Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by Eric at 2015-07-17 16:56:37 Run:1 Running from C:\Users\Eric\Downloads\Le 17-07-2015 Loaded Profiles: Eric (Available Profiles: Eric) Boot Mode: Normal ============================================== fixlist content: ***************** start createrestorepoint: closeprocesses: hosts: reg: reg query "hkey_local_machine\system\CurrentControlSet\control\session manager" reg: reg query "hkey_local_machine\system\ControlSet001\control\session manager" AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service c:\Program Files (x86)\Spybot - Search & Destroy 2 Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2495529786-3529627654-4235211919-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: autocheck autochk * 쳱ȶꩼQᴈ@煮Q뉠ȳ뉠ȳ HKU\S-1-5-21-2495529786-3529627654-4235211919-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2495529786-3529627654-4235211919-1001 -> {0C729D25-E0E8-3782-E82D-6694B613FED2} URL = BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File C:\Users\Eric\AppData\Local\Temp\SkypeSetup.exe reboot: end Poste le rapport obtenu. labougie Edit; ***************** Restore point was successfully created. Processes closed successfully. C:\Windows\System32\Drivers\etc\hosts => moved successfully. Hosts restored successfully. ========= reg query "hkey_local_machine\system\CurrentControlSet\control\session manager" ========= HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager CriticalSectionTimeout REG_DWORD 0x278d00 GlobalFlag REG_DWORD 0x0 HeapDeCommitFreeBlockThreshold REG_DWORD 0x0 HeapDeCommitTotalFreeThreshold REG_DWORD 0x0 HeapSegmentCommit REG_DWORD 0x0 HeapSegmentReserve REG_DWORD 0x0 ProcessorControl REG_DWORD 0x2 ResourceTimeoutCount REG_DWORD 0x9e340 BootExecute REG_SZ autocheck autochk * ExcludeFromKnownDlls REG_MULTI_SZ ObjectDirectories REG_MULTI_SZ \Windows\0\RPC Control ProtectionMode REG_DWORD 0x1 NumberOfInitialSessions REG_DWORD 0x2 SetupExecute REG_MULTI_SZ PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\Eric\AppData\Local\Temp\_iu14D2N.tmp\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanLibrary.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\scan.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\snlBase150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\vcl150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLists.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\locale\fr_FR\LC_MESSAGES\default.mo\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\locale\fr_FR\LC_MESSAGES\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\locale\fr_FR\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\locale\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\Au_.exe\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\Au_.exe\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\Au_.exe\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\0\??\C:\Users\Eric\AppData\Local\Temp\nsh23DE.tmp\McSplash.dll\0\??\C:\Users\Eric\AppData\Local\Temp\nsh23DE.tmp\\0\??\C:\Windows\system32\drivers\HipShieldK.sys HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\AppCompatCache HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\Configuration Manager HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\DOS Devices HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\Environment HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\Executive HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\FileRenameOperations HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\I/O System HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\kernel HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\KnownDLLs HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\Memory Management HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\Power HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\Quota System HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\SubSystems HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\session manager\WPA ========= End of Reg: ========= ========= reg query "hkey_local_machine\system\ControlSet001\control\session manager" ========= HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager CriticalSectionTimeout REG_DWORD 0x278d00 GlobalFlag REG_DWORD 0x0 HeapDeCommitFreeBlockThreshold REG_DWORD 0x0 HeapDeCommitTotalFreeThreshold REG_DWORD 0x0 HeapSegmentCommit REG_DWORD 0x0 HeapSegmentReserve REG_DWORD 0x0 ProcessorControl REG_DWORD 0x2 ResourceTimeoutCount REG_DWORD 0x9e340 BootExecute REG_SZ autocheck autochk * ExcludeFromKnownDlls REG_MULTI_SZ ObjectDirectories REG_MULTI_SZ \Windows\0\RPC Control ProtectionMode REG_DWORD 0x1 NumberOfInitialSessions REG_DWORD 0x2 SetupExecute REG_MULTI_SZ PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\Eric\AppData\Local\Temp\_iu14D2N.tmp\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanLibrary.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\scan.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\snlBase150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\vcl150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLists.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\locale\fr_FR\LC_MESSAGES\default.mo\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\locale\fr_FR\LC_MESSAGES\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\locale\fr_FR\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\locale\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat\0\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\Au_.exe\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\Au_.exe\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\Au_.exe\0\??\C:\Users\Eric\AppData\Local\Temp\~nsu.tmp\0\??\C:\Users\Eric\AppData\Local\Temp\nsh23DE.tmp\McSplash.dll\0\??\C:\Users\Eric\AppData\Local\Temp\nsh23DE.tmp\\0\??\C:\Windows\system32\drivers\HipShieldK.sys HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\AppCompatCache HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\Configuration Manager HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\DOS Devices HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\Environment HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\Executive HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\FileRenameOperations HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\I/O System HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\kernel HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\KnownDLLs HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\Memory Management HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\Power HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\Quota System HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\SubSystems HKEY_LOCAL_MACHINE\system\ControlSet001\control\session manager\WPA ========= End of Reg: ========= C:\Windows => ":nlsPreferences" ADS removed successfully. C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => value not found. c:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully HKU\S-1-5-21-2495529786-3529627654-4235211919-1001\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully "HKU\S-1-5-21-2495529786-3529627654-4235211919-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-2495529786-3529627654-4235211919-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0C729D25-E0E8-3782-E82D-6694B613FED2}" => key removed successfully HKCR\CLSID\{0C729D25-E0E8-3782-E82D-6694B613FED2} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key removed successfully HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully "C:\Users\Eric\AppData\Local\Temp\SkypeSetup.exe" => File/Folder not found. Poste le rapport obtenu. => Error: No automatic fix found for this entry. labougie => Error: No automatic fix found for this entry. Edit; => Error: No automatic fix found for this entry. The system needed a reboot.. ==== End of Fixlog 16:56:54 ====