cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-04-2017
Ran by Owner (administrator) on ZAKARIA007 (19-04-2017 16:08:49)
Running from C:\Documents and Settings\Owner\My Documents\Downloads\Programs
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\wtoolex\wpsupdatesvr.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-04-12] (Malwarebytes Corporation)
HKLM\...\Winlogon: [LegalNoticeCaption] 81u3f4nt45y - 24.01.2007 - Surabaya
HKLM\...\Winlogon: [LegalNoticeText] Surabaya in my birthday
Don't kill me, i'm just send message from your computer
Terima kasih telah menemaniku walaupun hanya sesaat, tapi bagiku sangat berarti
Maafkan jika kebahagiaan yang kuminta adalah teman sepanjang hidupku
Seharusnya aku mengerti bahwa keberadaanku bukanlah disisimu, hanyalah lamunan dalam sesal
Untuk kekasih yang tak kan pernah kumiliki 3r1k1m0
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [NoSharedDocuments] 1
HKLM\...\Policies\Explorer: [MaxRecentDocs] 18
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3911248 2015-10-09] (Tonec Inc.)
HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IFEO\Your Image File Name Here without a path: [Debugger]
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{8E5FF20D-A2F9-4E15-A056-5E9B11382A14}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-329068152-2052111302-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
URLSearchHook: [S-1-5-21-329068152-2052111302-1801674531-1003] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://google.com" <======= ATTENTION
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-26] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993 [2017-04-19]
FF Homepage: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993 -> hxxps://www.google.com
FF NetworkProxy: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993 -> proxy_over_tls", false
FF NetworkProxy: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993 -> type", 0
FF Extension: (Hoxx VPN Proxy) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\@hoxx-vpn.xpi [2017-03-27]
FF Extension: (MEGA) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\firefox@mega.co.nz.xpi [2017-04-16]
FF Extension: (Tags for YouTube™) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\jid0-cBh0nRMLV5BY1dlp33s3g7dFXLY@jetpack.xpi [2017-04-13]
FF Extension: (Keywords Everywhere - Keyword Tool) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\jid1-PmuMUcuMey5ABw@jetpack.xpi [2017-04-05]
FF Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\support@lastpass.com [2017-04-10]
FF Extension: (BrowserStack) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\{6cc0f0f7-a6e2-4834-9682-24de2229b51e}.xpi [2017-01-07]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Owner\Application Data\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Documents and Settings\Owner\Application Data\IDM\idmmzcc5 [2017-04-19] [not signed]
FF HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-18] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-26] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll [2013-01-13] (Simon Bünzli)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-329068152-2052111302-1801674531-1003: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll [2013-01-13] (Simon Bünzli)
FF Plugin HKU\S-1-5-21-329068152-2052111302-1801674531-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-23]
CHR Extension: (Mobile/Responsive Web Design Tester) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elmekokodcohlommfikpmojheggnbelo [2017-04-15]
CHR Extension: (Hoxx VPN Proxy) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2017-03-23]
CHR Extension: (IDM Integration Module) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-04-14]
CHR Extension: (MultiLogin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nknfhhmhoflkcijaodalbncnmidocced [2017-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Social Media Toolkit For Facebook) - C:\Documents and Settings\Owner\Desktop\Facebook_Social_Toolkit_v2.3.7\Facebook_Social_Toolkit_v2.3.7\Facebook_Social_Toolkit_v2.3.7 [2016-05-12]
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Profile 3 [2017-04-19]
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\System Profile [2017-04-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-01-26]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Documents and Settings\Owner\Application Data\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2000-01-01] (Intel Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2241992 2016-12-14] (ESET)
R2 Kingsoft_WPS_UpdateService; C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\wtoolex\wpsupdatesvr.exe [133376 2016-07-26] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2000-01-01] (Intel) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2017-04-12] (Malwarebytes Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [374112 2010-11-11] (Ralink Technology, Corp.)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2000-01-01] (Intel) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2009-01-30] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [113544 2016-12-05] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [91104 2016-12-05] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [140984 2016-12-05] (ESET)
R2 ekbdflt; C:\WINDOWS\System32\DRIVERS\ekbdflt.sys [43920 2016-12-05] (ESET)
R1 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [69304 2016-12-05] (ESET)
S3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [56832 2016-12-05] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [77616 2016-12-05] (ESET)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59896 2017-04-12] ()
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-08-07] (REALiX(tm))
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [140936 2016-09-21] (Tonec Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-05-22] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-05-22] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-05-22] (Marvell Semiconductor Inc.)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2014-09-24] (The OpenVPN Project)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2013-05-22] (Microsoft Corporation) [File not signed]
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
U3 wampapache; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-19 16:08 - 2017-04-19 16:08 - 00000000 ____D C:\FRST
2017-04-18 21:15 - 2017-04-18 21:15 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-18 16:32 - 2017-04-18 16:32 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-04-18 16:32 - 2017-04-18 16:32 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-04-17 16:07 - 2017-04-17 16:58 - 00000000 ____D C:\Program Files\NCH Software
2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 ____D C:\FlashFXP
2017-04-17 13:55 - 2017-04-17 13:55 - 00000000 ____D C:\Program Files\Globalscape
2017-04-17 13:48 - 2017-04-17 13:48 - 00000000 ____D C:\MSI96f8b.tmp
2017-04-17 02:17 - 2017-04-17 02:17 - 00000000 ____D C:\MSI904b4.tmp
2017-04-17 02:14 - 2017-04-17 02:14 - 00000000 ____D C:\MSI591f3.tmp
2017-04-17 02:13 - 2017-04-17 02:13 - 00000000 ____D C:\MSI56cb8.tmp
2017-04-17 02:10 - 2017-04-17 02:10 - 00000000 ____D C:\MSI1eefa.tmp
2017-04-17 02:09 - 2017-04-17 02:09 - 00000000 ____D C:\MSI11bbd.tmp
2017-04-17 02:07 - 2017-04-17 02:07 - 00000000 ____D C:\MSIf9e15.tmp
2017-04-17 02:06 - 2017-04-17 02:06 - 00000000 ____D C:\MSIf05be.tmp
2017-04-17 02:06 - 2017-04-17 02:06 - 00000000 ____D C:\MSIe7517.tmp
2017-04-17 01:47 - 2017-04-17 01:47 - 00000000 ____D C:\MSId38d9.tmp
2017-04-17 01:32 - 2017-04-17 01:32 - 00000000 ____D C:\MSIfc001.tmp
2017-04-17 01:27 - 2017-04-17 01:27 - 00000000 ____D C:\MSIb540a.tmp
2017-04-17 01:13 - 2017-04-17 01:13 - 00000000 ____D C:\MSIdfd21.tmp
2017-04-17 01:03 - 2017-04-17 01:03 - 00000000 ____D C:\MSI4f933.tmp
2017-04-17 00:43 - 2017-04-17 00:43 - 00000000 ____D C:\MSI27de2.tmp
2017-04-17 00:35 - 2017-04-17 00:35 - 00000000 ____D C:\MSIb9f66.tmp
2017-04-17 00:30 - 2017-04-17 00:30 - 00000000 ____D C:\MSI65297.tmp
2017-04-16 19:47 - 2017-04-16 19:47 - 00000000 ____D C:\MSI37211.tmp
2017-04-16 19:36 - 2017-04-16 19:36 - 00000000 ____D C:\MSI96697.tmp
2017-04-16 19:04 - 2017-04-16 19:04 - 00000000 ____D C:\MSIbea03.tmp
2017-04-16 19:00 - 2017-04-16 19:00 - 00000000 ____D C:\MSI8c7c2.tmp
2017-04-14 17:37 - 2017-04-14 17:37 - 00000000 ____D C:\Program Files\WinHTTrack
2017-04-13 12:23 - 2016-10-12 12:57 - 00043976 _____ (Mozilla Foundation) C:\WINDOWS\system32\mozglue.dll
2017-04-12 12:55 - 2017-04-12 12:55 - 00000000 ____D C:\MSIf5188.tmp
2017-04-12 12:16 - 2017-04-12 12:16 - 00000000 ____D C:\MSI2f701.tmp
2017-04-12 12:14 - 2017-04-12 12:14 - 00000000 ____D C:\MSI2f348.tmp
2017-04-12 12:07 - 2017-04-12 12:07 - 00000000 ____D C:\MSI2f342.tmp
2017-04-11 19:53 - 2017-04-11 19:53 - 00000000 ____D C:\MSI6c819.tmp
2017-03-30 20:19 - 2017-03-30 20:19 - 00000000 ____D C:\Program Files\iLovePage1
2017-03-30 15:08 - 2017-03-30 15:08 - 00000000 ____D C:\MSI2c80f.tmp
2017-03-30 15:04 - 2017-03-30 15:04 - 00000000 ____D C:\MSIfced4.tmp
2017-03-26 00:28 - 2017-03-26 00:28 - 00000000 ____D C:\UsbFix
2017-03-20 19:28 - 2017-03-20 19:28 - 00000000 ____D C:\MSI91b8f.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-19 15:53 - 2016-12-16 23:41 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-19 15:29 - 2017-03-14 18:40 - 00000000 ____D C:\Program Files\CherryPlayer
2017-04-19 15:21 - 2016-01-26 20:53 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
2017-04-19 15:21 - 2015-12-25 23:47 - 00000000 ____D C:\Documents and Settings\Owner
2017-04-19 15:21 - 2015-12-25 23:43 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2017-04-19 12:44 - 2015-12-25 17:25 - 00590374 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-19 12:41 - 2016-12-16 23:41 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-19 12:40 - 2015-12-25 23:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-19 12:25 - 2008-04-14 13:00 - 00002184 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-19 03:17 - 2015-12-25 23:47 - 00032562 ____N C:\WINDOWS\SchedLgU.Txt
2017-04-18 22:16 - 2016-11-26 19:46 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-04-18 16:32 - 2015-12-25 17:18 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-17 22:59 - 2016-04-01 02:02 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2017-04-17 16:57 - 2016-08-16 03:09 - 00000000 ____D C:\AdwCleaner
2017-04-17 13:55 - 2015-12-25 23:56 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2017-04-17 13:55 - 2015-12-25 23:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-03-31 12:14 - 2016-05-02 12:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-30 15:04 - 2016-10-31 17:02 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Files in the root of some directories =======

2016-08-16 02:17 - 2016-08-16 02:17 - 0000068 ___SH () C:\Documents and Settings\Owner\Application Data\.Identifier
2016-08-16 02:17 - 2016-08-16 02:17 - 0003584 _____ () C:\Documents and Settings\Owner\Application Data\FXvPQWnzcgrfBtxz
2016-07-22 12:28 - 2016-07-22 12:28 - 0000374 _____ () C:\Documents and Settings\Owner\Application Data\groinup.outsourcing.youtubetool_state.xml
2016-08-16 02:17 - 2016-08-16 02:17 - 0086016 _____ () C:\Documents and Settings\Owner\Application Data\VvKkIsaTynXg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité