cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 01
Ran by ROS (administrator) on ROS-HP (05-05-2016 20:55:28)
Running from C:\Users\ROS\Downloads
Loaded Profiles: ROS (Available Profiles: ROS)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() F:\autorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Bitdefender) F:\products\TotalSecurity\en\install\64bit\setupdownloader.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\installer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Bdagent] => "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-31] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-12] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1026542254-1900846025-1555846018-1000\...\MountPoints2: {0846186b-1336-11e6-ae98-806e6f6e6963} - F:\autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-23] (EasyBits Software Corp.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-30]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.5.5
Tcpip\..\Interfaces\{1BDDD790-8282-4538-B344-D1C0F06D4B12}: [DhcpNameServer] 192.168.5.5

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/13
HKU\S-1-5-21-1026542254-1900846025-1555846018-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/13
HKU\S-1-5-21-1026542254-1900846025-1555846018-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/13
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {F623842B-86AF-45DA-ABE5-A2019D1536F5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {F623842B-86AF-45DA-ABE5-A2019D1536F5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1026542254-1900846025-1555846018-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1026542254-1900846025-1555846018-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1026542254-1900846025-1555846018-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1026542254-1900846025-1555846018-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1026542254-1900846025-1555846018-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1026542254-1900846025-1555846018-1000 -> {F623842B-86AF-45DA-ABE5-A2019D1536F5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-08-19] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-08-19] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext => not found
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext => not found

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bfmogjcijkfeahcajecmmegieipfbdcc] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-21] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-21] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-05 20:55 - 2016-05-05 20:55 - 00015313 _____ C:\Users\ROS\Downloads\FRST.txt
2016-05-05 20:54 - 2016-05-05 20:55 - 00000000 ____D C:\FRST
2016-05-05 20:54 - 2016-05-05 20:54 - 00001078 _____ C:\Users\ROS\Desktop\FRST64 - Shortcut.lnk
2016-05-05 20:52 - 2016-05-05 20:53 - 02379776 _____ (Farbar) C:\Users\ROS\Downloads\FRST64.exe
2016-05-05 20:38 - 2016-05-05 20:38 - 00002247 _____ C:\ProgramData\1462469757.4568.bin
2016-05-05 20:38 - 2016-05-05 20:38 - 00000000 ____D C:\Users\ROS\AppData\Roaming\Bitdefender
2016-05-05 20:36 - 2016-05-05 20:39 - 00141905 _____ C:\ProgramData\1462469757.4980.bin
2016-05-05 20:36 - 2016-05-05 20:38 - 01764761 _____ C:\ProgramData\1462469757.4996.bin
2016-05-05 20:36 - 2016-05-05 20:38 - 00000000 ____D C:\ProgramData\Bitdefender
2016-05-05 20:36 - 2016-05-05 20:38 - 00000000 ____D C:\Program Files\Bitdefender
2016-05-05 20:36 - 2016-05-05 20:37 - 00001451 _____ C:\ProgramData\1462469757.1308.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 00017891 _____ C:\ProgramData\1462469757.4992.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 00010652 _____ C:\ProgramData\1462469757.5052.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 00003735 _____ C:\ProgramData\1462469757.4988.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 00001090 _____ C:\ProgramData\1462469757.4972.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 00001090 _____ C:\ProgramData\1462469757.4796.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 00000000 _____ C:\Windows\system32\BDSandBoxUISkin32.dll
2016-05-05 20:36 - 2016-05-05 20:36 - 00000000 _____ C:\Windows\system32\BDSandBoxUISkin.dll
2016-05-05 20:36 - 2016-05-05 20:36 - 00000000 _____ C:\Windows\system32\BDSandBoxUH.dll
2016-05-05 20:36 - 2013-08-23 12:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-05-05 20:36 - 2013-08-07 12:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-05-05 20:35 - 2016-05-05 20:55 - 00150295 _____ C:\ProgramData\1462469757.3984.bin
2016-05-05 20:35 - 2016-05-05 20:55 - 00116764 _____ C:\ProgramData\1462469757.4164.bin
2016-05-05 20:35 - 2016-05-05 20:38 - 00016463 _____ C:\ProgramData\1462469757.5116.bin
2016-05-05 20:35 - 2016-05-05 20:35 - 00000000 ____D C:\Users\ROS\AppData\Roaming\QuickScan
2016-05-05 20:34 - 2016-05-05 20:36 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-05-05 20:33 - 2016-05-05 20:33 - 00000000 ____D C:\Users\ROS\AppData\Roaming\Macromedia
2016-05-05 20:33 - 2016-05-05 20:33 - 00000000 ____D C:\Users\ROS\AppData\Roaming\Adobe
2016-05-05 20:19 - 2014-05-14 19:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-05 20:19 - 2014-05-14 19:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-05 20:19 - 2014-05-14 19:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-05-05 20:19 - 2014-05-14 19:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-05 20:19 - 2014-05-14 19:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-05-05 20:19 - 2014-05-14 19:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-05 20:19 - 2014-05-14 19:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-05-05 20:19 - 2014-05-14 19:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-05-05 20:19 - 2014-05-14 19:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-05-05 20:19 - 2014-05-14 19:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-05-05 20:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-05-05 20:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-05-05 20:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-05-05 20:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-05-05 20:17 - 2016-05-05 20:17 - 00000000 ____D C:\Users\ROS\Documents\Bluetooth Exchange Folder
2016-05-05 20:17 - 2016-05-05 20:17 - 00000000 ____D C:\Users\ROS\AppData\Local\Broadcom
2016-05-05 20:03 - 2016-05-05 20:03 - 00057560 _____ C:\Users\ROS\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-05 20:03 - 2016-05-05 20:03 - 00000000 ____D C:\Users\ROS\AppData\Roaming\ATI
2016-05-05 20:03 - 2016-05-05 20:03 - 00000000 ____D C:\Users\ROS\AppData\Local\ATI
2016-05-05 20:02 - 2016-05-05 20:02 - 00001413 _____ C:\Users\ROS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-05-05 20:02 - 2016-05-05 20:02 - 00000000 ____D C:\Users\ROS\AppData\Roaming\Synaptics
2016-05-05 20:01 - 2016-05-05 20:40 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A3BD2A75-DEE0-4E57-A0BB-BAA320BD01C5}
2016-05-05 20:01 - 2016-05-05 20:02 - 00001447 _____ C:\Users\ROS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-05 20:00 - 2016-05-05 20:02 - 00000000 ____D C:\Users\ROS\AppData\Roaming\hpqlog
2016-05-05 20:00 - 2016-05-05 20:00 - 00000000 ____D C:\Users\ROS\AppData\Roaming\Hewlett-Packard
2016-05-05 20:00 - 2016-05-05 20:00 - 00000000 ____D C:\Users\ROS\AppData\Local\Hewlett-Packard
2016-05-05 19:59 - 2016-05-05 20:01 - 00003560 _____ C:\Windows\System32\Tasks\Registration
2016-05-05 19:59 - 2016-05-05 19:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-05-05 19:59 - 2016-05-05 19:59 - 00000000 ____D C:\Users\ROS\AppData\Local\VirtualStore
2016-05-05 19:59 - 2016-05-05 19:59 - 00000000 ____D C:\Users\ROS\AppData\Local\RemEngine
2016-05-05 19:59 - 2016-05-05 19:59 - 00000000 ____D C:\Users\ROS\AppData\Local\Hewlett-Packard_Company
2016-05-05 19:59 - 2016-05-05 19:59 - 00000000 ____D C:\Users\ROS\AppData\Local\AuthenTec
2016-05-05 19:59 - 2016-05-05 19:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-05 19:58 - 2016-05-05 20:31 - 00000000 ____D C:\Users\ROS\AppData\LocalLow\AuthenTec
2016-05-05 19:58 - 2016-05-05 20:01 - 00000000 ____D C:\Users\ROS
2016-05-05 19:58 - 2016-05-05 19:59 - 00000000 ____D C:\ProgramData\Adobe
2016-05-05 19:58 - 2016-05-05 19:58 - 00000020 ___SH C:\Users\ROS\ntuser.ini
2016-05-05 19:58 - 2016-05-05 19:58 - 00000000 _SHDL C:\Users\ROS\My Documents
2016-05-05 19:58 - 2016-05-05 19:58 - 00000000 _SHDL C:\Users\ROS\Documents\My Videos
2016-05-05 19:58 - 2016-05-05 19:58 - 00000000 _SHDL C:\Users\ROS\Documents\My Pictures
2016-05-05 19:58 - 2016-05-05 19:58 - 00000000 _SHDL C:\Users\ROS\Documents\My Music
2016-05-05 19:58 - 2016-05-05 19:58 - 00000000 ____D C:\Users\ROS\AppData\Roaming\Symantec

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-06 06:54 - 2009-07-14 08:32 - 00032768 _____ C:\Windows\system32\config\BCD-Template
2016-05-06 05:56 - 2007-01-02 04:25 - 00000000 ____D C:\Windows\Panther
2016-05-05 20:38 - 2009-07-14 07:45 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-05 20:38 - 2009-07-14 07:45 - 00022944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-05 20:36 - 2011-10-22 23:15 - 00629862 _____ C:\Windows\system32\perfh00C.dat
2016-05-05 20:36 - 2011-10-22 23:15 - 00435188 _____ C:\Windows\system32\perfh001.dat
2016-05-05 20:36 - 2011-10-22 23:15 - 00107722 _____ C:\Windows\system32\perfc00C.dat
2016-05-05 20:36 - 2011-10-22 23:15 - 00076298 _____ C:\Windows\system32\perfc001.dat
2016-05-05 20:36 - 2009-07-14 08:13 - 01948618 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-05 20:36 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-05-05 20:30 - 2011-10-30 11:49 - 00000000 ____D C:\ProgramData\Norton
2016-05-05 20:30 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-05 20:28 - 2011-10-30 11:37 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-05-05 20:00 - 2011-10-22 23:49 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-05-05 20:00 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-05-05 20:00 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-05-05 19:59 - 2011-10-30 11:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-05-05 19:59 - 2011-10-23 00:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-05-05 19:59 - 2011-10-23 00:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-05-05 19:59 - 2011-10-22 23:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-05-05 19:59 - 2011-10-22 23:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-05-05 19:59 - 2011-02-10 22:23 - 00000000 ___HD C:\SYSTEM.SAV
2016-05-05 19:59 - 2011-02-10 22:23 - 00000000 ____D C:\SWSetup
2016-05-05 19:58 - 2011-10-30 11:31 - 00000056 ____H C:\Windows\SysWOW64\ezsidmv.dat
2016-05-05 19:57 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2016-05-05 20:36 - 2016-05-05 20:37 - 0001451 _____ () C:\ProgramData\1462469757.1308.bin
2016-05-05 20:35 - 2016-05-05 20:55 - 0150295 _____ () C:\ProgramData\1462469757.3984.bin
2016-05-05 20:35 - 2016-05-05 20:55 - 0116764 _____ () C:\ProgramData\1462469757.4164.bin
2016-05-05 20:38 - 2016-05-05 20:38 - 0002247 _____ () C:\ProgramData\1462469757.4568.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 0001090 _____ () C:\ProgramData\1462469757.4796.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 0001090 _____ () C:\ProgramData\1462469757.4972.bin
2016-05-05 20:36 - 2016-05-05 20:39 - 0141905 _____ () C:\ProgramData\1462469757.4980.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 0003735 _____ () C:\ProgramData\1462469757.4988.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 0017891 _____ () C:\ProgramData\1462469757.4992.bin
2016-05-05 20:36 - 2016-05-05 20:38 - 1764761 _____ () C:\ProgramData\1462469757.4996.bin
2016-05-05 20:36 - 2016-05-05 20:36 - 0010652 _____ () C:\ProgramData\1462469757.5052.bin
2016-05-05 20:35 - 2016-05-05 20:38 - 0016463 _____ () C:\ProgramData\1462469757.5116.bin

Some zero byte size files/folders:
==========================
C:\Windows\System32\BDSandBoxUH.dll
C:\Windows\System32\BDSandBoxUISkin.dll
C:\Windows\System32\BDSandBoxUISkin32.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2007-01-02 04:26

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité