cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2017
Ran by User (administrator) on USER-PC (11-10-2017 21:00:47)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-11-09] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [919032 2017-09-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe [518816 2017-09-25] (Avira Operations Gmbh & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [65120 2017-10-05] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1622485967-1590223892-3639459111-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27825616 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1622485967-1590223892-3639459111-1000\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-1622485967-1590223892-3639459111-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1622485967-1590223892-3639459111-1000\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [41728608 2017-08-25] (VoipConnect)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.144.1
Tcpip\..\Interfaces\{DFE4D811-278E-4D02-A9E4-074314CFE28E}: [DhcpNameServer] 192.168.144.1

Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6k6i1neu.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6k6i1neu.default [2017-10-11]
FF Homepage: Mozilla\Firefox\Profiles\6k6i1neu.default -> hxxps://fr.yahoo.com/
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6k6i1neu.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-07]
FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6k6i1neu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-08-04]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6k6i1neu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-04]
FF Extension: (Greasemonkey) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6k6i1neu.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-10-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-10-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-10-09] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-10-11]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-05]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-09]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-09]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-09]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-11]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-05]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-12]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [404816 2017-10-02] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-09-27] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-08-31] (Avira Operations GmbH & Co. KG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-26] (Intel Corporation)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [75312 2017-10-05] (Avira Operations GmbH & Co. KG)
S3 wampapache64; c:\wamp64\bin\apache\apache2.4.27\bin\httpd.exe [29184 2017-07-07] (Apache Software Foundation) [File not signed]
S3 wampmariadb64; c:\wamp64\bin\mariadb\mariadb10.2.8\bin\mysqld.exe [14545920 2017-08-17] () [File not signed]
S3 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.19\bin\mysqld.exe [39496704 2017-06-22] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-07-05] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194912 2017-09-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-09-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-07-05] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-07-05] (Avira Operations GmbH & Co. KG)
R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2017-10-11] (secr9tos) [File not signed]
S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-07-13] (The OpenVPN Project)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-11 21:00 - 2017-10-11 21:00 - 000011821 _____ C:\Users\User\Desktop\FRST.txt
2017-10-11 21:00 - 2017-10-11 21:00 - 000000000 ____D C:\FRST
2017-10-11 20:59 - 2017-10-11 20:59 - 002401792 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-10-11 18:52 - 2017-10-11 18:55 - 000099525 _____ C:\Users\User\Desktop\ZHPDiag.txt
2017-10-11 18:50 - 2017-10-11 18:50 - 002905984 _____ C:\Users\User\ZHPDiag3.exe
2017-10-11 10:51 - 2017-10-11 10:52 - 000000600 _____ C:\Users\User\AppData\Local\PUTTY.RND
2017-10-07 21:41 - 2017-10-11 18:00 - 000000000 ____D C:\Users\Public\Speedup Sessions
2017-10-03 17:25 - 2017-10-03 17:25 - 007905536 _____ (Tim Kosse) C:\Users\User\Downloads\FileZilla_3.28.0_win64-setup.exe
2017-10-03 16:44 - 2017-10-03 16:44 - 000000000 ____D C:\Users\User\Downloads\Audrey's work FINAL
2017-10-03 16:32 - 2017-10-03 16:33 - 210279449 _____ C:\Users\User\Downloads\Audrey's work FINAL.zip
2017-09-28 14:30 - 2017-09-29 02:11 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-09-28 14:30 - 2017-09-29 02:11 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-28 14:30 - 2017-09-28 14:30 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-09-26 15:46 - 2017-09-26 15:46 - 000000000 ____D C:\Users\User\AppData\Local\Avira Operations Gmbh & Co. KG
2017-09-22 12:09 - 2017-09-22 12:09 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-22 12:09 - 2017-09-22 12:09 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-22 12:09 - 2017-09-22 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-22 12:09 - 2017-09-22 12:09 - 000000000 ____D C:\Program Files\CCleaner
2017-09-22 12:08 - 2017-09-22 12:08 - 009809688 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup535.exe
2017-09-22 12:04 - 2017-09-22 12:04 - 000000000 ____D C:\Users\User\AppData\Local\Notepad++
2017-09-22 12:04 - 2017-09-22 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-09-22 00:03 - 2017-09-22 00:04 - 028043384 _____ C:\Users\User\Downloads\STOR7836.CR2
2017-09-22 00:03 - 2017-09-22 00:04 - 028038185 _____ C:\Users\User\Downloads\STOR7866.CR2
2017-09-22 00:03 - 2017-09-22 00:04 - 027983628 _____ C:\Users\User\Downloads\STOR7884.CR2
2017-09-22 00:03 - 2017-09-22 00:04 - 026875821 _____ C:\Users\User\Downloads\STOR7926.CR2
2017-09-22 00:03 - 2017-09-22 00:03 - 028167808 _____ C:\Users\User\Downloads\STOR7973.CR2
2017-09-19 12:26 - 2017-09-19 12:26 - 009826968 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup534.exe
2017-09-18 19:04 - 2017-09-18 19:05 - 007897776 _____ (Tim Kosse) C:\Users\User\Downloads\FileZilla_3.27.1_win64-setup.exe
2017-09-17 12:55 - 2017-09-17 12:55 - 001261888 _____ C:\Users\User\Downloads\html5up-multiverse.zip
2017-09-15 23:28 - 2017-10-11 11:10 - 000000000 ____D C:\Users\User\Desktop\VGP
2017-09-14 22:44 - 2017-09-14 22:44 - 000001445 _____ C:\Users\Public\Desktop\Wampserver64.lnk
2017-09-14 22:44 - 2017-09-14 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wampserver64
2017-09-14 22:41 - 2017-09-14 22:41 - 000000000 ____D C:\wamp64
2017-09-14 22:40 - 2017-09-14 22:40 - 000003222 _____ C:\Windows\System32\Tasks\{14DB5D4D-CF4D-499F-8ABB-1D2A777DE81C}
2017-09-14 22:35 - 2017-09-14 22:35 - 000000000 ____D C:\Users\User\Downloads\all_vc_redist_x86_x64
2017-09-14 22:34 - 2017-09-14 22:35 - 180280691 _____ C:\Users\User\Downloads\all_vc_redist_x86_x64.zip
2017-09-14 22:31 - 2017-09-14 22:32 - 015222904 _____ (Microsoft Corporation) C:\Users\User\Downloads\VC_redist.x64(1).exe
2017-09-14 22:30 - 2017-09-14 22:31 - 015301888 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64.exe
2017-09-14 22:29 - 2017-09-14 22:29 - 007195120 _____ (Microsoft Corporation) C:\Users\User\Downloads\vcredist_x64(2).exe
2017-09-14 22:27 - 2017-09-14 22:27 - 007188184 _____ (Microsoft Corporation) C:\Users\User\Downloads\vcredist_x64(1).exe
2017-09-14 22:26 - 2017-09-14 22:26 - 005673816 _____ (Microsoft Corporation) C:\Users\User\Downloads\vcredist_x64.exe
2017-09-14 22:25 - 2017-09-14 22:25 - 004131336 _____ (Microsoft Corporation) C:\Users\User\Downloads\vcredist_x86.exe
2017-09-14 21:57 - 2017-09-14 22:00 - 431668514 _____ (Dominique Ottello aka Otomatic ) C:\Users\User\Downloads\wampserver3.1.0_x64(1).exe
2017-09-14 21:05 - 2017-09-14 21:06 - 129729656 _____ (Bitnami) C:\Users\User\Downloads\xampp-win32-7.1.8-0-VC14-installer.exe
2017-09-14 20:44 - 2017-09-14 20:47 - 431668514 _____ (Dominique Ottello aka Otomatic ) C:\Users\User\Downloads\wampserver3.1.0_x64.exe
2017-09-13 09:41 - 2017-10-11 18:51 - 000000000 ____D C:\Users\User\AppData\Roaming\ZHP
2017-09-13 09:41 - 2017-10-11 18:50 - 000000628 _____ C:\Users\User\Desktop\ZHPDiag.lnk
2017-09-13 09:41 - 2017-09-13 09:42 - 000000000 ____D C:\Users\User\AppData\Local\ZHP
2017-09-13 09:40 - 2017-09-13 09:40 - 002839424 _____ C:\Users\User\Downloads\ZHPDiag3.exe
2017-09-13 01:00 - 2017-10-05 01:41 - 000003122 _____ C:\Windows\System32\Tasks\Avira SystrayStartTrigger
2017-09-11 16:03 - 2017-09-11 16:03 - 000733831 _____ C:\Users\User\Downloads\html5up-phantom.zip
2017-09-11 15:55 - 2017-09-11 15:55 - 001466381 _____ C:\Users\User\Downloads\html5up-lens.zip
2017-09-11 15:55 - 2017-09-11 15:55 - 000901263 _____ C:\Users\User\Downloads\html5up-story.zip
2017-09-11 11:34 - 2017-09-11 11:34 - 000950320 _____ C:\Users\User\Downloads\montserrat.zip
2017-09-11 11:34 - 2017-09-11 11:34 - 000000000 ____D C:\Users\User\Downloads\montserrat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-11 20:56 - 2017-08-04 11:22 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-10-11 20:53 - 2017-08-02 12:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-11 20:53 - 2017-08-02 12:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-11 18:09 - 2017-08-02 12:40 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-10-11 18:06 - 2009-07-14 07:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-11 18:06 - 2009-07-14 07:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-11 18:03 - 2011-01-21 20:27 - 000724158 _____ C:\Windows\system32\perfh019.dat
2017-10-11 18:03 - 2011-01-21 20:27 - 000150428 _____ C:\Windows\system32\perfc019.dat
2017-10-11 18:03 - 2009-07-14 08:13 - 001647438 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-11 18:03 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2017-10-11 17:59 - 2017-08-02 10:57 - 000042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys
2017-10-11 17:59 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-11 10:58 - 2017-08-04 10:02 - 000000000 ____D C:\Users\User\AppData\Roaming\FileZilla
2017-10-09 22:35 - 2017-08-05 04:05 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2017-10-09 22:34 - 2017-08-05 04:06 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-09 22:34 - 2017-08-05 04:06 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-09 22:34 - 2017-08-05 04:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-09 22:34 - 2017-08-05 04:06 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-07 21:41 - 2017-08-04 09:42 - 000003662 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-10-07 21:41 - 2017-08-04 09:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-06 15:41 - 2017-09-02 23:05 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-10-06 12:27 - 2017-08-05 04:17 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2017-10-06 12:17 - 2017-08-06 20:01 - 000001456 _____ C:\Users\User\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
2017-10-06 10:31 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2017-10-05 02:32 - 2017-08-20 23:10 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-10-05 01:41 - 2017-08-04 09:36 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-04 02:36 - 2017-08-05 00:38 - 000000000 ____D C:\Users\User\Desktop\oof
2017-10-02 15:16 - 2017-08-04 09:36 - 000000000 ____D C:\Program Files (x86)\Avira
2017-09-30 01:22 - 2017-08-04 09:42 - 000001040 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-09-29 02:08 - 2017-08-06 19:41 - 000000000 ____D C:\ProgramData\Adobe
2017-09-28 14:40 - 2017-08-14 10:55 - 000000000 ____D C:\Users\User\Desktop\ven
2017-09-28 14:30 - 2017-08-06 19:41 - 000000000 ____D C:\Users\User\AppData\LocalLow\Adobe
2017-09-27 00:31 - 2017-08-05 02:19 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 20:41 - 2017-08-05 00:40 - 000000000 ____D C:\Users\User\Desktop\russfev
2017-09-26 15:46 - 2017-08-04 09:46 - 000003546 _____ C:\Windows\System32\Tasks\Avira Safe Shopping Updater
2017-09-22 16:01 - 2017-08-05 00:46 - 000000000 ____D C:\Users\User\Desktop\PowerPony
2017-09-22 12:04 - 2017-08-04 10:04 - 000000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2017-09-22 11:50 - 2017-08-04 10:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-09-22 11:50 - 2017-08-04 10:02 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2017-09-17 12:19 - 2017-08-04 11:21 - 000000000 ____D C:\ProgramData\Skype
2017-09-17 12:18 - 2017-08-04 11:22 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-17 10:25 - 2017-08-05 00:40 - 000000000 ____D C:\Users\User\Desktop\remobook
2017-09-14 13:16 - 2017-08-04 09:46 - 000194912 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-09-14 13:16 - 2017-08-04 09:46 - 000151128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-09-11 23:44 - 2009-07-14 07:45 - 000365112 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-11 16:38 - 2017-08-04 09:36 - 000063968 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2017-08-14 20:59 - 2017-08-14 20:59 - 000000132 _____ () C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-08-06 20:01 - 2017-10-06 12:17 - 000001456 _____ () C:\Users\User\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
2017-10-11 10:51 - 2017-10-11 10:52 - 000000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2017-08-31 16:45 - 2017-08-31 16:45 - 000000000 _____ () C:\Users\User\AppData\Local\{5D8EB996-CA85-4246-BA2E-F1C46A059082}

Files to move or delete:
====================
C:\Users\User\ZHPDiag3.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

LastRegBack: 2017-10-10 02:04

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité