cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2017 01
Ran by sgfra (20-06-2017 09:47:13)
Running from C:\Users\sgfra\Desktop
Windows 10 Pro Version 1607 (X64) (2016-11-02 13:28:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2398247234-322909077-3554112957-500 - Administrator - Enabled)
DefaultAccount (S-1-5-21-2398247234-322909077-3554112957-503 - Limited - Disabled)
Guest (S-1-5-21-2398247234-322909077-3554112957-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2398247234-322909077-3554112957-1003 - Limited - Enabled)
sgfra (S-1-5-21-2398247234-322909077-3554112957-1001 - Administrator - Enabled) => C:\Users\sgfra

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Airflow (64-bit) 1.0.0-beta7 (HKLM\...\Airflow (64-bit)) (Version: 1.0.0-beta7 - InMethod, s.r.o.)
Any DVD Cloner Platinum 1.3.5 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version: - dvdsmith.com)
AOMEI PE Builder 1.5 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
CDBurnerXP (64 bit) (HKLM\...\{CF0609C1-687B-4133-9AB9-D6DE00D20715}) (Version: 4.5.7.6389 - Canneverbe Limited)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 2.0 - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft)
Mozilla Firefox 54.0 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0 (x64 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
Mozilla Thunderbird 52.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.1.1 (x86 en-US)) (Version: 52.1.1 - Mozilla)
PhotoFiltre (HKLM-x32\...\PhotoFiltre) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8090 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11207 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wisdom-soft ScreenHunter 4.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 4.0 Free) (Version: - Wisdom Software Inc.)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00876289-58F7-4155-906D-FEE5F1FE1449} - \Driver Robot -> No File <==== ATTENTION
Task: {00C1D14B-5D42-4E13-9663-37A2CEB0F020} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-16] (Adobe Systems Incorporated)
Task: {232D48AA-192D-457B-A7E5-79215180B3FE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {369B3F35-1132-4B21-9F97-6C3BEFC4F163} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {5B5F3FF6-16B0-47C0-B585-1DD31CDC73AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.)
Task: {5EF8CA43-25DE-4F65-9128-6A2224EA14C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {69ADD456-97DC-40D2-A3A7-97FD5187D3E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {6D30E43B-C488-4A2B-888C-EFD8ECAC94EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {7C77F0D1-6B83-47EF-B959-5613E91B8347} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.)
Task: {7DD49B40-8BBC-4EB3-BA14-C69D4FD35843} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.)
Task: {8C31723D-314F-4E18-A9E2-A5A143F7337A} - \Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic -> No File <==== ATTENTION
Task: {96BB6AEE-7089-47AA-A8E9-DB15A96D45B8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-01] (Dropbox, Inc.)
Task: {A57ED87D-7FF1-41E6-9609-92A55AE2F44F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {AEB22F16-E881-4E56-ACFF-84A40B82934C} - System32\Tasks\{6149496B-2D6F-4DBD-B9D7-5587A08FFF57} => pcalua.exe -a "C:\Users\sgfra\1 - Softs & Backups\mp3gain-win-full-1_2_5.exe" -d "C:\Users\sgfra\1 - Softs & Backups"
Task: {CE8D14B3-C655-40FE-9117-C13653B4ADAB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-03-29] (Realtek Semiconductor)
Task: {E5090C3B-C41D-434E-A3D9-777F10FB8DE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjdhx1sXu9WsoYn%2BrpWc5o8l8blIijs6ImBj3wt%2FmM41cDo3Sv7MTRoca8rKQ%3D%3D

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 20:42 - 2016-07-16 20:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 18:24 - 2017-06-03 19:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-03 15:08 - 2016-11-03 15:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 17:28 - 2017-03-04 15:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 17:29 - 2017-03-04 15:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 17:29 - 2017-03-04 15:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 17:29 - 2017-03-04 15:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 18:24 - 2017-06-03 17:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 18:24 - 2017-06-03 17:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 18:24 - 2017-06-03 17:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-13 19:15 - 2017-03-13 19:16 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 19:15 - 2017-03-13 19:16 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 19:15 - 2017-03-13 19:16 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 19:15 - 2017-03-13 19:16 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-06-15 14:12 - 2017-06-12 20:52 - 00775488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-06-15 14:12 - 2017-06-12 20:52 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-15 14:12 - 2017-06-12 20:52 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-11-12 08:16 - 2017-06-12 20:52 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-11-12 08:16 - 2017-06-12 20:54 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-15 14:12 - 2017-06-12 20:52 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-06 09:54 - 2017-06-12 20:52 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-11-12 08:16 - 2017-06-12 20:52 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-06-15 14:12 - 2017-06-12 20:52 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-06-15 14:12 - 2017-06-12 20:52 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-06-15 14:12 - 2017-06-12 20:52 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-11-12 08:16 - 2017-06-12 20:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-06 09:54 - 2017-06-12 20:55 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-06-15 14:12 - 2017-06-12 20:52 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-06-15 14:12 - 2017-06-12 20:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-03 09:12 - 2017-06-12 20:54 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-06 09:54 - 2017-06-12 20:55 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-12 08:16 - 2017-06-12 20:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-06 09:54 - 2017-06-12 20:55 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-06 09:54 - 2017-06-12 20:55 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-12 08:16 - 2017-06-12 20:52 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-12-03 09:12 - 2017-06-12 20:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-06 09:54 - 2017-06-12 20:55 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-06 09:54 - 2017-06-12 20:55 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-12-03 09:12 - 2017-06-12 20:55 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-06 09:54 - 2017-06-12 20:55 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-06 09:54 - 2017-06-12 20:55 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-06 09:54 - 2017-06-12 20:55 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-06 09:54 - 2017-06-12 20:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-06 09:54 - 2017-06-12 20:55 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-06-15 14:12 - 2017-06-12 20:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-06-15 14:12 - 2017-06-12 20:54 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-06-15 14:12 - 2017-06-12 20:52 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-06-15 14:12 - 2017-06-12 20:54 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-03 09:12 - 2017-06-12 20:54 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-06-15 14:12 - 2017-06-12 20:52 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-06-15 14:12 - 2017-06-12 20:52 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-06 09:54 - 2017-06-12 20:55 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-08 08:04 - 2017-06-12 20:54 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-06-15 14:12 - 2017-06-12 20:54 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-06-07 15:26 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-06-07 15:26 - 2014-02-15 11:48 - 00295936 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:15D5AA51 [370]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57962598.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68547866.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\E8D1A099.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57962598.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68547866.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\E8D1A099.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2398247234-322909077-3554112957-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sgfra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Backupper Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: WsAppService => 2
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ABNotify"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "Uninstall C:\Users\sgfra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_289B12D62CF9ABE84DF95C0011F8C4F2"
HKU\S-1-5-21-2398247234-322909077-3554112957-1001\...\StartupApproved\Run: => "HP ENVY 5640 series (NET)"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F5E80DF2-D039-420A-A600-FBD12F93F73F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{80B29D3A-73F6-4BDE-B61F-1B5DC6261D4D}C:\program files\airflow\airflow.exe] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [UDP Query User{25600D76-E3DD-4541-90C2-BB77E4E76C93}C:\program files\airflow\airflow.exe] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [{61C272DE-D93C-4827-990D-238A07870F34}] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [{C1615AE4-8FD9-4A10-9EFE-CB7AA5266824}] => (Allow) C:\program files\airflow\airflow.exe
FirewallRules: [{43B18A60-84F5-4CDF-9036-AE642882D634}] => (Allow) LPort=5357
FirewallRules: [{7E5D446B-34AF-40D3-91E5-F917B89F2B1E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6125E83F-37F9-494D-8C7C-2774D097C9DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7CE97B9B-D406-42DF-AC5E-402A74395857}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{384980C0-C6A7-4444-8F5E-85C7F4D7FC22}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0CE86DBA-FEB5-4AA0-8BAC-D5DA8EE46CA9}] => (Allow) LPort=5556
FirewallRules: [{56F1F316-5974-4BAC-B3C0-265EBB65B736}] => (Allow) LPort=5558
FirewallRules: [{E6DD9401-A152-4888-90BE-F714B2EFD14C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{D6FBDD2E-2A51-46B9-9871-F97331D8D4E9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{9C663083-724F-42F3-993A-620A16CDACB1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{99F8850B-E55E-4065-9810-C80D35325308}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{2C1FFADA-FCCE-4E98-8396-2066282A4009}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{709DF017-772B-4A7A-B51E-5847B62AC3D8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{A14BF05B-29C3-436C-9631-03748A2244B4}] => (Block) LPort=445
FirewallRules: [{A5AE6B2D-60B2-4695-9B51-93A974E8FFB8}] => (Block) LPort=445
FirewallRules: [{AF5E99A2-05E0-4B7B-A633-64998F347A87}] => (Allow) 㩃啜敳獲獜晧慲䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{042D67DD-D441-4460-95D2-F3AC37354FCD}] => (Allow) 㩃啜敳獲獜晧慲䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e
FirewallRules: [{7B1D825D-CBEE-4BD7-AAF6-1123EB09F151}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CDEE8B6C-38E7-484D-9332-B84C8877C68A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B3A2637D-C0F1-49F1-B8F9-2361FC2C8E81}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{456CA652-BFD9-43C6-BD4E-66E296E12D0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72B1C2E0-9FEE-4006-A6C4-492AE7535152}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1D105BCB-EB9F-488A-9C2C-18858EBBDE7F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D5606023-E2C0-4758-AE6F-4EBD674C8559}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{325219ED-D4DF-4278-9918-8A638C94DD4A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C37D6777-9581-4C28-8DCC-20FDB9CFE431}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

19-06-2017 16:54:23 Sergio's

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2017 04:54:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/19/2017 04:54:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary E8D1A099.

System Error:
The system cannot find the file specified.
.

Error: (06/19/2017 04:15:32 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected

Error: (06/19/2017 03:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_6.047.exe, version: 6.0.4.7, time stamp: 0x591e43a6
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc00000fd
Fault offset: 0x00045b48
Faulting process id: 0x1454
Faulting application start time: 0x01d2e8c74493f29b
Faulting application path: C:\Users\sgfra\Desktop\VIRUS & CO\adwcleaner_6.047.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 64dec720-04ec-4b3d-b084-aa3c39064d82
Faulting package full name:
Faulting package-relative application ID:

Error: (06/19/2017 03:41:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_6.047.exe, version: 6.0.4.7, time stamp: 0x591e43a6
Faulting module name: adwcleaner_6.047.exe, version: 6.0.4.7, time stamp: 0x591e43a6
Exception code: 0xc00000fd
Fault offset: 0x00031ae7
Faulting process id: 0x20
Faulting application start time: 0x01d2e8c32eee6390
Faulting application path: C:\Users\sgfra\Desktop\VIRUS & CO\adwcleaner_6.047.exe
Faulting module path: C:\Users\sgfra\Desktop\VIRUS & CO\adwcleaner_6.047.exe
Report Id: 9cf668f4-04b3-4907-8074-ee2169c07e4a
Faulting package full name:
Faulting package-relative application ID:

Error: (06/19/2017 03:03:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/19/2017 03:03:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary E8D1A099.

System Error:
The system cannot find the file specified.
.

Error: (06/19/2017 02:55:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 11.6.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 23a8

Start Time: 01d2e8c08369fbf9

Termination Time: 6

Application Path: C:\Users\sgfra\Desktop\VIRUS & CO\FRST64.exe

Report Id: e07d91ec-54b3-11e7-bebc-00231886fd86

Faulting package full name:

Faulting package-relative application ID:

Error: (06/19/2017 02:43:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 54.0.0.6368, time stamp: 0x59399fe2
Faulting module name: xul.dll, version: 54.0.0.6368, time stamp: 0x5939a40d
Exception code: 0x80000003
Fault offset: 0x00000000004acb94
Faulting process id: 0x420
Faulting application start time: 0x01d2e8be9ccf1a1f
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\xul.dll
Report Id: a73126f8-f0f3-4ccc-9f25-ceefd1e97f4b
Faulting package full name:
Faulting package-relative application ID:

Error: (06/19/2017 02:39:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (06/20/2017 09:43:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (06/20/2017 09:41:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/20/2017 09:41:36 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/20/2017 09:41:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdpcie service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (06/20/2017 09:41:34 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/19/2017 07:12:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2017 05:41:43 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/19/2017 05:39:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (06/19/2017 05:37:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/19/2017 05:37:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


CodeIntegrity:
===================================
Date: 2017-06-19 06:20:33.993
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-18 08:39:34.407
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-17 07:36:04.451
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-14 18:26:00.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-13 18:16:55.688
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-13 09:03:42.982
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-12 16:40:09.365
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-11 10:26:35.038
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-08 10:22:09.585
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\sgfra\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-08 10:22:09.584
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\sgfra\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz
Percentage of memory in use: 52%
Total physical RAM: 3824.42 MB
Available physical RAM: 1806.37 MB
Total Virtual: 7664.42 MB
Available Virtual: 5619.08 MB

==================== Drives ================================

Drive c: (TI105901W0D) (Fixed) (Total:117.33 GB) (Free:54.97 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: F4364A74)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=117.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Publicité


Signaler le contenu de ce document

Publicité