cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by TOSHIBA (2016-04-24 00:03:02)
Running from C:\Users\TOSHIBA\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-08-27 19:50:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1870027983-4264097883-3264919129-500 - Administrator - Disabled)
Guest (S-1-5-21-1870027983-4264097883-3264919129-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1870027983-4264097883-3264919129-1002 - Limited - Enabled)
TOSHIBA (S-1-5-21-1870027983-4264097883-3264919129-1000 - Administrator - Enabled) => C:\Users\TOSHIBA

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.375.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AntiLogger (x32 Version: 1.9.3.602 - Zemana Ltd.) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
doPDF (Version: 8.1.921 - Softland) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland)
doPDF 8 (HKLM-x32\...\{f3778a1a-fca8-458f-8de8-b8eb3ff21cf4}) (Version: 8.1.921 - Softland)
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\{13BE5FED-4B98-3DE1-9510-47EA0693FDE8}) (Version: 50.0.2661.87 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyCrypt SDK version 1.8.1.199 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.8.1.199 - Zemana Ltd.)
K-Lite Mega Codec Pack 10.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version: - Novawave Inc.)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{37AFBFC0-AE39-425B-97CB-A90319D39A4B}) (Version: 8.1.921 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{056A3023-0724-49F0-82F8-88A1F0783D53}) (Version: 8.1.921 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{52BC4F1A-207A-458F-B763-060D54516290}) (Version: 8.1.921 - Softland)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
welcome (x32 Version: 11.0.22500.0.0 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.25 - WildTangent) Hidden
Windows 7 Manager (HKLM\...\{C7534E78-48F0-4E13-A919-A19330CA79B2}) (Version: 5.0.5 - Yamicsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00319510-7845-4687-8241-FEF6AA2EFB4C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {09C7C5E4-62D1-4A9E-A8DF-E00490D214AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {201AAA6E-09B8-4794-8C45-27A9278F9B4C} - System32\Tasks\{DFBB9C3B-5519-44F4-926A-A03E1CB076C7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {26801DB5-E95F-43BC-B435-804B5A0C9BFA} - System32\Tasks\{8E7A84AF-E5A7-416D-B154-D5278AB14BAB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603
Task: {28085BD9-F62B-4251-AEA0-370E68760C57} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {2EC04AD8-3003-4EF9-98D0-260D0BE65084} - System32\Tasks\{F311B61F-7D6D-426F-AE46-DA8CA3D826F1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/en/go/help.faq.installer?LastError=1603
Task: {41D08551-AA0E-45CB-913B-2118CB27F7C7} - System32\Tasks\{86411224-2BDF-458A-AA66-E99068EAC9FB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1603
Task: {4D0033AF-4BB9-4E42-A2D2-64DDCE403FF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {4F91EEE4-8CE0-44D6-9470-FD374C0267A9} - System32\Tasks\{2DBF06EF-013D-46C7-9E03-0B35C049ADF8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603
Task: {50E8D6C9-5DCD-462D-95E4-2B58EA8636DF} - System32\Tasks\{5CC9E16A-A791-4F14-A184-356D52809A5B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1603
Task: {5A6825CC-4CAE-474F-BBDD-D6198E6CDC76} - System32\Tasks\{9BACA7D0-BEB0-4AA9-9A59-05722B1BE9A5} => pcalua.exe -a "C:\Program Files (x86)\USBScan\unins000.exe"
Task: {5E1E5867-1A54-4891-8E1F-96DEA54A34FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-24] (Microsoft Corporation)
Task: {7872C8AA-BCD2-4E41-A223-B2E362226731} - System32\Tasks\{BB803D7B-095E-463C-A6DF-45F3A65DE27E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.1.0.105/en/abandoninstall?page=tsProgressBar
Task: {91D41589-5180-4CB3-9D43-B8D20C4A9FF9} - System32\Tasks\{B49BEC05-6DD4-4525-B571-7DAAD3113BA3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603
Task: {B23948A0-E270-4806-9E2A-DBD24914FC0F} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-12-16] ()
Task: {C55D2579-9812-4BDE-8252-A4032902BF92} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-24] (Microsoft Corporation)
Task: {CFCA0DDF-10D4-40B6-BF40-BCFECB5FED7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {D2FD0D34-1129-4FA7-B38B-8980ED9BC337} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-14] (Microsoft Corporation)
Task: {D8933CF3-973E-44D7-BF1B-6885F71697A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {F60DD6BF-6EDE-457F-9689-174D3A8126A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21] (Google Inc.)
Task: {F6708DFB-6F6B-4D49-968E-A228E65A2485} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-14] (Adobe Systems Incorporated)
Task: {F806A241-4586-411B-826D-610136845788} - System32\Tasks\{F4D38DEE-AFAC-4ECC-B2EF-75E5A51CFD76} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll
2014-07-16 14:52 - 2011-03-01 00:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2015-11-24 01:45 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-04-06 13:37 - 2016-04-16 16:11 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2014-12-16 15:17 - 2014-12-16 15:17 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2015-11-24 01:50 - 2015-11-24 01:50 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-06 13:37 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-24 01:46 - 2015-11-24 01:50 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com

There are 7846 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-04-22 03:40 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ASO3DiskOptimizer => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: CSObjectsSrv => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: glarab_http_proxy => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdate1d07c27b3c11b6 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gupdatem1d07c27bae3622 => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MWAgent => 2
MSCONFIG\Services: NAUpdate => 3
MSCONFIG\Services: PanService => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TemproMonitoringService => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA Bluetooth Service => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Monitor.lnk => C:\windows\pss\Bluetooth Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: New Value #2 => C:\Windows\system32\ctfmon.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7F307436-1D5A-4C17-BA68-82EC3EE69202}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{38AC23E1-194F-4E7C-8357-7756DB71F921}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DF351DA7-B952-4013-9458-5AB5953F13E5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F1126B55-432D-49DE-AF30-638D00B71744}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F3B5366E-24FF-4DB3-BB7D-A1093F92CCE6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B6479181-C761-48E6-8742-B74B667C4B82}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{498EAF1F-2583-4118-BE9B-1CA979685788}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-04-2016 19:21:16 Restore Point Created by FRST
23-04-2016 23:41:41 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2016 11:46:24 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">.

Error: (04/23/2016 11:46:10 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">.

Error: (04/23/2016 11:27:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513, time stamp: 0x4dcdb214
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb302d
Exception code: 0xc0000374
Fault offset: 0x000ce843
Faulting process id: 0x1388
Faulting application start time: 0xWLXPhotoGallery.exe0
Faulting application path: WLXPhotoGallery.exe1
Faulting module path: WLXPhotoGallery.exe2
Report Id: WLXPhotoGallery.exe3

Error: (04/23/2016 10:49:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0x6b8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/23/2016 10:49:05 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">.

Error: (04/23/2016 10:48:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513, time stamp: 0x4dcdb214
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb302d
Exception code: 0xc0000374
Fault offset: 0x000ce843
Faulting process id: 0xed8
Faulting application start time: 0xWLXPhotoGallery.exe0
Faulting application path: WLXPhotoGallery.exe1
Faulting module path: WLXPhotoGallery.exe2
Report Id: WLXPhotoGallery.exe3

Error: (04/23/2016 10:48:28 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/23/2016 10:48:28 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/23/2016 10:48:28 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/23/2016 10:48:28 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/23/2016 11:50:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
%%1058

Error: (04/23/2016 11:18:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
%%1058

Error: (04/23/2016 11:15:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/23/2016 11:15:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/23/2016 11:15:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/23/2016 11:15:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/23/2016 11:15:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/23/2016 11:15:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/23/2016 11:15:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/23/2016 11:15:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
Date: 2016-04-22 03:40:11.639
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-22 03:40:11.608
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.804
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.788
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.757
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.741
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.164
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.133
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.117
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.086
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 38%
Total physical RAM: 8151.8 MB
Available physical RAM: 4979.46 MB
Total Virtual: 14291.99 MB
Available Virtual: 11294.11 MB

==================== Drives ================================

Drive c: (S3A2575D002) (Fixed) (Total:290.98 GB) (Free:230.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:287.88 GB) (Free:287.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: FE1684A7)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=291 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=287.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.8 GB) - (Type=17)

==================== End of Addition.txt ============================

Publicité


Signaler le contenu de ce document

Publicité