Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by user (administrator) on LAPTOP (01-11-2016 19:45:42)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Naftali)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AgentAntidote32] => C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [1130280 2012-11-07] (Druide informatique inc.)
HKLM\...\Run: [AgentAntidote64] => C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe [1275176 2012-11-07] (Druide informatique inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3596991858-899571758-1917397009-1003\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 168.0.0.198
Tcpip\..\Interfaces\{454F6C06-6F34-4BF2-BB6F-03D2344F0EAA}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{C4DB7C63-C6CF-4FA4-A244-217FA4E66C1A}: [DhcpNameServer] 168.0.0.198
Internet Explorer:
==================
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0&ocid=iehp
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
FireFox:
========
FF DefaultProfile: fxr2sb8r.default-1477480692368
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fxr2sb8r.default-1477480692368 [2016-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-19] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-31] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-09] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-11-01]
CHR Extension: (Youtube Video Downloader - Ytb) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eccnnembdaanhfjneehillmbndjjdepe [2015-05-10]
CHR Extension: (Adobe Acrobat – Créer un fichier PDF) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-02-03]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-30]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [118784 2007-02-02] (TOSHIBA CORPORATION) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Tosrfcom; no ImagePath
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-01 19:45 - 2016-11-01 19:46 - 00011644 _____ C:\Users\user\Desktop\FRST.txt
2016-11-01 19:44 - 2016-11-01 19:45 - 00000000 ____D C:\FRST
2016-11-01 19:43 - 2016-11-01 19:44 - 02408960 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-11-01 19:43 - 2016-11-01 19:43 - 00071383 _____ C:\Users\user\Desktop\8XpSuc7a.htm
2016-11-01 18:03 - 2016-11-01 18:03 - 00001292 _____ C:\Users\user\Desktop\ZHPFixReport.txt
2016-11-01 18:03 - 2016-11-01 18:03 - 00001292 _____ C:\Users\user\Desktop\ZHPFix[R1].txt
2016-11-01 18:01 - 2016-11-01 18:01 - 00001860 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-11-01 18:01 - 2016-11-01 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-11-01 18:01 - 2016-11-01 18:01 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2016-11-01 18:00 - 2016-11-01 18:00 - 03521617 _____ (Nicolas Coolman ) C:\Users\user\Downloads\ZHPFix.exe
2016-11-01 17:33 - 2016-11-01 17:33 - 00108863 _____ C:\Users\user\Desktop\ZHPDiag1.txt
2016-11-01 17:00 - 2016-11-01 17:11 - 00002310 _____ C:\Users\user\Desktop\ZHPCleaner.txt
2016-11-01 16:50 - 2016-11-01 16:50 - 02478592 _____ C:\Users\user\Downloads\ZHPCleaner.exe
2016-11-01 16:50 - 2016-11-01 16:50 - 00000839 _____ C:\Users\user\Desktop\ZHPCleaner.lnk
2016-11-01 13:37 - 2016-11-01 17:33 - 00108860 _____ C:\Users\user\Desktop\ZHPDiag.txt
2016-11-01 13:20 - 2016-11-01 18:03 - 00000000 ____D C:\Users\user\AppData\Roaming\ZHP
2016-11-01 13:20 - 2016-11-01 17:29 - 00000829 _____ C:\Users\user\Desktop\ZHPDiag.lnk
2016-11-01 13:14 - 2016-11-01 13:14 - 00048922 _____ C:\Users\user\Documents\cc_20161101_131405.reg
2016-11-01 11:56 - 2016-11-01 11:56 - 00012574 ____H C:\Users\user\Downloads\~WRL0534.tmp
2016-11-01 09:18 - 2016-11-01 09:18 - 01622069 _____ C:\Users\user\Downloads\gsus_presentation_hebrow.pdf
2016-10-26 13:18 - 2016-10-26 13:18 - 00000000 ____D C:\Users\user\Desktop\Old Firefox Data
2016-10-26 13:16 - 2016-10-26 13:18 - 00294894 _____ C:\Users\user\Documents\בקשה למלגה- משה אנקרי.pdf
2016-10-05 16:32 - 2016-09-18 08:36 - 00159726 _____ C:\Users\Naftali\Desktop\מיינקראפט.rar
2016-10-05 16:27 - 2016-10-05 16:27 - 00002262 _____ C:\Users\Naftali\Downloads\MobileHeart.com-BattlePhone-2900-1124.jar
2016-10-02 16:13 - 2016-10-02 16:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-02 16:13 - 2016-10-02 16:13 - 00000000 ____D C:\Users\Naftali\AppData\Roaming\WinRAR
2016-10-02 16:13 - 2016-10-02 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-02 14:04 - 2016-10-02 16:13 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-10-02 14:01 - 2016-10-02 14:01 - 02006576 _____ C:\Users\Naftali\Downloads\wrar540.exe
2016-10-02 13:48 - 2016-10-02 13:48 - 00000000 ____D C:\Users\Naftali\AppData\Roaming\Media Player Classic
2016-10-02 13:22 - 2016-10-07 11:42 - 00000000 ____D C:\Users\Naftali\Desktop\Terraria
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-01 19:41 - 2009-07-14 06:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:41 - 2009-07-14 06:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:32 - 2016-03-13 10:25 - 00002339 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2016-11-01 19:32 - 2013-11-22 14:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-01 19:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-01 19:25 - 2015-05-05 12:29 - 00000000 ____D C:\Program Files (x86)\HP
2016-11-01 19:22 - 2014-06-19 17:59 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList
2016-11-01 19:22 - 2014-06-19 17:59 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList
2016-11-01 19:22 - 2013-11-22 14:18 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-01 19:01 - 2013-11-22 14:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-01 18:54 - 2013-08-31 22:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-01 18:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-11-01 17:58 - 2015-07-30 22:37 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-01 17:33 - 2009-07-14 07:13 - 00006206 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-01 17:25 - 2009-07-14 06:45 - 02976952 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-01 16:44 - 2015-05-05 12:24 - 00000000 ____D C:\ProgramData\HP
2016-11-01 16:31 - 2013-09-10 12:30 - 00000000 ____D C:\ProgramData\National Instruments
2016-11-01 16:24 - 2005-04-09 07:01 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-01 16:04 - 2005-04-09 07:01 - 00000000 ____D C:\ProgramData\TEMP
2016-11-01 16:00 - 2011-02-17 12:14 - 00000000 ____D C:\Program Files\LambdaYozmot
2016-11-01 15:51 - 2013-10-01 10:49 - 00000000 ____D C:\Program Files (x86)\National Instruments
2016-11-01 15:50 - 2013-10-01 10:49 - 00000000 ____D C:\Program Files (x86)\LEGO Software
2016-11-01 15:49 - 2013-01-01 15:38 - 00000000 ____D C:\Users\user\Documents\LEGO Creations
2016-11-01 12:48 - 2013-09-10 13:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-01 11:51 - 2014-08-01 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-01 09:22 - 2015-06-10 15:57 - 00000000 ____D C:\Users\user\Downloads\Druide_Téléchargement
2016-10-31 19:08 - 2013-08-31 22:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-31 19:07 - 2013-08-31 22:41 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-31 19:07 - 2013-08-31 22:41 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-31 19:05 - 2013-08-31 22:41 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-31 19:04 - 2013-08-20 17:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-07 12:26 - 2011-02-19 17:07 - 00000000 ____D C:\Users\Naftali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
==================== Files in the root of some directories =======
2005-04-10 21:06 - 2015-02-25 12:03 - 0001154 _____ () C:\Users\user\AppData\Roaming\SAS7_000.DAT
2011-04-07 22:47 - 2011-04-07 22:47 - 0007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2015-05-05 12:26 - 2016-11-01 16:49 - 0008047 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\user\DNS12ServicePack1.exe
Some files in TEMP:
====================
C:\Users\Naftali\AppData\Local\Temp\ICReinstall_FlvPlayerSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-18 13:43
==================== End of FRST.txt ============================
Ran by user (administrator) on LAPTOP (01-11-2016 19:45:42)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Naftali)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AgentAntidote32] => C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe [1130280 2012-11-07] (Druide informatique inc.)
HKLM\...\Run: [AgentAntidote64] => C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe [1275176 2012-11-07] (Druide informatique inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3596991858-899571758-1917397009-1003\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 168.0.0.198
Tcpip\..\Interfaces\{454F6C06-6F34-4BF2-BB6F-03D2344F0EAA}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{C4DB7C63-C6CF-4FA4-A244-217FA4E66C1A}: [DhcpNameServer] 168.0.0.198
Internet Explorer:
==================
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0&ocid=iehp
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
FireFox:
========
FF DefaultProfile: fxr2sb8r.default-1477480692368
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fxr2sb8r.default-1477480692368 [2016-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-19] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-31] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-09] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-11-01]
CHR Extension: (Youtube Video Downloader - Ytb) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eccnnembdaanhfjneehillmbndjjdepe [2015-05-10]
CHR Extension: (Adobe Acrobat – Créer un fichier PDF) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-02-03]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-30]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [118784 2007-02-02] (TOSHIBA CORPORATION) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Tosrfcom; no ImagePath
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-01 19:45 - 2016-11-01 19:46 - 00011644 _____ C:\Users\user\Desktop\FRST.txt
2016-11-01 19:44 - 2016-11-01 19:45 - 00000000 ____D C:\FRST
2016-11-01 19:43 - 2016-11-01 19:44 - 02408960 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-11-01 19:43 - 2016-11-01 19:43 - 00071383 _____ C:\Users\user\Desktop\8XpSuc7a.htm
2016-11-01 18:03 - 2016-11-01 18:03 - 00001292 _____ C:\Users\user\Desktop\ZHPFixReport.txt
2016-11-01 18:03 - 2016-11-01 18:03 - 00001292 _____ C:\Users\user\Desktop\ZHPFix[R1].txt
2016-11-01 18:01 - 2016-11-01 18:01 - 00001860 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-11-01 18:01 - 2016-11-01 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-11-01 18:01 - 2016-11-01 18:01 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2016-11-01 18:00 - 2016-11-01 18:00 - 03521617 _____ (Nicolas Coolman ) C:\Users\user\Downloads\ZHPFix.exe
2016-11-01 17:33 - 2016-11-01 17:33 - 00108863 _____ C:\Users\user\Desktop\ZHPDiag1.txt
2016-11-01 17:00 - 2016-11-01 17:11 - 00002310 _____ C:\Users\user\Desktop\ZHPCleaner.txt
2016-11-01 16:50 - 2016-11-01 16:50 - 02478592 _____ C:\Users\user\Downloads\ZHPCleaner.exe
2016-11-01 16:50 - 2016-11-01 16:50 - 00000839 _____ C:\Users\user\Desktop\ZHPCleaner.lnk
2016-11-01 13:37 - 2016-11-01 17:33 - 00108860 _____ C:\Users\user\Desktop\ZHPDiag.txt
2016-11-01 13:20 - 2016-11-01 18:03 - 00000000 ____D C:\Users\user\AppData\Roaming\ZHP
2016-11-01 13:20 - 2016-11-01 17:29 - 00000829 _____ C:\Users\user\Desktop\ZHPDiag.lnk
2016-11-01 13:14 - 2016-11-01 13:14 - 00048922 _____ C:\Users\user\Documents\cc_20161101_131405.reg
2016-11-01 11:56 - 2016-11-01 11:56 - 00012574 ____H C:\Users\user\Downloads\~WRL0534.tmp
2016-11-01 09:18 - 2016-11-01 09:18 - 01622069 _____ C:\Users\user\Downloads\gsus_presentation_hebrow.pdf
2016-10-26 13:18 - 2016-10-26 13:18 - 00000000 ____D C:\Users\user\Desktop\Old Firefox Data
2016-10-26 13:16 - 2016-10-26 13:18 - 00294894 _____ C:\Users\user\Documents\בקשה למלגה- משה אנקרי.pdf
2016-10-05 16:32 - 2016-09-18 08:36 - 00159726 _____ C:\Users\Naftali\Desktop\מיינקראפט.rar
2016-10-05 16:27 - 2016-10-05 16:27 - 00002262 _____ C:\Users\Naftali\Downloads\MobileHeart.com-BattlePhone-2900-1124.jar
2016-10-02 16:13 - 2016-10-02 16:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-02 16:13 - 2016-10-02 16:13 - 00000000 ____D C:\Users\Naftali\AppData\Roaming\WinRAR
2016-10-02 16:13 - 2016-10-02 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-02 14:04 - 2016-10-02 16:13 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-10-02 14:01 - 2016-10-02 14:01 - 02006576 _____ C:\Users\Naftali\Downloads\wrar540.exe
2016-10-02 13:48 - 2016-10-02 13:48 - 00000000 ____D C:\Users\Naftali\AppData\Roaming\Media Player Classic
2016-10-02 13:22 - 2016-10-07 11:42 - 00000000 ____D C:\Users\Naftali\Desktop\Terraria
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-01 19:41 - 2009-07-14 06:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:41 - 2009-07-14 06:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:32 - 2016-03-13 10:25 - 00002339 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2016-11-01 19:32 - 2013-11-22 14:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-01 19:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-01 19:25 - 2015-05-05 12:29 - 00000000 ____D C:\Program Files (x86)\HP
2016-11-01 19:22 - 2014-06-19 17:59 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList
2016-11-01 19:22 - 2014-06-19 17:59 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList
2016-11-01 19:22 - 2013-11-22 14:18 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-01 19:01 - 2013-11-22 14:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-01 18:54 - 2013-08-31 22:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-01 18:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-11-01 17:58 - 2015-07-30 22:37 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-01 17:33 - 2009-07-14 07:13 - 00006206 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-01 17:25 - 2009-07-14 06:45 - 02976952 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-01 16:44 - 2015-05-05 12:24 - 00000000 ____D C:\ProgramData\HP
2016-11-01 16:31 - 2013-09-10 12:30 - 00000000 ____D C:\ProgramData\National Instruments
2016-11-01 16:24 - 2005-04-09 07:01 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-01 16:04 - 2005-04-09 07:01 - 00000000 ____D C:\ProgramData\TEMP
2016-11-01 16:00 - 2011-02-17 12:14 - 00000000 ____D C:\Program Files\LambdaYozmot
2016-11-01 15:51 - 2013-10-01 10:49 - 00000000 ____D C:\Program Files (x86)\National Instruments
2016-11-01 15:50 - 2013-10-01 10:49 - 00000000 ____D C:\Program Files (x86)\LEGO Software
2016-11-01 15:49 - 2013-01-01 15:38 - 00000000 ____D C:\Users\user\Documents\LEGO Creations
2016-11-01 12:48 - 2013-09-10 13:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-01 11:51 - 2014-08-01 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-01 09:22 - 2015-06-10 15:57 - 00000000 ____D C:\Users\user\Downloads\Druide_Téléchargement
2016-10-31 19:08 - 2013-08-31 22:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-31 19:07 - 2013-08-31 22:41 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-31 19:07 - 2013-08-31 22:41 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-31 19:05 - 2013-08-31 22:41 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-31 19:04 - 2013-08-20 17:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-07 12:26 - 2011-02-19 17:07 - 00000000 ____D C:\Users\Naftali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
==================== Files in the root of some directories =======
2005-04-10 21:06 - 2015-02-25 12:03 - 0001154 _____ () C:\Users\user\AppData\Roaming\SAS7_000.DAT
2011-04-07 22:47 - 2011-04-07 22:47 - 0007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2015-05-05 12:26 - 2016-11-01 16:49 - 0008047 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\user\DNS12ServicePack1.exe
Some files in TEMP:
====================
C:\Users\Naftali\AppData\Local\Temp\ICReinstall_FlvPlayerSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-18 13:43
==================== End of FRST.txt ============================