cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-05-2016
Ran by OUSSAMA (administrator) on OUSSAMA-PC (19-05-2016 17:23:04)
Running from C:\Users\OUSSAMA\Desktop
Loaded Profiles: OUSSAMA (Available Profiles: OUSSAMA)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Anglais (États-Unis)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Windows\SysWOW64\ASGT.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-04-09] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-02-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-03-04] (Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKU\S-1-5-21-2948358653-692545196-1761926815-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3928120 2016-05-11] (Tonec Inc.)
HKU\S-1-5-21-2948358653-692545196-1761926815-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-02-14] (AMD)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-04] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60077DA8-FC63-45BD-B6B3-C96288B8AA47}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2948358653-692545196-1761926815-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-2948358653-692545196-1761926815-1000 - Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
SearchScopes: HKU\S-1-5-21-2948358653-692545196-1761926815-1000 -> DefaultScope {608FD6C9-726D-44bc-A204-0ED8740F21CD} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2948358653-692545196-1761926815-1000 -> {608FD6C9-726D-44bc-A204-0ED8740F21CD} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2948358653-692545196-1761926815-1000 -> {7D021DA0-5635-4c89-A8F9-57350E39E842} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-2948358653-692545196-1761926815-1000 -> {80993F00-4EAF-4b73-ABAE-BD7A597A5329} URL = hxxp://fr.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-08] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Splashtop Connect VisualBookmark -> {0E5680D1-BF44-4929-94AF-FD30D784AD1D} -> C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll [2011-03-04] (Splashtop Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-08] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2948358653-692545196-1761926815-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}
FF Extension: Splashtop Connect Companion - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2016-04-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
FF Extension: Splashtop Connect - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2016-04-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{d9284e50-81fc-11da-a72b-0800200c9a66}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF Extension: Yoono - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2016-04-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-04-09]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-2948358653-692545196-1761926815-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-04-26]
FF HKU\S-1-5-21-2948358653-692545196-1761926815-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\OUSSAMA\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\OUSSAMA\AppData\Roaming\IDM\idmmzcc5 [2016-05-19] [not signed]

Chrome:
=======
CHR Profile: C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-08]
CHR Extension: (Google Docs) - C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-08]
CHR Extension: (Google Drive) - C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-08]
CHR Extension: (YouTube) - C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-08]
CHR Extension: (Adobe Acrobat) - C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-04-09]
CHR Extension: (Google Sheets) - C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-08]
CHR Extension: (Google Docs hors connexion) - C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Avast Online Security) - C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-04]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\OUSSAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-05-10]
CHR HKU\S-1-5-21-2948358653-692545196-1761926815-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-18]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-08]
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-05-04] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
R2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2010-11-30] (Splashtop Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-04] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-04-08] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-04-08] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-09] (REALiX(tm))
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2016-04-09] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-19 17:23 - 2016-05-19 17:23 - 00020846 _____ C:\Users\OUSSAMA\Desktop\FRST.txt
2016-05-19 17:22 - 2016-05-19 17:23 - 00000000 ____D C:\FRST
2016-05-19 17:21 - 2016-05-19 17:22 - 02382336 _____ (Farbar) C:\Users\OUSSAMA\Desktop\FRST64.exe
2016-05-17 20:44 - 2016-05-18 22:49 - 00000000 ____D C:\Users\OUSSAMA\AppData\Roaming\ZHP
2016-05-16 21:35 - 2016-05-16 21:40 - 00000000 ____D C:\Users\OUSSAMA\AppData\Roaming\IDM
2016-05-16 21:35 - 2016-05-16 21:38 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-05-16 21:35 - 2016-05-16 21:35 - 00000000 ____D C:\Users\OUSSAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-05-16 21:35 - 2016-05-16 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-05-16 20:42 - 2016-05-19 16:09 - 00005070 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for OUSSAMA-PC-OUSSAMA OUSSAMA-PC
2016-05-10 18:35 - 2016-01-28 12:20 - 00209056 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2016-05-04 20:57 - 2016-05-04 20:57 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-05-04 14:38 - 2016-05-04 14:38 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-05-04 14:38 - 2016-05-04 14:38 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-05-01 13:25 - 2016-05-02 07:09 - 00000699 _____ C:\Users\OUSSAMA\Desktop\Adobe Photoshop CC 2015.lnk
2016-05-01 13:21 - 2016-05-02 07:10 - 00000699 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-05-01 13:14 - 2016-05-01 13:21 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-05-01 13:13 - 2016-05-02 07:10 - 00001518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-04-29 22:16 - 2016-04-29 22:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-04-22 21:24 - 2016-05-17 19:45 - 00003234 _____ C:\Windows\System32\Tasks\SidebarExecute
2016-04-21 23:35 - 2016-05-19 15:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-21 23:34 - 2016-05-02 07:10 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-21 23:34 - 2016-04-21 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-21 23:34 - 2016-04-21 23:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-21 23:34 - 2016-04-21 23:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-21 23:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-21 23:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-21 23:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-21 20:30 - 2016-04-21 22:37 - 00000001 _____ C:\Windows\SysWOW64\fr.html
2016-04-19 00:32 - 2016-04-22 21:21 - 00000000 __SHD C:\Users\OUSSAMA\AppData\Roaming\Adobe PhotoShop
2016-04-19 00:32 - 2016-04-22 21:21 - 00000000 ____D C:\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-19 17:18 - 2016-04-08 21:37 - 00000000 ____D C:\Users\OUSSAMA\AppData\Roaming\vlc
2016-05-19 17:17 - 2016-04-13 22:23 - 00000000 ___SD C:\Users\OUSSAMA\AppData\LocalLow\Temp
2016-05-19 17:14 - 2016-04-08 20:02 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-19 15:51 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-19 15:51 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-19 15:44 - 2016-04-08 20:02 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-19 15:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-19 00:06 - 2016-04-10 22:14 - 00002912 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_OUSSAMA
2016-05-19 00:06 - 2016-04-08 20:17 - 00000000 ____D C:\Users\OUSSAMA\AppData\Roaming\DMCache
2016-05-18 23:17 - 2016-04-15 23:11 - 00000000 ____D C:\Users\OUSSAMA\AppData\Roaming\Skype
2016-05-17 20:27 - 2016-04-15 23:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-17 20:27 - 2016-04-15 23:10 - 00000000 ____D C:\ProgramData\Skype
2016-05-17 11:44 - 2016-04-08 20:17 - 00000000 ____D C:\Users\OUSSAMA\Downloads\Compressed
2016-05-17 11:30 - 2016-04-08 23:00 - 00692886 _____ C:\Windows\system32\perfh00C.dat
2016-05-17 11:30 - 2016-04-08 23:00 - 00426820 _____ C:\Windows\system32\perfh001.dat
2016-05-17 11:30 - 2016-04-08 23:00 - 00126998 _____ C:\Windows\system32\perfc00C.dat
2016-05-17 11:30 - 2016-04-08 23:00 - 00075966 _____ C:\Windows\system32\perfc001.dat
2016-05-17 11:30 - 2009-07-14 07:13 - 02024198 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-17 11:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-17 10:03 - 2016-04-08 20:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-15 19:14 - 2016-04-09 21:32 - 00000000 ____D C:\ProgramData\ProductData
2016-05-13 18:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-12 18:18 - 2016-04-08 21:09 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 18:18 - 2016-04-08 21:09 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-10 23:09 - 2016-04-08 20:02 - 00004064 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 23:09 - 2016-04-08 20:02 - 00003812 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-08 00:31 - 2016-04-09 21:24 - 00000000 ____D C:\Users\OUSSAMA\AppData\Roaming\uTorrent
2016-05-04 20:57 - 2016-04-08 21:27 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1460143632
2016-05-04 14:38 - 2016-04-08 21:26 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-05-04 14:38 - 2016-04-08 20:32 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-05-04 14:38 - 2016-04-08 20:32 - 00536312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-05-04 14:38 - 2016-04-08 20:32 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-05-04 14:38 - 2016-04-08 20:32 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-05-04 14:38 - 2016-04-08 20:32 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-05-04 14:38 - 2016-04-08 20:32 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-05-04 14:38 - 2016-04-08 20:32 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-05-04 14:38 - 2016-04-08 20:32 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-05-04 14:38 - 2016-04-08 20:32 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-05-03 13:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-02 07:10 - 2016-04-16 21:12 - 00001742 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2016-05-02 07:10 - 2016-04-15 23:10 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-02 07:10 - 2016-04-10 22:14 - 00001354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-05-02 07:10 - 2016-04-10 22:14 - 00001348 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-05-02 07:10 - 2016-04-08 21:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2016-05-02 07:10 - 2016-04-08 21:52 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2016-05-02 07:10 - 2016-04-08 21:52 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2016-05-02 07:10 - 2016-04-08 21:52 - 00002020 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2016-05-02 07:10 - 2016-04-08 21:37 - 00000909 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-02 07:10 - 2016-04-08 21:27 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-05-02 07:10 - 2016-04-08 20:34 - 00001960 _____ C:\Users\Public\Desktop\Avast Premium.lnk
2016-05-02 07:10 - 2016-04-08 19:09 - 00001416 _____ C:\Users\OUSSAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
2016-05-02 07:10 - 2016-04-08 19:03 - 00001405 _____ C:\Users\OUSSAMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-02 07:10 - 2016-04-08 19:00 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-02 07:10 - 2016-04-08 19:00 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-02 07:10 - 2009-07-14 06:57 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-02 07:10 - 2009-07-14 06:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-02 07:10 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-02 07:10 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-02 07:09 - 2016-04-09 21:25 - 00000855 _____ C:\Users\OUSSAMA\Desktop\µTorrent.lnk
2016-05-02 07:09 - 2016-04-09 21:25 - 00000835 _____ C:\Users\OUSSAMA\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-05-02 07:09 - 2016-04-08 23:17 - 00002835 _____ C:\Users\OUSSAMA\Desktop\Excel 2013.lnk
2016-05-02 07:09 - 2016-04-08 23:17 - 00002831 _____ C:\Users\OUSSAMA\Desktop\PowerPoint 2013.lnk
2016-05-02 07:09 - 2016-04-08 23:17 - 00002827 _____ C:\Users\OUSSAMA\Desktop\Word 2013.lnk
2016-05-02 07:09 - 2016-04-08 20:15 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2016-05-02 07:09 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-02 07:09 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-02 07:07 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-05-01 13:31 - 2016-04-08 21:21 - 00000000 ____D C:\Users\OUSSAMA\AppData\Roaming\Adobe
2016-05-01 13:28 - 2016-04-08 21:53 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-01 13:19 - 2016-04-10 00:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-01 13:11 - 2016-04-08 21:21 - 00000000 ____D C:\ProgramData\Adobe
2016-04-30 00:48 - 2009-07-14 06:45 - 05813672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-29 16:03 - 2016-04-09 20:46 - 00000000 ____D C:\Brother
2016-04-29 15:49 - 2016-04-09 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-04-29 14:39 - 2016-04-08 21:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-29 14:38 - 2016-04-08 19:47 - 00447232 _____ C:\Users\OUSSAMA\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-29 14:15 - 2016-04-08 21:11 - 00000000 ____D C:\Users\OUSSAMA\AppData\Local\Adobe
2016-04-23 18:31 - 2016-04-09 21:31 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-22 12:49 - 2016-04-09 21:32 - 00000000 ____D C:\ProgramData\IObit
2016-04-21 23:59 - 2016-04-15 13:44 - 00000000 ____D C:\ProgramData\4winp4
2016-04-21 23:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\L2Schemas
2016-04-21 20:30 - 2016-04-08 19:03 - 00000000 ____D C:\Users\OUSSAMA
2016-04-21 20:29 - 2016-04-10 22:14 - 00000000 ____D C:\Users\OUSSAMA\AppData\Roaming\ProductData
2016-04-21 20:29 - 2016-04-09 20:17 - 00000000 ____D C:\ProgramData\Brother
2016-04-21 20:29 - 2016-04-08 23:14 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-04-21 20:29 - 2016-04-08 20:32 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-04-21 20:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-04-21 20:28 - 2016-04-09 20:46 - 00000000 ____D C:\Program Files (x86)\Brother
2016-04-21 20:28 - 2016-04-08 19:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-21 20:28 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-21 20:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-04-21 15:05 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-20 21:02 - 2016-04-08 20:17 - 00000000 ____D C:\Users\OUSSAMA\Downloads\Video

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-13 18:21

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité