cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-08-2015
Ran by admin (administrator) on PC-DE-ADMIN (06-08-2015 21:28:41)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Platform: Microsoft® Windows Vista™ Édition Familiale Premium (X86) Language: Français (France)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(F-Secure Corporation) C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
(F-Secure Corporation) C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(F-Secure Corporation) C:\Program Files\Orange\AntivirusFirewall\Common\FSHDLL32.EXE
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(F-Secure Corporation) C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
(F-Secure Corporation) C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files\Orange\AntivirusFirewall\FWES\program\fsdfwd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(F-Secure Corporation) C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\Skype\Phone\Skype.exe
(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
(F-Secure Corporation) C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe
(Orange International) C:\Program Files\Orange\GLOBAL\Mnu\IGOMNU.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2008-04-16] (Microsoft Corporation)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-15] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [167936 2006-12-02] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [159744 2006-11-06] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [46704 2006-12-04] (Hewlett-Packard)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317152 2006-10-18] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472800 2006-10-18] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE [201128 2009-11-18] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] => C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe [1655464 2011-09-18] (F-Secure Corporation)
HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-08] ()
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44128 2006-11-07] (soft thinks)
HKU\S-1-5-21-166088249-2872553327-2155955436-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-166088249-2872553327-2155955436-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20034600 2006-07-14] ()
HKU\S-1-5-21-166088249-2872553327-2155955436-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2156368 2008-07-07] (Safer Networking Limited)
HKU\S-1-5-21-166088249-2872553327-2155955436-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-21] (Google Inc.)
HKU\S-1-5-21-166088249-2872553327-2155955436-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-166088249-2872553327-2155955436-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de détection de support PMB.lnk [2009-12-27]
ShortcutTarget: Outil de détection de support PMB.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-166088249-2872553327-2155955436-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-166088249-2872553327-2155955436-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
URLSearchHook: HKU\S-1-5-21-166088249-2872553327-2155955436-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-166088249-2872553327-2155955436-1000 - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll No File
URLSearchHook: HKU\S-1-5-21-166088249-2872553327-2155955436-1000 - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {90F761BB-4824-4818-9598-4BE71847BE3E} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-166088249-2872553327-2155955436-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.fr/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEB_frFR270
SearchScopes: HKU\S-1-5-21-166088249-2872553327-2155955436-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=DEF950A7-B4CB-4F4E-9A22-0E1769FF8256&apn_sauid=2E94E20D-EBE3-4203-B6DA-36D34F896406
SearchScopes: HKU\S-1-5-21-166088249-2872553327-2155955436-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.fr/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEB_frFR270
SearchScopes: HKU\S-1-5-21-166088249-2872553327-2155955436-1000 -> {90F761BB-4824-4818-9598-4BE71847BE3E} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
BHO: Yahoo! Toolbar Helper -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29] (Yahoo! Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07] (Safer Networking Limited)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-22] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-22] (Google Inc.)
BHO: Browsing Protection Class -> {C6867EB7-8350-4856-877F-93CF8AE3DC9C} -> C:\Program Files\Orange\AntivirusFirewall\NRS\iescript\baselitmus.dll [2014-06-17] (F-Secure Corporation)
Toolbar: HKLM - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29] (Yahoo! Inc.)
Toolbar: HKLM - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\AntivirusFirewall\NRS\iescript\baselitmus.dll [2014-06-17] (F-Secure Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-166088249-2872553327-2155955436-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-22] (Google Inc.)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 02 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 03 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 04 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 05 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 06 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 07 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 08 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 09 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 10 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 11 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Winsock: Catalog9 33 C:\Program Files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL [189352 2010-04-03] (F-Secure Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{88F28A26-0080-442E-8BCA-ECFD9C8E9AFD}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2011-01-16] ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-25] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-24]
FF HKLM\...\Firefox\Extensions: [litmus-ff@f-secure.com] - C:\Program Files\Orange\AntivirusFirewall\NRS\litmus-ff@f-secure.com
FF Extension: Browsing Protection - C:\Program Files\Orange\AntivirusFirewall\NRS\litmus-ff@f-secure.com [2010-04-03]

Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-24] () [File not signed]
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-24] () [File not signed]
R2 F-Secure Gatekeeper Handler Starter; C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe [221608 2009-11-18] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe [524712 2009-11-18] (F-Secure Corporation)
R2 FSMA; C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE [188840 2009-11-18] (F-Secure Corporation)
R3 FSORSPClient; C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe [60456 2015-03-15] (F-Secure Corporation)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [809296 2008-07-07] (Safer Networking Ltd.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2008-04-16] (Microsoft Corporation)
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)
R3 F-Secure Gatekeeper; C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [145856 2013-07-11] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\Orange\AntivirusFirewall\HIPS\drivers\fshs.sys [69928 2009-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2012-08-24] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [37544 2009-11-18] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72904 2009-11-18] (F-Secure Corporation)
R1 fsvista; C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [14248 2009-11-18] ()
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-19] (Conexant Systems Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP) [File not signed]
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2006-04-13] (HP) [File not signed]
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP) [File not signed]
S3 JL2005C; C:\Windows\System32\Drivers\jl2005c.sys [68762 2008-03-11] (Windows (R) 2000 DDK provider) [File not signed]
R0 MtxDma0; C:\Windows\System32\drivers\MtxDma0.sys [182248 2002-07-10] (Matrox Electronic Systems Ltd.) [File not signed]
S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-06 21:28 - 2015-08-06 21:30 - 00020890 _____ C:\Users\admin\Downloads\FRST.txt
2015-08-06 21:28 - 2015-08-06 21:28 - 00000000 ____D C:\FRST
2015-08-06 21:27 - 2015-08-06 21:27 - 01673728 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2015-08-06 21:23 - 2015-08-06 21:23 - 00000736 _____ C:\Users\admin\Desktop\ZHPCleaner.lnk
2015-08-06 21:23 - 2015-08-06 21:23 - 00000000 ____D C:\Users\admin\AppData\Roaming\ZHP
2015-08-06 21:21 - 2015-08-06 21:21 - 01873408 _____ C:\Users\admin\Downloads\ZHPCleaner.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-06 21:17 - 2007-03-08 01:24 - 01116132 _____ C:\Windows\WindowsUpdate.log
2015-08-06 21:05 - 2006-11-02 14:47 - 00003072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-06 21:05 - 2006-11-02 14:47 - 00003072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-06 20:10 - 2007-04-14 18:32 - 00000418 ____H C:\Windows\Tasks\User_Feed_Synchronization-{8B5D5655-A6EB-47C1-ADC6-7CBF26F39874}.job
2015-08-06 20:09 - 2006-12-18 23:39 - 00000147 _____ C:\Users\Public\Documents\hpqp.ini
2015-08-06 20:08 - 2008-07-06 14:54 - 00000558 _____ C:\Windows\Tasks\Scheduled scanning task.job
2015-08-06 20:06 - 2007-04-15 12:14 - 00032215 _____ C:\Users\admin\AppData\Roaming\nvModes.001
2015-08-06 20:05 - 2010-03-26 16:54 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-06 20:05 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-03 16:11 - 2008-04-13 11:35 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2015-08-03 16:11 - 2006-12-18 22:51 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-08-03 16:11 - 2006-11-02 15:01 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-03 15:48 - 2010-03-26 16:54 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-03 15:36 - 2015-01-31 16:17 - 01532584 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-03 15:32 - 2008-07-14 11:15 - 00014563 _____ C:\Windows\setupact.log

==================== Files in the root of some directories =======

2015-03-15 15:11 - 2015-03-15 15:11 - 6103040 _____ () C:\Program Files\GUT1D31.tmp
2012-12-09 12:15 - 2012-12-09 12:15 - 4106240 _____ () C:\Program Files\GUT29BF.tmp
2013-05-12 10:23 - 2013-05-12 10:23 - 4167680 _____ () C:\Program Files\GUT8324.tmp
2012-08-01 14:44 - 2012-08-01 14:44 - 4024320 _____ () C:\Program Files\GUTE688.tmp
2013-10-17 18:30 - 2013-10-17 18:30 - 50053120 _____ () C:\Program Files\GUTFC9.tmp
2007-04-15 12:14 - 2015-08-06 20:06 - 0032215 _____ () C:\Users\admin\AppData\Roaming\nvModes.001
2007-04-14 14:53 - 2014-01-10 14:56 - 0032215 _____ () C:\Users\admin\AppData\Roaming\nvModes.dat
2007-04-18 18:30 - 2014-02-26 20:56 - 0000890 _____ () C:\Users\admin\AppData\Roaming\wklnhst.dat
2007-03-08 01:53 - 2007-03-08 01:53 - 0000000 _____ () C:\Users\admin\AppData\Local\AtStart.txt
2011-01-16 13:27 - 2011-05-01 14:39 - 0000581 _____ () C:\Users\admin\AppData\Local\cookies.ini
2010-11-06 15:07 - 2010-11-06 15:07 - 0000680 _____ () C:\Users\admin\AppData\Local\d3d9caps.dat
2007-04-14 12:06 - 2015-03-22 19:25 - 0072192 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-03-08 01:53 - 2007-03-08 01:53 - 0000000 _____ () C:\Users\admin\AppData\Local\DSwitch.txt
2007-03-08 01:53 - 2007-03-08 01:53 - 0000000 _____ () C:\Users\admin\AppData\Local\QSwitch.txt
2011-07-31 11:01 - 2011-07-31 11:01 - 0000000 _____ () C:\Users\admin\AppData\Local\{A3DDBAC9-CD64-46D5-9572-83B16A62C588}
2013-11-29 13:25 - 2013-11-29 13:25 - 0000057 _____ () C:\ProgramData\Ament.ini
2007-03-08 01:54 - 2007-03-08 01:57 - 0000662 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\_is2E9F.exe
C:\Users\admin\AppData\Local\Temp\_is3498.exe
C:\Users\admin\AppData\Local\Temp\_is3553.exe
C:\Users\admin\AppData\Local\Temp\_is365B.exe
C:\Users\admin\AppData\Local\Temp\_is6FF2.exe
C:\Users\admin\AppData\Local\Temp\_is711.exe
C:\Users\admin\AppData\Local\Temp\_is759D.exe
C:\Users\admin\AppData\Local\Temp\_is8F15.exe
C:\Users\admin\AppData\Local\Temp\_is9222.exe
C:\Users\admin\AppData\Local\Temp\_isBC9B.exe
C:\Users\admin\AppData\Local\Temp\{022EF529-2A7F-499E-A373-AC9290327B2C}-28.0.1500.71_27.0.1453.116_chrome_updater.exe
C:\Users\admin\AppData\Local\Temp\{3CAA6A1A-23F5-4BEE-8D6D-49780696E235}-30.0.1599.69_chrome_installer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-06 20:12

==================== End of log ============================

Publicité


Signaler le contenu de ce document

Publicité