cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by TOSHIBA (2016-04-23 17:52:11)
Running from C:\Users\TOSHIBA\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-08-27 19:50:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1870027983-4264097883-3264919129-500 - Administrator - Disabled)
Guest (S-1-5-21-1870027983-4264097883-3264919129-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1870027983-4264097883-3264919129-1002 - Limited - Enabled)
TOSHIBA (S-1-5-21-1870027983-4264097883-3264919129-1000 - Administrator - Enabled) => C:\Users\TOSHIBA

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.375.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AntiLogger (x32 Version: 1.9.3.602 - Zemana Ltd.) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
doPDF (Version: 8.1.921 - Softland) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland)
doPDF 8 (HKLM-x32\...\{f3778a1a-fca8-458f-8de8-b8eb3ff21cf4}) (Version: 8.1.921 - Softland)
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\{13BE5FED-4B98-3DE1-9510-47EA0693FDE8}) (Version: 50.0.2661.87 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyCrypt SDK version 1.8.1.199 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.8.1.199 - Zemana Ltd.)
K-Lite Mega Codec Pack 10.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version: - Novawave Inc.)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{37AFBFC0-AE39-425B-97CB-A90319D39A4B}) (Version: 8.1.921 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{056A3023-0724-49F0-82F8-88A1F0783D53}) (Version: 8.1.921 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{52BC4F1A-207A-458F-B763-060D54516290}) (Version: 8.1.921 - Softland)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
welcome (x32 Version: 11.0.22500.0.0 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.25 - WildTangent) Hidden
Windows 7 Manager (HKLM\...\{C7534E78-48F0-4E13-A919-A19330CA79B2}) (Version: 5.0.5 - Yamicsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00319510-7845-4687-8241-FEF6AA2EFB4C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {09C7C5E4-62D1-4A9E-A8DF-E00490D214AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {201AAA6E-09B8-4794-8C45-27A9278F9B4C} - System32\Tasks\{DFBB9C3B-5519-44F4-926A-A03E1CB076C7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {26801DB5-E95F-43BC-B435-804B5A0C9BFA} - System32\Tasks\{8E7A84AF-E5A7-416D-B154-D5278AB14BAB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603
Task: {28085BD9-F62B-4251-AEA0-370E68760C57} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {2EC04AD8-3003-4EF9-98D0-260D0BE65084} - System32\Tasks\{F311B61F-7D6D-426F-AE46-DA8CA3D826F1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/en/go/help.faq.installer?LastError=1603
Task: {41D08551-AA0E-45CB-913B-2118CB27F7C7} - System32\Tasks\{86411224-2BDF-458A-AA66-E99068EAC9FB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1603
Task: {4D0033AF-4BB9-4E42-A2D2-64DDCE403FF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {4F91EEE4-8CE0-44D6-9470-FD374C0267A9} - System32\Tasks\{2DBF06EF-013D-46C7-9E03-0B35C049ADF8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603
Task: {50E8D6C9-5DCD-462D-95E4-2B58EA8636DF} - System32\Tasks\{5CC9E16A-A791-4F14-A184-356D52809A5B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1603
Task: {5A6825CC-4CAE-474F-BBDD-D6198E6CDC76} - System32\Tasks\{9BACA7D0-BEB0-4AA9-9A59-05722B1BE9A5} => pcalua.exe -a "C:\Program Files (x86)\USBScan\unins000.exe"
Task: {5E1E5867-1A54-4891-8E1F-96DEA54A34FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-24] (Microsoft Corporation)
Task: {7872C8AA-BCD2-4E41-A223-B2E362226731} - System32\Tasks\{BB803D7B-095E-463C-A6DF-45F3A65DE27E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.1.0.105/en/abandoninstall?page=tsProgressBar
Task: {91D41589-5180-4CB3-9D43-B8D20C4A9FF9} - System32\Tasks\{B49BEC05-6DD4-4525-B571-7DAAD3113BA3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603
Task: {B23948A0-E270-4806-9E2A-DBD24914FC0F} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-12-16] ()
Task: {C55D2579-9812-4BDE-8252-A4032902BF92} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-24] (Microsoft Corporation)
Task: {CFCA0DDF-10D4-40B6-BF40-BCFECB5FED7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {D2FD0D34-1129-4FA7-B38B-8980ED9BC337} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-14] (Microsoft Corporation)
Task: {D8933CF3-973E-44D7-BF1B-6885F71697A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {F60DD6BF-6EDE-457F-9689-174D3A8126A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21] (Google Inc.)
Task: {F6708DFB-6F6B-4D49-968E-A228E65A2485} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-14] (Adobe Systems Incorporated)
Task: {F806A241-4586-411B-826D-610136845788} - System32\Tasks\{F4D38DEE-AFAC-4ECC-B2EF-75E5A51CFD76} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1603

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll
2014-07-16 14:52 - 2011-03-01 00:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2015-11-24 01:45 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-04-06 13:37 - 2016-04-16 16:11 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2015-11-24 01:50 - 2015-11-24 01:50 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-16 15:17 - 2014-12-16 15:17 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2016-04-06 13:37 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-24 01:46 - 2015-11-24 01:50 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com

There are 7846 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-04-22 03:40 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1870027983-4264097883-3264919129-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ASO3DiskOptimizer => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: CSObjectsSrv => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: glarab_http_proxy => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdate1d07c27b3c11b6 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gupdatem1d07c27bae3622 => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MWAgent => 2
MSCONFIG\Services: NAUpdate => 3
MSCONFIG\Services: PanService => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TemproMonitoringService => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA Bluetooth Service => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Monitor.lnk => C:\windows\pss\Bluetooth Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: New Value #2 => C:\Windows\system32\ctfmon.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7F307436-1D5A-4C17-BA68-82EC3EE69202}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{38AC23E1-194F-4E7C-8357-7756DB71F921}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DF351DA7-B952-4013-9458-5AB5953F13E5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F1126B55-432D-49DE-AF30-638D00B71744}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F3B5366E-24FF-4DB3-BB7D-A1093F92CCE6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B6479181-C761-48E6-8742-B74B667C4B82}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{498EAF1F-2583-4118-BE9B-1CA979685788}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-04-2016 12:56:42 Windows Update
13-04-2016 13:35:34 Windows Update
17-04-2016 13:09:14 JRT Pre-Junkware Removal
19-04-2016 12:16:16 Windows Update
21-04-2016 03:42:44 Windows Update
21-04-2016 12:08:04 Restore Point Created by FRST
21-04-2016 13:31:15 ResetBrowser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2016 12:25:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0x604
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/23/2016 11:43:20 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">.

Error: (04/23/2016 11:40:59 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">.

Error: (04/23/2016 11:38:01 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (ResetBrowser).

Error: (04/23/2016 03:03:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0x1020
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/23/2016 01:51:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625
Exception code: 0xc0000374
Fault offset: 0x00000000000bf262
Faulting process id: 0x6c0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/23/2016 01:08:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513, time stamp: 0x4dcdb214
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb302d
Exception code: 0xc0000374
Fault offset: 0x000ce843
Faulting process id: 0x14d8
Faulting application start time: 0xWLXPhotoGallery.exe0
Faulting application path: WLXPhotoGallery.exe1
Faulting module path: WLXPhotoGallery.exe2
Report Id: WLXPhotoGallery.exe3

Error: (04/22/2016 10:42:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 50.0.2661.75 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7f8

Start Time: 01d19cb1c8c886e1

Termination Time: 3

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: c5d0bd85-08ca-11e6-b24e-4c72b96f1d9f

Error: (04/22/2016 03:54:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513, time stamp: 0x4dcdb214
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb302d
Exception code: 0xc0000374
Fault offset: 0x000ce843
Faulting process id: 0x14a8
Faulting application start time: 0xWLXPhotoGallery.exe0
Faulting application path: WLXPhotoGallery.exe1
Faulting module path: WLXPhotoGallery.exe2
Report Id: WLXPhotoGallery.exe3

Error: (04/22/2016 03:53:47 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1870027983-4264097883-3264919129-1000}/">.


System errors:
=============
Error: (04/23/2016 05:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
%%1058

Error: (04/23/2016 11:46:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
%%1058

Error: (04/23/2016 11:37:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (04/23/2016 11:32:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
%%1058

Error: (04/23/2016 11:32:14 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-DriverFrameworks-UserMode/Operational.

Error: (04/22/2016 05:55:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
%%1058

Error: (04/22/2016 05:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/22/2016 05:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/22/2016 05:37:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/22/2016 05:37:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The novaPDF Server service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2016-04-22 03:40:11.639
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-22 03:40:11.608
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.804
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.788
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.757
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.741
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.164
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.133
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.117
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 22:12:56.086
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TOSHIBA\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 25%
Total physical RAM: 8151.8 MB
Available physical RAM: 6054.66 MB
Total Virtual: 14291.99 MB
Available Virtual: 12148.09 MB

==================== Drives ================================

Drive c: (S3A2575D002) (Fixed) (Total:290.98 GB) (Free:227.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:287.88 GB) (Free:287.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: FE1684A7)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=291 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=287.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.8 GB) - (Type=17)

==================== End of Addition.txt ============================

Publicité


Signaler le contenu de ce document

Publicité