Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Amandine (administrator) on AMANDINE-HP on 15-03-2015 20:55:04
Running from C:\Users\Amandine\Downloads
Loaded Profiles: Amandine (Available profiles: Amandine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
() C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\jnsaD183.tmp
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\nsrE314.tmp
(ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe
() C:\Windows\SysWOW64\srvany.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe
(Dropbox, Inc.) C:\Users\Amandine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2012-09-02] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_fr_286] => [X]
HKLM-x32\...\Run: [gmsd_fr_300] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Run: [EPSON SX100 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [221696 2009-07-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Run: [Google Update] => C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-15] (Google Inc.)
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: D - D:\start.exe
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: G - G:\LaunchU3.exe
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: {491f6970-a006-11e4-8aa7-e02a82965cfd} - D:\start.exe
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: {58d82caa-0f55-11e4-971d-e02a82965cfd} - D:\LaunchU3.exe -a
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: {d546675c-3ca4-11e2-b62d-e02a82a58ce6} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Amandine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms}
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
SearchScopes: HKLM -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2011-05-02] (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-02] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-02] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-12] (Hewlett-Packard)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-03-10] (Thinknice Co. Limited)
BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2011-05-02] (DigitalPersona, Inc.)
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Winsock: Catalog9 01 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 16 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\windows\system32\npDeployJava1.dll [2012-09-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-09-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3494486946-2990348000-502095539-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Amandine\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3494486946-2990348000-502095539-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Amandine\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-09-02]
FF HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
Chrome:
=======
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW"
CHR DefaultSearchKeyword: Default -> istartsurf
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 hyxuduge; C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\jnsaD183.tmp [175104 2015-03-07] () [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-03-10] (XTab system)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 ryqofisu; C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\nsrE314.tmp [136704 2015-03-11] () [File not signed]
R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
R2 WIN-srvGA; C:\windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-11] (SysTool PasSame LIMITED)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () [File not signed]
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2009-12-18] ()
R1 {c68dca94-1bf7-448a-8cc5-428cddf04bbd}Gw64; C:\Windows\System32\drivers\{c68dca94-1bf7-448a-8cc5-428cddf04bbd}Gw64.sys [48784 2015-03-11] (StdLib)
S1 MpKsl1ad4faf6; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1B3DBF7-2E12-457D-BA13-C7DF3D6601C4}\MpKsl1ad4faf6.sys [X]
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-15 20:55 - 2015-03-15 20:58 - 00026221 _____ () C:\Users\Amandine\Downloads\FRST.txt
2015-03-15 20:54 - 2015-03-15 20:55 - 00000000 ____D () C:\FRST
2015-03-15 20:54 - 2015-03-15 20:54 - 02095616 _____ (Farbar) C:\Users\Amandine\Downloads\FRST64.exe
2015-03-11 22:18 - 2015-03-15 20:51 - 00004082 _____ () C:\windows\Tasks\cbd6b99d-5071-4681-815b-5687dc2cf47f-12.job
2015-03-11 22:18 - 2015-03-11 22:18 - 00007112 _____ () C:\windows\System32\Tasks\cbd6b99d-5071-4681-815b-5687dc2cf47f-12
2015-03-11 22:18 - 2015-03-11 22:18 - 00000000 ____D () C:\Program Files (x86)\winservice86
2015-03-11 22:16 - 2015-03-11 22:16 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-11 22:15 - 2015-03-11 22:16 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-03-11 22:15 - 2015-03-11 22:15 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-11 22:07 - 2015-03-11 22:08 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\istartsurf
2015-03-11 21:25 - 2015-03-11 05:21 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{c68dca94-1bf7-448a-8cc5-428cddf04bbd}Gw64.sys
2015-03-11 21:18 - 2015-03-11 21:27 - 00000000 ____D () C:\AdwCleaner
2015-03-11 21:16 - 2015-03-11 21:17 - 02171392 _____ () C:\Users\Amandine\Downloads\adwcleaner_4.112.exe
2015-03-10 19:07 - 2015-03-10 19:08 - 00000000 ____D () C:\Program Files (x86)\ca52404f-fdbf-4592-bc1d-1474ee74f4cc
2015-03-10 18:41 - 2015-03-11 21:25 - 00000000 ____D () C:\Program Files (x86)\Mountain Bike
2015-03-10 18:14 - 2015-03-10 18:14 - 00003128 _____ () C:\windows\System32\Tasks\{DC215D9A-2FD3-4FCC-B8F0-EA313B9716CD}
2015-03-07 18:52 - 2015-03-07 18:52 - 00613255 _____ (CMI Limited) C:\Users\Amandine\AppData\Local\nsn3CC.tmp
2015-03-07 18:47 - 2015-03-10 17:49 - 00000000 ____D () C:\ProgramData\{9979b1c9-e625-9253-9979-9b1c9e62c727}
2015-03-07 18:37 - 2015-03-07 18:37 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webTinstMK_01009.Wdf
2015-03-07 18:36 - 2015-03-10 18:35 - 00008672 _____ () C:\windows\SysWOW64\BasementDusterOff.ini
2015-03-07 18:36 - 2015-03-10 18:35 - 00008672 _____ () C:\windows\system32\BasementDusterOff.ini
2015-03-07 18:35 - 2015-03-06 10:29 - 00319392 _____ (BD Inc.) C:\windows\SysWOW64\BDL.dll
2015-03-07 18:11 - 2015-03-10 17:52 - 00000000 ____D () C:\Users\Amandine\AppData\Local\16A0B31B-1425751866-11E0-B057-0884B30040EA
2015-03-07 18:01 - 2015-03-15 20:49 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA
2015-03-07 11:21 - 2015-03-07 12:05 - 00012732 _____ () C:\Users\Amandine\Documents\Comptes parents.xlsx
2015-03-04 22:54 - 2015-03-04 22:54 - 00000000 ____D () C:\041c52916900fe40ccdb916fdd
2015-03-02 14:29 - 2015-03-10 19:17 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-02-25 23:49 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 23:49 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 21:05 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-25 21:05 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-25 21:05 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-25 21:05 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-23 21:24 - 2015-02-23 21:24 - 00000000 __SHD () C:\Users\Amandine\AppData\Local\EmieBrowserModeList
2015-02-22 18:53 - 2015-02-22 18:53 - 00003286 _____ () C:\windows\System32\Tasks\OBIWahe2Tev6RDj
2015-02-22 18:53 - 2015-02-22 18:53 - 00003246 _____ () C:\windows\System32\Tasks\9fb2jX7tSXJeeae
2015-02-22 18:53 - 2015-02-22 18:53 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\LNwJyj1
2015-02-22 18:52 - 2015-02-22 18:53 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\qMFj9qU
2015-02-20 17:36 - 2015-02-20 17:36 - 00000000 ____D () C:\Program Files (x86)\93dabc92-2c3c-49f6-b30b-6fb9e1094381
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\windows\SysWOW64\FM20.DLL
2015-02-14 10:16 - 2015-02-14 10:16 - 00000000 ____D () C:\Users\Amandine\Documents\208
2015-02-13 09:53 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-13 09:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-13 09:53 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-13 09:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-15 20:58 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-15 20:58 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-15 20:56 - 2012-06-15 21:40 - 01088459 _____ () C:\windows\WindowsUpdate.log
2015-03-15 20:52 - 2014-10-27 19:32 - 00000000 ___RD () C:\Users\Amandine\Dropbox
2015-03-15 20:52 - 2014-10-27 19:28 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\Dropbox
2015-03-15 20:51 - 2010-12-07 13:05 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-03-15 20:50 - 2012-09-29 07:46 - 00288724 _____ () C:\windows\PFRO.log
2015-03-15 20:50 - 2012-09-29 07:46 - 00064792 _____ () C:\windows\setupact.log
2015-03-15 20:50 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-15 20:48 - 2013-01-04 16:18 - 00001090 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3494486946-2990348000-502095539-1001UA.job
2015-03-15 20:48 - 2013-01-04 16:18 - 00001038 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3494486946-2990348000-502095539-1001Core.job
2015-03-15 20:48 - 2012-08-19 22:15 - 00001002 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 22:07 - 2012-06-15 21:59 - 00001175 _____ () C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-11 21:26 - 2012-06-15 21:43 - 00000000 ____D () C:\Users\Amandine
2015-03-11 21:26 - 2009-07-14 03:34 - 00000580 _____ () C:\windows\win.ini
2015-03-11 21:05 - 2013-11-29 10:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 19:44 - 2014-11-23 16:07 - 00000118 _____ () C:\Users\Amandine\AppData\Local\recently-fix.db
2015-03-10 19:08 - 2012-06-15 23:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-10 18:39 - 2010-12-07 13:05 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-10 18:29 - 2012-09-18 21:21 - 00000000 ____D () C:\Users\Amandine\AppData\Local\CrashDumps
2015-03-10 17:53 - 2014-10-27 19:32 - 00001029 _____ () C:\Users\Amandine\Desktop\Dropbox.lnk
2015-03-10 17:53 - 2014-10-27 19:31 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-07 13:14 - 2010-12-07 13:01 - 00702650 _____ () C:\windows\system32\perfh00C.dat
2015-03-07 13:14 - 2010-12-07 13:01 - 00129748 _____ () C:\windows\system32\perfc00C.dat
2015-03-07 13:14 - 2009-07-14 06:13 - 01565540 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-07 11:21 - 2013-09-15 15:20 - 00000000 ____D () C:\Users\Amandine\Documents\Informations perso
2015-03-05 23:17 - 2014-03-04 11:48 - 00000000 ____D () C:\Users\Amandine\Documents\RECHERCHES
2015-03-05 22:34 - 2012-07-05 20:46 - 00947200 ___SH () C:\Users\Amandine\Downloads\Thumbs.db
2015-03-04 20:49 - 2014-10-15 21:19 - 00000000 ____D () C:\Users\Amandine\Documents\TCRH
2015-03-03 14:17 - 2012-06-15 22:32 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-26 18:19 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-24 20:42 - 2012-07-09 18:36 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForAmandine
2015-02-24 20:42 - 2012-07-09 18:36 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForAmandine.job
2015-02-23 21:10 - 2012-09-18 21:14 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\CorelHomeOffice
2015-02-23 21:09 - 2012-09-18 21:14 - 00002516 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-02-23 21:09 - 2012-09-18 21:14 - 00000088 __RSH () C:\ProgramData\2120BE8EA9.sys
2015-02-22 18:53 - 2015-01-22 21:51 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\M3dJOXh
2015-02-22 18:53 - 2014-11-22 22:11 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\25CImBP
2015-02-13 09:28 - 2012-09-29 07:46 - 00437688 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-13 09:25 - 2014-12-24 19:35 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-13 09:25 - 2014-05-09 12:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-13 09:04 - 2012-06-15 22:13 - 00001912 _____ () C:\windows\epplauncher.mif
2015-02-13 09:04 - 2012-06-15 22:12 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-13 09:04 - 2012-06-15 22:12 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-13 09:03 - 2012-06-15 22:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
==================== Files in the root of some directories =======
2012-07-09 20:30 - 2012-07-09 20:30 - 0000006 _____ () C:\Program Files (x86)\Common Files\WPVersion.txt
2014-12-30 17:08 - 2014-12-30 17:08 - 0003584 _____ () C:\Users\Amandine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 18:52 - 2015-03-07 18:52 - 0613255 _____ (CMI Limited) C:\Users\Amandine\AppData\Local\nsn3CC.tmp
2014-11-23 16:07 - 2015-03-10 19:44 - 0000118 _____ () C:\Users\Amandine\AppData\Local\recently-fix.db
2012-09-18 21:14 - 2015-02-23 21:09 - 0000088 __RSH () C:\ProgramData\2120BE8EA9.sys
2014-01-04 17:41 - 2014-01-04 17:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-09-18 21:14 - 2015-02-23 21:09 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
Some content of TEMP:
====================
C:\Users\Amandine\AppData\Local\Temp\20BDA0D1-E5D6-6D09-FA05-A27BA825C086.dll
C:\Users\Amandine\AppData\Local\Temp\20BDA0D1-E5D6-6D09-FA05-A27BA825C086.exe
C:\Users\Amandine\AppData\Local\Temp\3668.exe
C:\Users\Amandine\AppData\Local\Temp\6165.exe
C:\Users\Amandine\AppData\Local\Temp\A39437BA-EF23-7C17-A1D9-1FC617AF6386.exe
C:\Users\Amandine\AppData\Local\Temp\BackupSetup.exe
C:\Users\Amandine\AppData\Local\Temp\bitool.dll
C:\Users\Amandine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpplqn6y.dll
C:\Users\Amandine\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Amandine\AppData\Local\Temp\nsbE616.exe
C:\Users\Amandine\AppData\Local\Temp\nsc2B86.exe
C:\Users\Amandine\AppData\Local\Temp\nsc8AE6.exe
C:\Users\Amandine\AppData\Local\Temp\nsf8B99.exe
C:\Users\Amandine\AppData\Local\Temp\nsg22DA.exe
C:\Users\Amandine\AppData\Local\Temp\nsh2F9C.exe
C:\Users\Amandine\AppData\Local\Temp\nsq3D8B.exe
C:\Users\Amandine\AppData\Local\Temp\nsqB859.exe
C:\Users\Amandine\AppData\Local\Temp\nsrDF71.exe
C:\Users\Amandine\AppData\Local\Temp\nss8EED.exe
C:\Users\Amandine\AppData\Local\Temp\nsu853A.exe
C:\Users\Amandine\AppData\Local\Temp\nsv3437.exe
C:\Users\Amandine\AppData\Local\Temp\nsvABAB.exe
C:\Users\Amandine\AppData\Local\Temp\nsw2951.exe
C:\Users\Amandine\AppData\Local\Temp\nsxA94F.exe
C:\Users\Amandine\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Amandine\AppData\Local\Temp\optsetup.exe
C:\Users\Amandine\AppData\Local\Temp\qEf9AF7.exe
C:\Users\Amandine\AppData\Local\Temp\Quarantine.exe
C:\Users\Amandine\AppData\Local\Temp\Resource.exe
C:\Users\Amandine\AppData\Local\Temp\setupWizard.exe
C:\Users\Amandine\AppData\Local\Temp\sp58915.exe
C:\Users\Amandine\AppData\Local\Temp\SpOrder.dll
C:\Users\Amandine\AppData\Local\Temp\SQLite.dll
C:\Users\Amandine\AppData\Local\Temp\sqlite3.dll
C:\Users\Amandine\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Amandine\AppData\Local\Temp\unzip.exe
C:\Users\Amandine\AppData\Local\Temp\~bsrufyi.exe
C:\Users\Amandine\AppData\Local\Temp\~fyalyua.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-04 11:26
==================== End Of Log ============================
Ran by Amandine (administrator) on AMANDINE-HP on 15-03-2015 20:55:04
Running from C:\Users\Amandine\Downloads
Loaded Profiles: Amandine (Available profiles: Amandine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
() C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\jnsaD183.tmp
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\nsrE314.tmp
(ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe
() C:\Windows\SysWOW64\srvany.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe
(Dropbox, Inc.) C:\Users\Amandine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2012-09-02] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_fr_286] => [X]
HKLM-x32\...\Run: [gmsd_fr_300] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Run: [EPSON SX100 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [221696 2009-07-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Run: [Google Update] => C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-15] (Google Inc.)
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: D - D:\start.exe
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: G - G:\LaunchU3.exe
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: {491f6970-a006-11e4-8aa7-e02a82965cfd} - D:\start.exe
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: {58d82caa-0f55-11e4-971d-e02a82965cfd} - D:\LaunchU3.exe -a
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: {d546675c-3ca4-11e2-b62d-e02a82a58ce6} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Amandine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms}
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
HKU\S-1-5-21-3494486946-2990348000-502095539-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
SearchScopes: HKLM -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms}
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2011-05-02] (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-02] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-02] (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-12] (Hewlett-Packard)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-03-10] (Thinknice Co. Limited)
BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2011-05-02] (DigitalPersona, Inc.)
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Winsock: Catalog9 01 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 16 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\windows\system32\npDeployJava1.dll [2012-09-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-09-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3494486946-2990348000-502095539-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Amandine\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3494486946-2990348000-502095539-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Amandine\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-09-02]
FF HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
Chrome:
=======
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW"
CHR DefaultSearchKeyword: Default -> istartsurf
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Google Wallet) - C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 hyxuduge; C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\jnsaD183.tmp [175104 2015-03-07] () [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-03-10] (XTab system)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 ryqofisu; C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\nsrE314.tmp [136704 2015-03-11] () [File not signed]
R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
R2 WIN-srvGA; C:\windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-11] (SysTool PasSame LIMITED)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () [File not signed]
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2009-12-18] ()
R1 {c68dca94-1bf7-448a-8cc5-428cddf04bbd}Gw64; C:\Windows\System32\drivers\{c68dca94-1bf7-448a-8cc5-428cddf04bbd}Gw64.sys [48784 2015-03-11] (StdLib)
S1 MpKsl1ad4faf6; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1B3DBF7-2E12-457D-BA13-C7DF3D6601C4}\MpKsl1ad4faf6.sys [X]
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-15 20:55 - 2015-03-15 20:58 - 00026221 _____ () C:\Users\Amandine\Downloads\FRST.txt
2015-03-15 20:54 - 2015-03-15 20:55 - 00000000 ____D () C:\FRST
2015-03-15 20:54 - 2015-03-15 20:54 - 02095616 _____ (Farbar) C:\Users\Amandine\Downloads\FRST64.exe
2015-03-11 22:18 - 2015-03-15 20:51 - 00004082 _____ () C:\windows\Tasks\cbd6b99d-5071-4681-815b-5687dc2cf47f-12.job
2015-03-11 22:18 - 2015-03-11 22:18 - 00007112 _____ () C:\windows\System32\Tasks\cbd6b99d-5071-4681-815b-5687dc2cf47f-12
2015-03-11 22:18 - 2015-03-11 22:18 - 00000000 ____D () C:\Program Files (x86)\winservice86
2015-03-11 22:16 - 2015-03-11 22:16 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-11 22:15 - 2015-03-11 22:16 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-03-11 22:15 - 2015-03-11 22:15 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-11 22:07 - 2015-03-11 22:08 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\istartsurf
2015-03-11 21:25 - 2015-03-11 05:21 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{c68dca94-1bf7-448a-8cc5-428cddf04bbd}Gw64.sys
2015-03-11 21:18 - 2015-03-11 21:27 - 00000000 ____D () C:\AdwCleaner
2015-03-11 21:16 - 2015-03-11 21:17 - 02171392 _____ () C:\Users\Amandine\Downloads\adwcleaner_4.112.exe
2015-03-10 19:07 - 2015-03-10 19:08 - 00000000 ____D () C:\Program Files (x86)\ca52404f-fdbf-4592-bc1d-1474ee74f4cc
2015-03-10 18:41 - 2015-03-11 21:25 - 00000000 ____D () C:\Program Files (x86)\Mountain Bike
2015-03-10 18:14 - 2015-03-10 18:14 - 00003128 _____ () C:\windows\System32\Tasks\{DC215D9A-2FD3-4FCC-B8F0-EA313B9716CD}
2015-03-07 18:52 - 2015-03-07 18:52 - 00613255 _____ (CMI Limited) C:\Users\Amandine\AppData\Local\nsn3CC.tmp
2015-03-07 18:47 - 2015-03-10 17:49 - 00000000 ____D () C:\ProgramData\{9979b1c9-e625-9253-9979-9b1c9e62c727}
2015-03-07 18:37 - 2015-03-07 18:37 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webTinstMK_01009.Wdf
2015-03-07 18:36 - 2015-03-10 18:35 - 00008672 _____ () C:\windows\SysWOW64\BasementDusterOff.ini
2015-03-07 18:36 - 2015-03-10 18:35 - 00008672 _____ () C:\windows\system32\BasementDusterOff.ini
2015-03-07 18:35 - 2015-03-06 10:29 - 00319392 _____ (BD Inc.) C:\windows\SysWOW64\BDL.dll
2015-03-07 18:11 - 2015-03-10 17:52 - 00000000 ____D () C:\Users\Amandine\AppData\Local\16A0B31B-1425751866-11E0-B057-0884B30040EA
2015-03-07 18:01 - 2015-03-15 20:49 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA
2015-03-07 11:21 - 2015-03-07 12:05 - 00012732 _____ () C:\Users\Amandine\Documents\Comptes parents.xlsx
2015-03-04 22:54 - 2015-03-04 22:54 - 00000000 ____D () C:\041c52916900fe40ccdb916fdd
2015-03-02 14:29 - 2015-03-10 19:17 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-02-25 23:49 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 23:49 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 21:05 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-25 21:05 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-25 21:05 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-25 21:05 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-23 21:24 - 2015-02-23 21:24 - 00000000 __SHD () C:\Users\Amandine\AppData\Local\EmieBrowserModeList
2015-02-22 18:53 - 2015-02-22 18:53 - 00003286 _____ () C:\windows\System32\Tasks\OBIWahe2Tev6RDj
2015-02-22 18:53 - 2015-02-22 18:53 - 00003246 _____ () C:\windows\System32\Tasks\9fb2jX7tSXJeeae
2015-02-22 18:53 - 2015-02-22 18:53 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\LNwJyj1
2015-02-22 18:52 - 2015-02-22 18:53 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\qMFj9qU
2015-02-20 17:36 - 2015-02-20 17:36 - 00000000 ____D () C:\Program Files (x86)\93dabc92-2c3c-49f6-b30b-6fb9e1094381
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\windows\SysWOW64\FM20.DLL
2015-02-14 10:16 - 2015-02-14 10:16 - 00000000 ____D () C:\Users\Amandine\Documents\208
2015-02-13 09:53 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-13 09:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-13 09:53 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-13 09:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-15 20:58 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-15 20:58 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-15 20:56 - 2012-06-15 21:40 - 01088459 _____ () C:\windows\WindowsUpdate.log
2015-03-15 20:52 - 2014-10-27 19:32 - 00000000 ___RD () C:\Users\Amandine\Dropbox
2015-03-15 20:52 - 2014-10-27 19:28 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\Dropbox
2015-03-15 20:51 - 2010-12-07 13:05 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-03-15 20:50 - 2012-09-29 07:46 - 00288724 _____ () C:\windows\PFRO.log
2015-03-15 20:50 - 2012-09-29 07:46 - 00064792 _____ () C:\windows\setupact.log
2015-03-15 20:50 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-15 20:48 - 2013-01-04 16:18 - 00001090 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3494486946-2990348000-502095539-1001UA.job
2015-03-15 20:48 - 2013-01-04 16:18 - 00001038 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3494486946-2990348000-502095539-1001Core.job
2015-03-15 20:48 - 2012-08-19 22:15 - 00001002 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 22:07 - 2012-06-15 21:59 - 00001175 _____ () C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-11 21:26 - 2012-06-15 21:43 - 00000000 ____D () C:\Users\Amandine
2015-03-11 21:26 - 2009-07-14 03:34 - 00000580 _____ () C:\windows\win.ini
2015-03-11 21:05 - 2013-11-29 10:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 19:44 - 2014-11-23 16:07 - 00000118 _____ () C:\Users\Amandine\AppData\Local\recently-fix.db
2015-03-10 19:08 - 2012-06-15 23:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-10 18:39 - 2010-12-07 13:05 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-10 18:29 - 2012-09-18 21:21 - 00000000 ____D () C:\Users\Amandine\AppData\Local\CrashDumps
2015-03-10 17:53 - 2014-10-27 19:32 - 00001029 _____ () C:\Users\Amandine\Desktop\Dropbox.lnk
2015-03-10 17:53 - 2014-10-27 19:31 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-07 13:14 - 2010-12-07 13:01 - 00702650 _____ () C:\windows\system32\perfh00C.dat
2015-03-07 13:14 - 2010-12-07 13:01 - 00129748 _____ () C:\windows\system32\perfc00C.dat
2015-03-07 13:14 - 2009-07-14 06:13 - 01565540 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-07 11:21 - 2013-09-15 15:20 - 00000000 ____D () C:\Users\Amandine\Documents\Informations perso
2015-03-05 23:17 - 2014-03-04 11:48 - 00000000 ____D () C:\Users\Amandine\Documents\RECHERCHES
2015-03-05 22:34 - 2012-07-05 20:46 - 00947200 ___SH () C:\Users\Amandine\Downloads\Thumbs.db
2015-03-04 20:49 - 2014-10-15 21:19 - 00000000 ____D () C:\Users\Amandine\Documents\TCRH
2015-03-03 14:17 - 2012-06-15 22:32 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-26 18:19 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-24 20:42 - 2012-07-09 18:36 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForAmandine
2015-02-24 20:42 - 2012-07-09 18:36 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForAmandine.job
2015-02-23 21:10 - 2012-09-18 21:14 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\CorelHomeOffice
2015-02-23 21:09 - 2012-09-18 21:14 - 00002516 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-02-23 21:09 - 2012-09-18 21:14 - 00000088 __RSH () C:\ProgramData\2120BE8EA9.sys
2015-02-22 18:53 - 2015-01-22 21:51 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\M3dJOXh
2015-02-22 18:53 - 2014-11-22 22:11 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\25CImBP
2015-02-13 09:28 - 2012-09-29 07:46 - 00437688 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-13 09:25 - 2014-12-24 19:35 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-13 09:25 - 2014-05-09 12:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-13 09:04 - 2012-06-15 22:13 - 00001912 _____ () C:\windows\epplauncher.mif
2015-02-13 09:04 - 2012-06-15 22:12 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-13 09:04 - 2012-06-15 22:12 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-13 09:03 - 2012-06-15 22:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
==================== Files in the root of some directories =======
2012-07-09 20:30 - 2012-07-09 20:30 - 0000006 _____ () C:\Program Files (x86)\Common Files\WPVersion.txt
2014-12-30 17:08 - 2014-12-30 17:08 - 0003584 _____ () C:\Users\Amandine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-07 18:52 - 2015-03-07 18:52 - 0613255 _____ (CMI Limited) C:\Users\Amandine\AppData\Local\nsn3CC.tmp
2014-11-23 16:07 - 2015-03-10 19:44 - 0000118 _____ () C:\Users\Amandine\AppData\Local\recently-fix.db
2012-09-18 21:14 - 2015-02-23 21:09 - 0000088 __RSH () C:\ProgramData\2120BE8EA9.sys
2014-01-04 17:41 - 2014-01-04 17:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-09-18 21:14 - 2015-02-23 21:09 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
Some content of TEMP:
====================
C:\Users\Amandine\AppData\Local\Temp\20BDA0D1-E5D6-6D09-FA05-A27BA825C086.dll
C:\Users\Amandine\AppData\Local\Temp\20BDA0D1-E5D6-6D09-FA05-A27BA825C086.exe
C:\Users\Amandine\AppData\Local\Temp\3668.exe
C:\Users\Amandine\AppData\Local\Temp\6165.exe
C:\Users\Amandine\AppData\Local\Temp\A39437BA-EF23-7C17-A1D9-1FC617AF6386.exe
C:\Users\Amandine\AppData\Local\Temp\BackupSetup.exe
C:\Users\Amandine\AppData\Local\Temp\bitool.dll
C:\Users\Amandine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpplqn6y.dll
C:\Users\Amandine\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Amandine\AppData\Local\Temp\nsbE616.exe
C:\Users\Amandine\AppData\Local\Temp\nsc2B86.exe
C:\Users\Amandine\AppData\Local\Temp\nsc8AE6.exe
C:\Users\Amandine\AppData\Local\Temp\nsf8B99.exe
C:\Users\Amandine\AppData\Local\Temp\nsg22DA.exe
C:\Users\Amandine\AppData\Local\Temp\nsh2F9C.exe
C:\Users\Amandine\AppData\Local\Temp\nsq3D8B.exe
C:\Users\Amandine\AppData\Local\Temp\nsqB859.exe
C:\Users\Amandine\AppData\Local\Temp\nsrDF71.exe
C:\Users\Amandine\AppData\Local\Temp\nss8EED.exe
C:\Users\Amandine\AppData\Local\Temp\nsu853A.exe
C:\Users\Amandine\AppData\Local\Temp\nsv3437.exe
C:\Users\Amandine\AppData\Local\Temp\nsvABAB.exe
C:\Users\Amandine\AppData\Local\Temp\nsw2951.exe
C:\Users\Amandine\AppData\Local\Temp\nsxA94F.exe
C:\Users\Amandine\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Amandine\AppData\Local\Temp\optsetup.exe
C:\Users\Amandine\AppData\Local\Temp\qEf9AF7.exe
C:\Users\Amandine\AppData\Local\Temp\Quarantine.exe
C:\Users\Amandine\AppData\Local\Temp\Resource.exe
C:\Users\Amandine\AppData\Local\Temp\setupWizard.exe
C:\Users\Amandine\AppData\Local\Temp\sp58915.exe
C:\Users\Amandine\AppData\Local\Temp\SpOrder.dll
C:\Users\Amandine\AppData\Local\Temp\SQLite.dll
C:\Users\Amandine\AppData\Local\Temp\sqlite3.dll
C:\Users\Amandine\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Amandine\AppData\Local\Temp\unzip.exe
C:\Users\Amandine\AppData\Local\Temp\~bsrufyi.exe
C:\Users\Amandine\AppData\Local\Temp\~fyalyua.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-04 11:26
==================== End Of Log ============================