cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
Ran by Hammoudeh (administrator) on HAMMOUDEH-PC (14-05-2016 23:42:40)
Running from C:\Users\Hammoudeh\Desktop
Loaded Profiles: UpdatusUser & Hammoudeh (Available Profiles: UpdatusUser & Hammoudeh)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Users\Hammoudeh\AppData\Local\Temp\8153
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SplitCam Co.) C:\Program Files (x86)\SplitCam\SplitCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NANotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2146789597-1071947457-3009600132-1000\...\Policies\system: [ConsentPromptBehaviorAdmin] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1000\...\Policies\system: [PromptOnSecureDesktop] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1001\...\Policies\system: [ConsentPromptBehaviorAdmin] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1001\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1001\...\Policies\system: [PromptOnSecureDesktop] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2146789597-1071947457-3009600132-1001\...\Winlogon: [Shell] explorer.exe,"C:\Users\Hammoudeh\AppData\Roaming\clientmon.exe" <==== ATTENTION
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\Users\Hammoudeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zbotgui v21.js [2016-04-15] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4AAD374F-D1C7-44CE-9E3E-A956377CA055}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4AAD374F-D1C7-44CE-9E3E-A956377CA055}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4C824B8F-A7F3-4C0D-BBFF-1AE8E38C90F3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4C824B8F-A7F3-4C0D-BBFF-1AE8E38C90F3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-21-2146789597-1071947457-3009600132-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-21-2146789597-1071947457-3009600132-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-21-2146789597-1071947457-3009600132-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-2146789597-1071947457-3009600132-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2146789597-1071947457-3009600132-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Hammoudeh\AppData\Roaming\Mozilla\Firefox\Profiles\a0couytb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2016-05-14] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://speedtest.orange.jo/
CHR Profile: C:\Users\Hammoudeh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Hammoudeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05]
CHR Extension: (Google Drive) - C:\Users\Hammoudeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Hammoudeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Hammoudeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Skype) - C:\Users\Hammoudeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hammoudeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Hammoudeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-14] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [311424 2014-09-15] (SplitCam Co.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20151022.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-08-08] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20151023.001\IDSvia64.sys [767224 2015-10-23] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20151025.001_f83\ENG64.SYS [138488 2015-08-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20151025.001_f83\EX64.SYS [2146040 2015-08-08] (Symantec Corporation)
R3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2014-06-30] (Windows (R) Win 7 DDK provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37496 2014-06-30] (Windows (R) Win 7 DDK provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2015-08-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
U0 sr; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-14 23:42 - 2016-05-14 23:43 - 00022873 _____ C:\Users\Hammoudeh\Desktop\FRST.txt
2016-05-14 23:41 - 2016-05-14 23:41 - 00018215 _____ C:\Users\Hammoudeh\Downloads\FRST.txt
2016-05-14 23:40 - 2016-05-14 23:42 - 00000000 ____D C:\FRST
2016-05-14 23:40 - 2016-05-14 23:40 - 02382336 _____ (Farbar) C:\Users\Hammoudeh\Desktop\FRST64.exe
2016-05-14 20:19 - 2016-05-14 20:19 - 00000000 _____ C:\Users\Hammoudeh\AppData\Roaming\.NANotifyHere
2016-05-14 14:40 - 2016-02-20 23:30 - 00319488 _____ C:\Users\Hammoudeh\AppData\Roaming\clientmon.exe
2016-05-13 23:36 - 2016-05-13 23:36 - 00002002 _____ C:\Users\Hammoudeh\Desktop\report.txt
2016-05-13 21:42 - 2016-05-13 21:42 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-13 21:41 - 2016-05-13 21:41 - 02870984 _____ (ESET) C:\Users\Hammoudeh\Downloads\esetsmartinstaller_fra.exe
2016-05-13 16:28 - 2016-05-13 16:28 - 00002174 _____ C:\Users\Hammoudeh\Desktop\ZHPFixReport.txt
2016-05-13 16:28 - 2016-05-13 16:28 - 00002174 _____ C:\Users\Hammoudeh\Desktop\ZHPFix[R1].txt
2016-05-13 16:09 - 2016-05-13 16:10 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2016-05-13 16:09 - 2016-05-13 16:09 - 00001853 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-05-13 16:09 - 2016-05-13 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-05-13 16:08 - 2016-05-13 16:08 - 03521617 _____ (Nicolas Coolman ) C:\Users\Hammoudeh\Downloads\ZHPFix.exe
2016-05-11 18:48 - 2016-05-11 18:49 - 02204160 _____ C:\Users\Hammoudeh\Downloads\ZHPDiag3 (1).exe
2016-05-11 18:46 - 2016-05-11 18:46 - 00112994 _____ C:\Users\Hammoudeh\Desktop\ZHPDiag.txt
2016-05-11 18:39 - 2016-05-11 18:39 - 00000786 _____ C:\Users\Hammoudeh\Desktop\ZHPDiag.lnk
2016-05-11 18:38 - 2016-05-13 16:28 - 00000000 ____D C:\Users\Hammoudeh\AppData\Roaming\ZHP
2016-05-11 18:37 - 2016-05-11 18:37 - 02204160 _____ C:\Users\Hammoudeh\Downloads\ZHPDiag3.exe
2016-05-06 15:36 - 2016-05-09 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-02 18:35 - 2016-05-02 18:35 - 00000000 ____D C:\windows\pss
2016-04-29 17:46 - 2016-04-29 17:46 - 00000408 _____ C:\Users\Hammoudeh\AppData\Roaming\CamShapes.ini
2016-04-29 17:46 - 2016-04-29 17:46 - 00000408 _____ C:\Users\Hammoudeh\AppData\Roaming\CamLayout.ini
2016-04-29 17:46 - 2016-04-29 17:46 - 00000110 _____ C:\Users\Hammoudeh\AppData\Roaming\Camdata.ini
2016-04-29 17:42 - 2016-04-29 17:46 - 00004590 _____ C:\Users\Hammoudeh\AppData\Roaming\CamStudio.cfg
2016-04-29 17:36 - 2016-04-29 17:37 - 00000000 ____D C:\Users\Hammoudeh\Documents\My CamStudio Videos
2016-04-29 17:36 - 2016-04-29 17:37 - 00000000 ____D C:\Users\Hammoudeh\Documents\My CamStudio Temp Files
2016-04-29 17:36 - 2016-04-29 17:36 - 00000867 _____ C:\Users\Hammoudeh\Desktop\CamStudio.lnk
2016-04-29 17:35 - 2016-04-29 17:35 - 00000096 _____ C:\Users\Hammoudeh\AppData\Roaming\version2.xml
2016-04-29 17:35 - 2016-04-29 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2016-04-29 17:35 - 2016-04-29 17:35 - 00000000 ____D C:\Program Files\CamStudio 2.7
2016-04-23 17:09 - 2016-04-23 17:09 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-23 17:09 - 2016-04-23 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-23 14:15 - 2016-04-23 14:15 - 00000059 _____ C:\Users\Hammoudeh\Desktop\Amy Lees.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-14 23:33 - 2015-08-05 19:53 - 00000842 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-14 22:59 - 2015-11-22 20:00 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-05-14 17:33 - 2015-08-05 19:53 - 00000838 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-14 14:42 - 2009-07-14 07:45 - 00022624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-14 14:42 - 2009-07-14 07:45 - 00022624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-14 14:30 - 2016-02-20 23:30 - 00003190 _____ C:\windows\System32\Tasks\Mechanic
2016-05-14 14:30 - 2016-02-20 23:30 - 00001594 _____ C:\ProgramData\XML
2016-05-14 14:29 - 2016-02-20 23:30 - 00000000 _RSHD C:\ProgramData\599478
2016-05-14 14:29 - 2015-08-20 21:45 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-05-14 14:27 - 2015-08-05 19:07 - 00000000 ____D C:\Users\Hammoudeh
2016-05-14 14:27 - 2009-07-14 08:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-13 23:23 - 2015-11-02 18:53 - 00000000 ____D C:\Users\Hammoudeh\Desktop\amer
2016-05-13 21:25 - 2015-08-05 22:37 - 00000000 ____D C:\Users\Hammoudeh\AppData\Local\CrashDumps
2016-05-13 16:32 - 2012-03-12 11:52 - 00000000 ____D C:\ProgramData\Norton
2016-05-13 14:35 - 2015-08-05 20:01 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 14:35 - 2015-08-05 20:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 21:59 - 2016-04-07 21:59 - 05995712 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-12 21:59 - 2015-11-22 20:00 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 21:59 - 2015-11-22 20:00 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 21:59 - 2015-11-22 20:00 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-05-11 18:51 - 2015-08-05 21:18 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-11 18:51 - 2015-08-05 21:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-11 17:28 - 2015-08-05 19:53 - 00003838 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 17:28 - 2015-08-05 19:53 - 00003586 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-09 22:09 - 2015-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-05 19:15 - 2015-08-05 20:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-29 17:45 - 2015-08-19 20:23 - 00000000 ____D C:\Users\Hammoudeh\Desktop\New folder
2016-04-28 00:16 - 2012-03-13 03:03 - 00643710 _____ C:\windows\system32\perfh00C.dat
2016-04-28 00:16 - 2012-03-13 03:03 - 00446148 _____ C:\windows\system32\perfh001.dat
2016-04-28 00:16 - 2012-03-13 03:03 - 00112872 _____ C:\windows\system32\perfc00C.dat
2016-04-28 00:16 - 2012-03-13 03:03 - 00081062 _____ C:\windows\system32\perfc001.dat
2016-04-28 00:16 - 2009-07-14 08:13 - 02002506 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-28 00:16 - 2009-07-14 06:20 - 00000000 ____D C:\windows\inf
2016-04-23 19:08 - 2015-08-05 20:26 - 00000000 ____D C:\Users\Hammoudeh\AppData\Roaming\Skype
2016-04-23 17:09 - 2015-08-05 19:09 - 00000000 ____D C:\ProgramData\Skype
2016-04-23 17:08 - 2015-08-05 20:26 - 00000000 ____D C:\Users\Hammoudeh\AppData\Local\Skype

==================== Files in the root of some directories =======

2015-03-26 14:48 - 2015-03-26 14:48 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2016-05-14 20:19 - 2016-05-14 20:19 - 0000000 _____ () C:\Users\Hammoudeh\AppData\Roaming\.NANotifyHere
2016-04-29 17:46 - 2016-04-29 17:46 - 0000110 _____ () C:\Users\Hammoudeh\AppData\Roaming\Camdata.ini
2016-04-29 17:46 - 2016-04-29 17:46 - 0000408 _____ () C:\Users\Hammoudeh\AppData\Roaming\CamLayout.ini
2016-04-29 17:46 - 2016-04-29 17:46 - 0000408 _____ () C:\Users\Hammoudeh\AppData\Roaming\CamShapes.ini
2016-04-29 17:42 - 2016-04-29 17:46 - 0004590 _____ () C:\Users\Hammoudeh\AppData\Roaming\CamStudio.cfg
2016-05-14 14:40 - 2016-02-20 23:30 - 0319488 _____ () C:\Users\Hammoudeh\AppData\Roaming\clientmon.exe
2016-04-29 17:35 - 2016-04-29 17:35 - 0000096 _____ () C:\Users\Hammoudeh\AppData\Roaming\version2.xml
2015-08-07 20:34 - 2015-08-07 20:34 - 0003584 _____ () C:\Users\Hammoudeh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-20 23:30 - 2016-02-20 23:30 - 0000006 ____S () C:\ProgramData\4de1c4163139e02070beca66b52968b735f6a7f6
2015-08-19 17:31 - 2015-08-19 20:18 - 0001348 _____ () C:\ProgramData\hpzinstall.log
2016-02-20 23:30 - 2016-05-14 14:30 - 0001594 _____ () C:\ProgramData\XML
2012-03-12 12:47 - 2012-03-12 12:47 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-03-12 12:39 - 2012-03-12 12:40 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-03-12 12:44 - 2012-03-12 12:45 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-03-12 12:40 - 2012-03-12 12:44 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-03-12 12:45 - 2012-03-12 12:47 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Files to move or delete:
====================
C:\Users\Hammoudeh\zbotgui v21.js


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-08 17:56

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité