon\Desktop\AnyProtect.lnk
2015-07-19 23:37 - 2015-07-19 23:37 - 00000000 ____D C:\Users\manon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-07-19 23:36 - 2015-07-19 23:37 - 00000000 ____D C:\Program Files\AnyProtectEx
2015-07-19 23:36 - 2015-07-19 23:36 - 00613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nsa137.tmp
2015-07-19 23:36 - 2015-07-19 23:36 - 00000000 __SHD C:\Users\manon\AppData\Roaming\AnyProtectEx
2015-07-19 23:10 - 2015-07-19 23:10 - 00020404 _____ C:\Users\manon\Desktop\rapport adw cleaner.txt
2015-07-19 23:05 - 2015-07-20 00:05 - 00003136 _____ C:\Windows\Tasks\40cf77b1-b211-435f-926e-137684f7b5ce-1-6.job
2015-07-19 23:05 - 2015-07-19 23:05 - 00003136 _____ C:\Windows\Tasks\40cf77b1-b211-435f-926e-137684f7b5ce-1-7.job
2015-07-19 23:05 - 2015-07-19 23:05 - 00002444 _____ C:\Windows\Tasks\40cf77b1-b211-435f-926e-137684f7b5ce-5_user.job
2015-07-19 23:05 - 2015-07-19 23:05 - 00002444 _____ C:\Windows\Tasks\40cf77b1-b211-435f-926e-137684f7b5ce-5.job
2015-07-19 23:05 - 2015-07-19 23:05 - 00001020 _____ C:\Windows\Tasks\aF58lNP9yuuyBJWv0QA.job
2015-07-19 23:04 - 2015-07-20 00:04 - 00005516 _____ C:\Windows\Tasks\40cf77b1-b211-435f-926e-137684f7b5ce-6.job
2015-07-19 23:04 - 2015-07-20 00:04 - 00002110 _____ C:\Windows\Tasks\40cf77b1-b211-435f-926e-137684f7b5ce-10_user.job
2015-07-19 23:04 - 2015-07-19 23:09 - 00000972 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-07-19 23:04 - 2015-07-19 23:09 - 00000968 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-07-19 23:04 - 2015-07-19 23:05 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV19.07
2015-07-19 23:04 - 2015-07-19 23:04 - 00005180 _____ C:\Windows\Tasks\40cf77b1-b211-435f-926e-137684f7b5ce-7.job
2015-07-19 23:04 - 2015-07-19 23:04 - 00004156 _____ C:\Windows\Tasks\40cf77b1-b211-435f-926e-137684f7b5ce-3.job
2015-07-19 23:04 - 2015-07-19 23:04 - 00000000 ____D C:\Users\manon\AppData\Local\gmsd_be_005010035
2015-07-19 23:04 - 2015-07-19 23:04 - 00000000 ____D C:\Users\manon\AppData\Local\globalUpdate
2015-07-19 23:04 - 2015-07-19 23:04 - 00000000 ____D C:\Program Files\gmsd_be_005010035
2015-07-19 23:04 - 2015-07-19 23:04 - 00000000 ____D C:\Program Files\globalUpdate
2015-07-19 23:03 - 2015-07-19 23:03 - 00002342 _____ C:\Users\Public\Desktop\Crossbrowse.lnk
2015-07-19 23:03 - 2015-07-19 23:03 - 00002225 _____ C:\Users\Public\Desktop\YouTube.lnk
2015-07-19 23:03 - 2015-07-19 23:03 - 00001054 _____ C:\Windows\Tasks\Crossbrowse.job
2015-07-19 23:03 - 2015-07-19 23:03 - 00000000 ____D C:\Users\manon\AppData\Local\Crossbrowse
2015-07-19 23:03 - 2015-07-19 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-07-19 23:03 - 2015-07-19 23:03 - 00000000 ____D C:\Program Files\FriendlyError
2015-07-19 23:03 - 2015-07-19 23:03 - 00000000 ____D C:\Program Files\Crossbrowse
2015-07-19 23:02 - 2015-07-19 23:02 - 00000000 ____D C:\Users\manon\AppData\Local\SmartWeb
2015-07-19 22:52 - 2015-07-19 22:52 - 00000000 ____D C:\Users\manon\Documents\Optimizer Pro
2015-07-19 22:52 - 2015-07-19 22:52 - 00000000 ____D C:\Users\manon\AppData\Roaming\Optimizer Pro
2015-07-19 22:46 - 2015-07-19 22:46 - 00001061 _____ C:\Users\manon\Desktop\Optimizer Pro.lnk
2015-07-19 22:46 - 2015-07-19 22:46 - 00000350 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-07-19 22:46 - 2015-07-19 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-07-19 22:46 - 2015-07-19 22:46 - 00000000 ____D C:\ProgramData\{16846888-0795-f1e4-1684-46888079a220}
2015-07-19 22:46 - 2015-07-19 22:46 - 00000000 ____D C:\Program Files\Optimizer Pro 3.99
2015-07-19 22:41 - 2015-07-19 22:41 - 00000000 ____D C:\Program Files\WordShark_1.10.0.19
2015-07-19 22:31 - 2015-07-19 23:04 - 00000000 ____D C:\Users\manon\AppData\Local\gmsd_be_009010035
2015-07-19 22:31 - 2015-07-19 23:03 - 00000000 ____D C:\Program Files\MiuiTab
2015-07-19 22:31 - 2015-07-19 22:32 - 00000000 ____D C:\Program Files\gmsd_be_009010035
2015-07-19 22:31 - 2015-07-19 22:31 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-19 22:30 - 2015-07-19 23:02 - 00000000 ____D C:\Users\manon\AppData\Roaming\mystartsearch
2015-07-19 22:30 - 2015-07-19 22:30 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-19 22:23 - 2015-07-19 22:32 - 00000000 ____D C:\AdwCleaner
2015-07-19 22:19 - 2015-07-19 22:21 - 02248704 _____ C:\Users\manon\Downloads\adwcleaner_4.208.exe
2015-07-19 21:37 - 2015-07-19 21:37 - 00613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nswEF8A.tmp
2015-07-19 21:33 - 2015-07-19 21:34 - 00000000 ____D C:\Program Files\02d0622d-6179-489d-9f0a-51edf6d74a37
2015-07-16 15:06 - 2015-07-16 15:06 - 00002051 _____ C:\Users\manon\Desktop\Continue Games Desktop.lnk
2015-07-15 13:47 - 2015-07-19 20:33 - 00000000 ____D C:\Program Files\80824C73-1433788722-DF11-B3BC-958429BE7C90
2015-07-15 00:15 - 2015-07-15 00:14 - 00613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nshB992.tmp
2015-07-15 00:14 - 2015-07-15 00:14 - 00613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nshA02E.tmp
2015-07-15 00:04 - 2015-07-20 00:09 - 00000352 ____H C:\Windows\Tasks\KEIUEHSYHBCNTLSU.job
2015-07-15 00:04 - 2015-07-19 22:30 - 00000364 _____ C:\Windows\Tasks\NBCSJFYZMY1.job
2015-07-15 00:03 - 2015-07-15 00:04 - 00000000 ____D C:\ProgramData\Service1104
2015-07-15 00:03 - 2015-07-15 00:03 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2015-07-14 22:34 - 2015-06-27 15:55 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 22:34 - 2015-05-07 15:04 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 22:33 - 2015-06-15 17:22 - 13771264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 02056704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 22:33 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 22:32 - 2015-06-29 16:22 - 00024240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 22:32 - 2015-06-29 15:30 - 00628224 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 22:32 - 2015-06-29 15:30 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 22:32 - 2015-06-29 15:29 - 00923648 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 22:32 - 2015-06-29 15:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 22:32 - 2015-06-29 15:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 22:32 - 2015-06-29 15:29 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 22:32 - 2015-06-27 16:34 - 00155992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 22:32 - 2015-06-27 15:56 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 22:32 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-07-14 22:32 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 22:32 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 22:32 - 2015-06-26 15:06 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 22:32 - 2015-06-25 20:09 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 22:32 - 2015-06-25 20:07 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 22:32 - 2015-06-25 03:53 - 03391488 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 22:32 - 2015-06-09 16:27 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-14 22:32 - 2015-04-21 16:33 - 01000960 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-07-14 22:31 - 2015-07-03 15:32 - 00035328 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-14 22:31 - 2015-07-03 15:16 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-14 22:31 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 22:30 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 22:30 - 2015-06-11 21:05 - 01079296 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 22:29 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-07-14 22:29 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 22:29 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 22:29 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 22:29 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-07-14 22:28 - 2015-01-07 05:57 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 14:38 - 2015-07-19 21:43 - 00000024 _____ C:\Users\manon\AppData\Roaming\appdataFr25.bin
2015-07-14 00:06 - 2015-07-14 00:06 - 00613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nsn51AF.tmp
2015-07-12 00:44 - 2014-04-16 20:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-07-12 00:06 - 2015-07-12 00:06 - 00613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nslCB70.tmp
2015-07-10 15:28 - 2015-07-10 15:28 - 00000000 ____D C:\Program Files\Stout Maintenance
2015-07-10 00:22 - 2015-07-10 00:22 - 00613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nso73D8.tmp
2015-07-09 00:22 - 2015-07-09 00:22 - 00613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nsj464.tmp
2015-07-09 00:06 - 2015-07-09 00:06 - 00000000 _____ C:\dummy.htm
2015-06-28 23:20 - 2015-06-28 23:20 - 00000000 ____D C:\Program Files\SectionDouble

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 00:21 - 2014-05-12 22:27 - 01126626 _____ C:\Windows\WindowsUpdate.log
2015-07-20 00:04 - 2015-06-08 20:10 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-07-20 00:00 - 2012-07-26 08:53 - 00000000 ____D C:\Windows\system32\sru
2015-07-19 23:50 - 2014-07-20 21:33 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-19 23:45 - 2012-07-26 08:53 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-19 23:05 - 2015-05-20 21:41 - 00000000 ____D C:\Program Files\Belgium Identity Card
2015-07-19 23:02 - 2014-05-12 22:28 - 00001758 _____ C:\Users\manon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-19 22:30 - 2014-07-20 21:32 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-19 22:29 - 2012-07-26 08:03 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-19 21:24 - 2014-07-20 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-19 20:50 - 2015-03-30 12:52 - 00000000 ____D C:\ProgramData\Origin
2015-07-19 20:45 - 2012-07-26 06:17 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-19 20:44 - 2015-06-08 20:12 - 00000350 _____ C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job
2015-07-16 22:12 - 2012-07-26 08:53 - 00000000 ____D C:\Windows\rescache
2015-07-16 21:55 - 2012-07-26 08:43 - 00000000 ____D C:\Windows\CbsTemp
2015-07-16 21:42 - 2014-05-12 22:22 - 00052582 _____ C:\Windows\PFRO.log
2015-07-15 14:02 - 2015-03-22 13:16 - 00281672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 14:01 - 2015-06-08 20:38 - 00000000 ____D C:\Users\manon\AppData\Roaming\80824C73-1433788722-DF11-B3BC-958429BE7C90
2015-07-15 13:59 - 2015-02-23 00:09 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 13:59 - 2014-07-20 21:14 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 13:59 - 2014-07-20 00:43 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 13:59 - 2012-07-26 08:53 - 00000000 ___RD C:\Windows\ToastData
2015-07-13 23:22 - 2015-02-23 00:31 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-13 23:22 - 2015-02-23 00:31 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-13 15:38 - 2015-06-08 20:33 - 00000000 ____D C:\Windows\system32\appmgmt
2015-07-11 20:25 - 2012-07-26 08:53 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-07 01:12 - 2012-07-26 08:53 - 00000000 ____D C:\Windows\system32\NDF
2015-07-06 14:18 - 2015-03-30 12:54 - 00000000 ____D C:\Users\manon\AppData\Roaming\Origin
2015-07-06 14:15 - 2015-03-30 12:52 - 00000000 ____D C:\Program Files\Origin
2015-07-03 08:49 - 2014-07-20 00:43 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 00:31 - 2015-03-26 19:49 - 00000000 ____D C:\ProgramData\147838717100802712

==================== Files in the root of some directories =======

2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\manon\AppData\Roaming\aF58lNP9yuuyBJWv0QA
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\manon\AppData\Roaming\aF58lNP9yuuyBJWv0QA.exe
2015-07-14 14:38 - 2015-07-19 21:43 - 0000024 _____ () C:\Users\manon\AppData\Roaming\appdataFr25.bin
2015-07-19 23:36 - 2015-07-19 23:36 - 0613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nsa137.tmp
2015-07-15 00:14 - 2015-07-15 00:14 - 0613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nshA02E.tmp
2015-07-15 00:15 - 2015-07-15 00:14 - 0613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nshB992.tmp
2015-07-09 00:22 - 2015-07-09 00:22 - 0613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nsj464.tmp
2015-07-12 00:06 - 2015-07-12 00:06 - 0613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nslCB70.tmp
2015-07-14 00:06 - 2015-07-14 00:06 - 0613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nsn51AF.tmp
2015-07-10 00:22 - 2015-07-10 00:22 - 0613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nso73D8.tmp
2015-06-08 20:51 - 2015-06-08 20:51 - 0613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nso898A.tmp
2015-07-19 21:37 - 2015-07-19 21:37 - 0613255 _____ (CMI Limited) C:\Users\manon\AppData\Local\nswEF8A.tmp
2015-03-27 15:21 - 2015-03-27 15:22 - 0004692 _____ () C:\Users\manon\AppData\Local\Temp-log.txt

Some files in TEMP:
====================
C:\Users\manon\AppData\Local\Temp\117.exe
C:\Users\manon\AppData\Local\Temp\4887.exe
C:\Users\manon\AppData\Local\Temp\5762.exe
C:\Users\manon\AppData\Local\Temp\6207.exe
C:\Users\manon\AppData\Local\Temp\6283.exe
C:\Users\manon\AppData\Local\Temp\7951.exe
C:\Users\manon\AppData\Local\Temp\940.exe
C:\Users\manon\AppData\Local\Temp\BackupSetup.exe
C:\Users\manon\AppData\Local\Temp\bbf2593.exe
C:\Users\manon\AppData\Local\Temp\beddhhfggg.exe
C:\Users\manon\AppData\Local\Temp\beddhhfhca.exe
C:\Users\manon\AppData\Local\Temp\CleanSchedule.exe
C:\Users\manon\AppData\Local\Temp\fsd1A71.exe
C:\Users\manon\AppData\Local\Temp\fsd1BCB.exe
C:\Users\manon\AppData\Local\Temp\fsd5A82.exe
C:\Users\manon\AppData\Local\Temp\fsd6475.exe
C:\Users\manon\AppData\Local\Temp\fsd9B9A.exe
C:\Users\manon\AppData\Local\Temp\fsdF793.exe
C:\Users\manon\AppData\Local\Temp\ms.exe
C:\Users\manon\AppData\Local\Temp\optprosetup.exe
C:\Users\manon\AppData\Local\Temp\Quarantine.exe
C:\Users\manon\AppData\Local\Temp\sdf3A41.exe
C:\Users\manon\AppData\Local\Temp\setacl.exe
C:\Users\manon\AppData\Local\Temp\setup.exe
C:\Users\manon\AppData\Local\Temp\sqlite3.dll
C:\Users\manon\AppData\Local\Temp\telecharger jake et les pirates du pays imaginaire le retour de peter pan__10924_i1532591634_il171846.exe
C:\Users\manon\AppData\Local\Temp\Uninstall.exe
C:\Users\manon\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-14 23:47

==================== End of log ============================

Publicité


Signaler le contenu de ce document

Publicité