Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by User on 11-05-2015 07:29:16
Running from c:\Users\User\Desktop
Platform: Windows 7 Home Premium (X86) OS Language: Français (France)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(MSI) C:\Program Files\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files\MSI\Command Center\DDR\MSIDDRService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sapphire Technology Limited) D:\Sapphire TRIXX\TRIXX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Krzysztof Kowalczyk) D:\SumatraPDF\SumatraPDF.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [6zvcaxR5ls4KB9Y] => C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,,c:\program files\microsoft\desktoplayer.exe
HKLM\...\Winlogon: [Shell] C:\Users\User\AppData\Roaming\watermark.exe [x ] () <=== ATTENTION
HKLM\...\Policies\System:[ConsentPromptBehaviorAdmin] 0
HKLM\...\Policies\System:[ConsentPromptBehaviorUser] 3
HKLM\...\Policies\System:[EnableLUA] 0
HKLM\...\Policies\System:[tlebaywjrblbchbkdogdTaskMgr] 0
HKLM\...\Policies\System:[EnableUIADesktopToggle] 0
HKLM\...\Policies\System:[PromptOnSecureDesktop] 0
HKLM\...\Policies\explorer:[NoActiveDesktop] 1
HKLM\...\Policies\explorer:[BindDirectlyToPropertySetStorage] 0
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [BAE] rundll32.exe C:\Users\User\AppData\Local\bae\dvcqvouu.dll,FECoreInstance
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [Adobe] rundll32.exe c:\Users\User\AppData\Local\apple\adobe\dfuut.dll,CreateInstance
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [XgbBpofj] C:\Users\User\AppData\Local\pajofoys\xgbbpofj.exe
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [Sapaelhy] => C:\Users\User\AppData\Roaming\Ilpez\miqy.exe [188023 2015-05-08] (Oracle Corporation)
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [djlertbb.exe] => C:\Users\User\AppData\Roaming\Identities\djlertbb.exe [285184 2009-07-14] (Music)
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [6zvcaxR5ls4KB9Y] => C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] ()
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Winlogon: [Shell] C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] () <==== ATTENTION
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZHPDIAG.lnk [2015-05-10]
ShortcutTarget: ZHPDIAG.lnk -> C:\Program Files\ZHPDiag\ZHPDIAG.exe ()
==================== Internet (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-418592747-3305732625-987032889-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-fr/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2C4A67A2-3B3B-426C-907B-99CD2E7DAB3D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{816A58B3-EF71-429F-8D66-92ACEDE5C477}: [DhcpNameServer] 192.168.171.2
Tcpip\..\Interfaces\{CC1C115D-392D-4742-B026-707A9E99D0FE}: [DhcpNameServer] 192.168.148.1
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 419ea4b7; c:\Program Files\SegmentAssister\SegmentAssister.dll [1628160 2015-05-10] ()
S2 BrsHelper; C:\Program Files\YTDownloader\BrowserHelperSrv.exe [112560 2015-03-29] ()
S2 amsint32;c:\program files\microsoft\desktoplayer.exe ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 vmvss; C:\Windows\system32\dllhost.exe /Processid:{6F243D4E-40A4-48EF-B1AD-A18F163EDF0E}
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-23 1255736]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 PNPMEM; C:\Windows\System32\DRIVERS\pnpmem.sys [13312 2009-07-14] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\User~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\System32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 2101A86C25C154F8314B24EF49D7FBC2
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys B81C2B5616F6420A9941EA093A92B150
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys FCAFAEF6798D7B51FF029F99A9898961
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 39806CFEDDCC55E686A49BCCD2972F23
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys 5592F5DBA26282D24D2B080EB438A4D7
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys 934AF4D7C5F457B9F0743F4299B77B67
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 3C21F7E95FFCA33EF1A83AA33D9663CF
C:\Windows\system32\drivers\mwac.sys 167BCE00050B19DA25065335645A3C7A
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys F4A054BE78AF7F410129C4B64B07DC9B
C:\Windows\System32\DRIVERS\mrxsmb10.sys DEFFA295BD1895C6ED8E3078412AC60B
C:\Windows\System32\DRIVERS\mrxsmb20.sys 24D76ABE5DCAD22F19D105F76FDF0CE1
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 3795DCD21F740EE799FB7223234215AF
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys 3F3D04B1D08D43C16EA7963954EC768D
C:\Windows\system32\DRIVERS\nvstor.sys C99F251A5DE63C6F129CF71933ACED0F
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pnpmem.sys 0C0FF5946A63C75A3D4D0CB35F787B12
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 801371BA9782282892D00AADB08EE367
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Program Files\YTDownloader\sbmntr.sys A73C4FCFF3D58647ACE0AB8E8D78A7DD
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2BA4EBC7DFBA845A1EDBE1F75913BE33
C:\Windows\System32\DRIVERS\srv2.sys DCE7E10FEAABD4CAE95948B3DE5340BB
C:\Windows\System32\DRIVERS\srvnet.sys B5665BAA2120B8A54E22E9CD07C05106
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 2CC3D75488ABD3EC628BBB9A4FC84EFC
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7551E91EA999EE9A8E9C331D5A9C31F3
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 8455C4ED038EFD09E99327F9D2D48FFA
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 1C333BFD60F2FED2C7AD5DAF533CB742
C:\Windows\System32\DRIVERS\usbhub.sys EE6EF93CCFA94FAE8C6AB298273D8AE2
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D8889D56E0D27E57ED4591837FE71D27
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vm3dmp.sys EDEA4B6A692F14588A4DA213C4AE4A29
C:\Windows\System32\DRIVERS\vmci.sys D644FFEA14778DDA59BDA8492BCED4B6
C:\Windows\System32\drivers\vmhgfs.sys C39E0E654DBEB1F5251EC1BE34DF71D2
C:\Windows\System32\DRIVERS\vmmouse.sys B6983C9957C2F613BF1C392EF934EB18
C:\Windows\System32\DRIVERS\vmusbmouse.sys 484CBCC4CCD0144E8410C17899441856
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsock.sys 843081D296F617DDFAE4D70F2564C852
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-07-25 07:26 - 2015-07-11 07:26 - 00000000 ____D () C:\FRST
2015-05-11 16:00 - 2015-05-14 16:00 - 00000000 ____D () C:\Program Files\tmp
2015-05-11 14:45 - 2015-05-13 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Buqomo
2015-05-11 14:45 - 2015-05-11 14:45 - 00000000 ____D () C:\Users\User\AppData\Local\pajofoys\xgbbpofj.exe
2015-05-11 13:26 - 2015-04-27 05:26 - 00027008 ____D () C:\Windows\System32\drivers\Diskdump.sys
2015-05-11 05:26 - 2014-04-27 09:18 - 00961024 _____ () C:\Windows\System32\CPFilters.dll
2015-05-11 05:26 - 2014-08-09 11:16 - 00552960 _____ () C:\Windows\System32\msdri.dll
2015-05-11 05:26 - 2014-08-09 11:14 - 00288256 _____ () C:\Windows\System32\MSNP.ax
2015-05-11 05:26 - 2014-08-09 11:14 - 00258560 _____ () C:\Windows\System32\mpg2splt.ax
2015-05-11 05:26 - 2014-08-09 11:14 - 00204288 _____ () C:\Windows\System32\MSNP.ax
2015-05-11 05:26 - 2014-08-09 11:14 - 00199680 _____ () C:\Windows\System32\mpg2splt.ax
2015-05-10 18:17 - 2015-05-10 18:17 - 00409600 _____ () C:\Users\User\AppData\Roaming\watermark.exe
2015-05-10 18:11 - 2015-05-10 18:15 - 00000000 ____D () C:\Users\User\AppData\Local\BrowserHelper
2015-05-10 18:03 - 2015-05-10 18:03 - 00000000 ____D () C:\Program Files\Send using Gmail
2015-05-10 18:03 - 2015-05-10 18:03 - 00000000 ____D () C:\Program Files\SegmentAssister
2015-05-09 11:36 - 2015-05-09 11:36 - 00000000 ____D () C:\_OTL
2015-05-09 07:25 - 2015-05-09 07:30 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-09 07:25 - 2015-05-09 07:25 - 00035064 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2015-05-09 07:14 - 2015-05-09 07:14 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-05-08 07:39 - 2015-05-08 07:39 - 00000000 ____D () C:\Users\User\Doctor Web
2015-05-08 07:24 - 2015-05-10 18:16 - 00000000 ___HD () C:\Users\User\Desktop\ufr_reports
2015-05-08 07:24 - 2015-05-08 07:25 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2015-05-08 07:22 - 2015-05-10 17:59 - 00000000 ____D () C:\Program Files\ZHPDiag
2015-05-05 18:22 - 2015-05-10 17:57 - 00001379 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-05 18:21 - 2015-05-05 18:21 - 00000182 _____ () C:\Windows\wininit.ini
2015-05-04 18:59 - 2015-05-09 07:12 - 00084320 _____ () C:\Windows\PFRO.log
2015-05-04 18:54 - 2015-05-08 07:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-05-04 18:54 - 2015-05-04 18:54 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-04 18:54 - 2015-05-04 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-04 18:54 - 2015-05-04 18:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-04 18:54 - 2015-04-14 08:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-05-04 18:54 - 2015-04-14 08:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-05-04 18:54 - 2015-04-14 08:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-05-04 11:18 - 2015-05-08 07:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ZHP
2015-05-03 21:51 - 2015-02-24 03:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-05-02 19:43 - 2015-05-02 18:49 - 00000000 ____D () C:\Windows\Panther
2015-05-02 19:42 - 2015-05-02 19:42 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-05-02 19:42 - 2009-07-14 02:38 - 00383562 __RSH () C:\bootmgr
2015-05-02 19:22 - 2015-05-02 19:22 - 00014834 _____ () C:\Users\User\Downloads\epm.xml
2015-05-02 19:16 - 2015-05-03 23:33 - 00000000 ____D () C:\Program Files\Google
2015-05-02 19:16 - 2015-05-02 19:17 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-05-02 19:15 - 2015-05-02 19:16 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2015-05-02 19:15 - 2015-05-02 19:15 - 00057560 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-02 19:12 - 2015-05-08 07:31 - 26522761 _____ () c:\program files\microsoft\desktoplayer.exe
2015-05-02 18:58 - 2015-05-05 18:28 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 _____ () C:\Windows\nsreg.dat
2015-05-02 18:57 - 2015-05-08 07:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-02 18:57 - 2015-05-05 18:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-05-02 18:57 - 2015-05-02 18:57 - 00002308 _____ () C:\Windows\mozver.dat
2015-05-02 18:55 - 2015-05-10 17:53 - 01524562 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-02 18:49 - 2015-05-10 18:12 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-05-02 18:49 - 2015-05-08 07:39 - 00000000 ____D () C:\users\User
2015-05-02 18:49 - 2015-05-02 18:49 - 00000020 ___SH () C:\Users\User\ntuser.ini
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Voisinage réseau
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Voisinage d'impression
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Modèles
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Menu Démarrer
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Voisinage réseau
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Voisinage d'impression
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Modèles
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Menu Démarrer
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\AppData\Local\Historique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Modèles
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Menu Démarrer
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Favoris
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Bureau
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Program Files\Fichiers communs
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 __SHD () C:\Recovery
2015-05-02 18:46 - 2015-05-09 07:24 - 00092756 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 18:44 - 2015-05-02 18:47 - 00001313 _____ () C:\Windows\TSSysprep.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-10 18:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-10 17:49 - 2009-07-14 05:39 - 00017328 _____ () C:\Windows\setupact.log
2015-05-10 17:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-05-08 07:35 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2015-05-04 18:59 - 2009-07-14 05:34 - 00018432 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-04 18:59 - 2009-07-14 05:34 - 00018432 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-04 18:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\PLA
2015-05-03 23:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\wfp
2015-05-03 23:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\Msdtc
2015-05-03 21:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2015-05-02 19:42 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2015-05-02 19:42 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\System32\config\BCD-Template
2015-05-02 18:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-02 18:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\System32\restore
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 __RHD () C:\users\Default
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-02 18:48 - 2009-07-14 05:33 - 00266928 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-05-02 18:44 - 2009-07-14 05:34 - 00001774 _____ () C:\Windows\DtcInstall.log
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\8140.exe
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\User\AppData\Local\Temp\MWF[BEST-HACK.RU 12.07.2013].exe
C:\Users\User\AppData\Local\Temp\sdfDB6.exe
Some zero byte size files/folders:
==========================
X:\windows\system32\Drivers\rasirda.sys
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2015-05-06 21:17:14
==================== Memory info ===========================
Percentage of memory in use: 22%
Total physical RAM: 3071.29 MB
Available physical RAM: 2375.15 MB
Total Pagefile: 6140.76 MB
Available Pagefile: 5475.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.21 GB) (Free:25.91 GB) NTFS
Drive d: (Nouveau nom) (Fixed) (Total:270.45 GB) (Free:267.76 GB) NTFS
Drive e: (Réservé au système) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:270.35 GB) (Free:264.98 GB) NTFS
Drive g: () (Fixed) (Total:195.31 GB) (Free:148.67 GB) NTFS
Drive h: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.02 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DFD444C5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
LastRegBack: 2015-05-02 18:43
==================== End Of Log ============================
Ran by User on 11-05-2015 07:29:16
Running from c:\Users\User\Desktop
Platform: Windows 7 Home Premium (X86) OS Language: Français (France)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(MSI) C:\Program Files\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files\MSI\Command Center\DDR\MSIDDRService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sapphire Technology Limited) D:\Sapphire TRIXX\TRIXX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Krzysztof Kowalczyk) D:\SumatraPDF\SumatraPDF.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [6zvcaxR5ls4KB9Y] => C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,,c:\program files\microsoft\desktoplayer.exe
HKLM\...\Winlogon: [Shell] C:\Users\User\AppData\Roaming\watermark.exe [x ] () <=== ATTENTION
HKLM\...\Policies\System:[ConsentPromptBehaviorAdmin] 0
HKLM\...\Policies\System:[ConsentPromptBehaviorUser] 3
HKLM\...\Policies\System:[EnableLUA] 0
HKLM\...\Policies\System:[tlebaywjrblbchbkdogdTaskMgr] 0
HKLM\...\Policies\System:[EnableUIADesktopToggle] 0
HKLM\...\Policies\System:[PromptOnSecureDesktop] 0
HKLM\...\Policies\explorer:[NoActiveDesktop] 1
HKLM\...\Policies\explorer:[BindDirectlyToPropertySetStorage] 0
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [BAE] rundll32.exe C:\Users\User\AppData\Local\bae\dvcqvouu.dll,FECoreInstance
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [Adobe] rundll32.exe c:\Users\User\AppData\Local\apple\adobe\dfuut.dll,CreateInstance
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [XgbBpofj] C:\Users\User\AppData\Local\pajofoys\xgbbpofj.exe
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [Sapaelhy] => C:\Users\User\AppData\Roaming\Ilpez\miqy.exe [188023 2015-05-08] (Oracle Corporation)
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [djlertbb.exe] => C:\Users\User\AppData\Roaming\Identities\djlertbb.exe [285184 2009-07-14] (Music)
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [6zvcaxR5ls4KB9Y] => C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] ()
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Winlogon: [Shell] C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] () <==== ATTENTION
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZHPDIAG.lnk [2015-05-10]
ShortcutTarget: ZHPDIAG.lnk -> C:\Program Files\ZHPDiag\ZHPDIAG.exe ()
==================== Internet (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-418592747-3305732625-987032889-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-fr/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2C4A67A2-3B3B-426C-907B-99CD2E7DAB3D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{816A58B3-EF71-429F-8D66-92ACEDE5C477}: [DhcpNameServer] 192.168.171.2
Tcpip\..\Interfaces\{CC1C115D-392D-4742-B026-707A9E99D0FE}: [DhcpNameServer] 192.168.148.1
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 419ea4b7; c:\Program Files\SegmentAssister\SegmentAssister.dll [1628160 2015-05-10] ()
S2 BrsHelper; C:\Program Files\YTDownloader\BrowserHelperSrv.exe [112560 2015-03-29] ()
S2 amsint32;c:\program files\microsoft\desktoplayer.exe ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 vmvss; C:\Windows\system32\dllhost.exe /Processid:{6F243D4E-40A4-48EF-B1AD-A18F163EDF0E}
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-23 1255736]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 PNPMEM; C:\Windows\System32\DRIVERS\pnpmem.sys [13312 2009-07-14] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\User~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\System32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 2101A86C25C154F8314B24EF49D7FBC2
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys B81C2B5616F6420A9941EA093A92B150
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys FCAFAEF6798D7B51FF029F99A9898961
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 39806CFEDDCC55E686A49BCCD2972F23
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys 5592F5DBA26282D24D2B080EB438A4D7
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys 934AF4D7C5F457B9F0743F4299B77B67
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 3C21F7E95FFCA33EF1A83AA33D9663CF
C:\Windows\system32\drivers\mwac.sys 167BCE00050B19DA25065335645A3C7A
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys F4A054BE78AF7F410129C4B64B07DC9B
C:\Windows\System32\DRIVERS\mrxsmb10.sys DEFFA295BD1895C6ED8E3078412AC60B
C:\Windows\System32\DRIVERS\mrxsmb20.sys 24D76ABE5DCAD22F19D105F76FDF0CE1
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 3795DCD21F740EE799FB7223234215AF
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys 3F3D04B1D08D43C16EA7963954EC768D
C:\Windows\system32\DRIVERS\nvstor.sys C99F251A5DE63C6F129CF71933ACED0F
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pnpmem.sys 0C0FF5946A63C75A3D4D0CB35F787B12
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 801371BA9782282892D00AADB08EE367
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Program Files\YTDownloader\sbmntr.sys A73C4FCFF3D58647ACE0AB8E8D78A7DD
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2BA4EBC7DFBA845A1EDBE1F75913BE33
C:\Windows\System32\DRIVERS\srv2.sys DCE7E10FEAABD4CAE95948B3DE5340BB
C:\Windows\System32\DRIVERS\srvnet.sys B5665BAA2120B8A54E22E9CD07C05106
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 2CC3D75488ABD3EC628BBB9A4FC84EFC
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7551E91EA999EE9A8E9C331D5A9C31F3
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 8455C4ED038EFD09E99327F9D2D48FFA
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 1C333BFD60F2FED2C7AD5DAF533CB742
C:\Windows\System32\DRIVERS\usbhub.sys EE6EF93CCFA94FAE8C6AB298273D8AE2
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D8889D56E0D27E57ED4591837FE71D27
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vm3dmp.sys EDEA4B6A692F14588A4DA213C4AE4A29
C:\Windows\System32\DRIVERS\vmci.sys D644FFEA14778DDA59BDA8492BCED4B6
C:\Windows\System32\drivers\vmhgfs.sys C39E0E654DBEB1F5251EC1BE34DF71D2
C:\Windows\System32\DRIVERS\vmmouse.sys B6983C9957C2F613BF1C392EF934EB18
C:\Windows\System32\DRIVERS\vmusbmouse.sys 484CBCC4CCD0144E8410C17899441856
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsock.sys 843081D296F617DDFAE4D70F2564C852
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-07-25 07:26 - 2015-07-11 07:26 - 00000000 ____D () C:\FRST
2015-05-11 16:00 - 2015-05-14 16:00 - 00000000 ____D () C:\Program Files\tmp
2015-05-11 14:45 - 2015-05-13 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Buqomo
2015-05-11 14:45 - 2015-05-11 14:45 - 00000000 ____D () C:\Users\User\AppData\Local\pajofoys\xgbbpofj.exe
2015-05-11 13:26 - 2015-04-27 05:26 - 00027008 ____D () C:\Windows\System32\drivers\Diskdump.sys
2015-05-11 05:26 - 2014-04-27 09:18 - 00961024 _____ () C:\Windows\System32\CPFilters.dll
2015-05-11 05:26 - 2014-08-09 11:16 - 00552960 _____ () C:\Windows\System32\msdri.dll
2015-05-11 05:26 - 2014-08-09 11:14 - 00288256 _____ () C:\Windows\System32\MSNP.ax
2015-05-11 05:26 - 2014-08-09 11:14 - 00258560 _____ () C:\Windows\System32\mpg2splt.ax
2015-05-11 05:26 - 2014-08-09 11:14 - 00204288 _____ () C:\Windows\System32\MSNP.ax
2015-05-11 05:26 - 2014-08-09 11:14 - 00199680 _____ () C:\Windows\System32\mpg2splt.ax
2015-05-10 18:17 - 2015-05-10 18:17 - 00409600 _____ () C:\Users\User\AppData\Roaming\watermark.exe
2015-05-10 18:11 - 2015-05-10 18:15 - 00000000 ____D () C:\Users\User\AppData\Local\BrowserHelper
2015-05-10 18:03 - 2015-05-10 18:03 - 00000000 ____D () C:\Program Files\Send using Gmail
2015-05-10 18:03 - 2015-05-10 18:03 - 00000000 ____D () C:\Program Files\SegmentAssister
2015-05-09 11:36 - 2015-05-09 11:36 - 00000000 ____D () C:\_OTL
2015-05-09 07:25 - 2015-05-09 07:30 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-09 07:25 - 2015-05-09 07:25 - 00035064 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2015-05-09 07:14 - 2015-05-09 07:14 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-05-08 07:39 - 2015-05-08 07:39 - 00000000 ____D () C:\Users\User\Doctor Web
2015-05-08 07:24 - 2015-05-10 18:16 - 00000000 ___HD () C:\Users\User\Desktop\ufr_reports
2015-05-08 07:24 - 2015-05-08 07:25 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2015-05-08 07:22 - 2015-05-10 17:59 - 00000000 ____D () C:\Program Files\ZHPDiag
2015-05-05 18:22 - 2015-05-10 17:57 - 00001379 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-05 18:21 - 2015-05-05 18:21 - 00000182 _____ () C:\Windows\wininit.ini
2015-05-04 18:59 - 2015-05-09 07:12 - 00084320 _____ () C:\Windows\PFRO.log
2015-05-04 18:54 - 2015-05-08 07:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-05-04 18:54 - 2015-05-04 18:54 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-04 18:54 - 2015-05-04 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-04 18:54 - 2015-05-04 18:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-04 18:54 - 2015-04-14 08:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-05-04 18:54 - 2015-04-14 08:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-05-04 18:54 - 2015-04-14 08:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-05-04 11:18 - 2015-05-08 07:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ZHP
2015-05-03 21:51 - 2015-02-24 03:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-05-02 19:43 - 2015-05-02 18:49 - 00000000 ____D () C:\Windows\Panther
2015-05-02 19:42 - 2015-05-02 19:42 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-05-02 19:42 - 2009-07-14 02:38 - 00383562 __RSH () C:\bootmgr
2015-05-02 19:22 - 2015-05-02 19:22 - 00014834 _____ () C:\Users\User\Downloads\epm.xml
2015-05-02 19:16 - 2015-05-03 23:33 - 00000000 ____D () C:\Program Files\Google
2015-05-02 19:16 - 2015-05-02 19:17 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-05-02 19:15 - 2015-05-02 19:16 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2015-05-02 19:15 - 2015-05-02 19:15 - 00057560 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-02 19:12 - 2015-05-08 07:31 - 26522761 _____ () c:\program files\microsoft\desktoplayer.exe
2015-05-02 18:58 - 2015-05-05 18:28 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 _____ () C:\Windows\nsreg.dat
2015-05-02 18:57 - 2015-05-08 07:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-02 18:57 - 2015-05-05 18:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-05-02 18:57 - 2015-05-02 18:57 - 00002308 _____ () C:\Windows\mozver.dat
2015-05-02 18:55 - 2015-05-10 17:53 - 01524562 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-02 18:49 - 2015-05-10 18:12 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-05-02 18:49 - 2015-05-08 07:39 - 00000000 ____D () C:\users\User
2015-05-02 18:49 - 2015-05-02 18:49 - 00000020 ___SH () C:\Users\User\ntuser.ini
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Voisinage réseau
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Voisinage d'impression
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Modèles
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Menu Démarrer
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Voisinage réseau
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Voisinage d'impression
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Modèles
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Menu Démarrer
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\AppData\Local\Historique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Modèles
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Menu Démarrer
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Favoris
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Bureau
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Program Files\Fichiers communs
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 __SHD () C:\Recovery
2015-05-02 18:46 - 2015-05-09 07:24 - 00092756 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 18:44 - 2015-05-02 18:47 - 00001313 _____ () C:\Windows\TSSysprep.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-10 18:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-10 17:49 - 2009-07-14 05:39 - 00017328 _____ () C:\Windows\setupact.log
2015-05-10 17:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-05-08 07:35 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2015-05-04 18:59 - 2009-07-14 05:34 - 00018432 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-04 18:59 - 2009-07-14 05:34 - 00018432 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-04 18:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\PLA
2015-05-03 23:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\wfp
2015-05-03 23:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\Msdtc
2015-05-03 21:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2015-05-02 19:42 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2015-05-02 19:42 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\System32\config\BCD-Template
2015-05-02 18:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-02 18:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\System32\restore
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 __RHD () C:\users\Default
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-02 18:48 - 2009-07-14 05:33 - 00266928 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-05-02 18:44 - 2009-07-14 05:34 - 00001774 _____ () C:\Windows\DtcInstall.log
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\8140.exe
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\User\AppData\Local\Temp\MWF[BEST-HACK.RU 12.07.2013].exe
C:\Users\User\AppData\Local\Temp\sdfDB6.exe
Some zero byte size files/folders:
==========================
X:\windows\system32\Drivers\rasirda.sys
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2015-05-06 21:17:14
==================== Memory info ===========================
Percentage of memory in use: 22%
Total physical RAM: 3071.29 MB
Available physical RAM: 2375.15 MB
Total Pagefile: 6140.76 MB
Available Pagefile: 5475.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.21 GB) (Free:25.91 GB) NTFS
Drive d: (Nouveau nom) (Fixed) (Total:270.45 GB) (Free:267.76 GB) NTFS
Drive e: (Réservé au système) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:270.35 GB) (Free:264.98 GB) NTFS
Drive g: () (Fixed) (Total:195.31 GB) (Free:148.67 GB) NTFS
Drive h: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.02 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DFD444C5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
LastRegBack: 2015-05-02 18:43
==================== End Of Log ============================