Jump to content

Help - FRST.txt and Addition.txt


Recommended Posts

Sorry the results are in French! If this is a problem please let me know, I'll redo it. Thanks so much for any help!

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Exécuté par Alexandra (administrateur) sur DESKTOP-02U6HNM (25-03-2017 14:24:51)
Exécuté depuis C:\Users\Alexandra\Desktop
Profils chargés: Alexandra (Profils disponibles: Alexandra)
Platform: Windows 10 Home Version 1607 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABCSWK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [CNAP2 Launcher] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-02] (Microsoft Corporation)
HKU\S-1-5-21-1857043209-3862827509-2798332448-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1857043209-3862827509-2798332448-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1857043209-3862827509-2798332448-1001\...\RunOnce: [Uninstall C:\Users\Alexandra\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alexandra\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5664d581-82a2-49d1-8abf-59694ee0f09e}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1857043209-3862827509-2798332448-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ojkmt74l.default
FF ProfilePath: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\ojkmt74l.default [2017-03-25]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ojkmt74l.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ojkmt74l.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\ojkmt74l.default -> about:home
FF Extension: (Adobe Flash Player) - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\ojkmt74l.default\Extensions\fr@fbt.ovh.xpi [2017-02-21]
FF Extension: (Session Manager) - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\ojkmt74l.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31]
FF Extension: (Adblock Plus) - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\ojkmt74l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Site Deployment Checker) - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\ojkmt74l.default\features\{4f43f952-318b-4d8e-bc95-21ec71717e4e}\deployment-checker@mozilla.org.xpi [2017-03-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-27] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://fr.search.yahoo.com/?type=994519&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default [2017-03-25]
CHR Extension: (Google Slides) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-29]
CHR Extension: (Google Docs) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-30]
CHR Extension: (Google Drive) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-30]
CHR Extension: (YouTube) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-30]
CHR Extension: (Google Sheets) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-29]
CHR Extension: (Google Docs hors connexion) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-30]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-29]
CHR Extension: (Gmail) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-30]
CHR HKU\S-1-5-21-1857043209-3862827509-2798332448-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-01] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [Fichier non signé]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [X]

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-03-25] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [56520 2015-09-08] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-25] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-03-25 14:24 - 2017-03-25 14:26 - 00012874 _____ C:\Users\Alexandra\Desktop\FRST.txt
2017-03-25 14:24 - 2017-03-25 14:24 - 02424832 _____ (Farbar) C:\Users\Alexandra\Desktop\FRST64.exe
2017-03-25 14:24 - 2017-03-25 14:24 - 00000000 ____D C:\FRST
2017-03-25 11:14 - 2017-03-25 11:15 - 57131432 _____ (Malwarebytes ) C:\Users\Alexandra\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-25 10:54 - 2017-03-25 10:54 - 00000462 _____ C:\WINDOWS\system32\.crusader
2017-03-25 10:45 - 2017-03-25 10:59 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-03-25 10:45 - 2017-03-25 10:56 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-03-25 10:45 - 2017-03-25 10:56 - 00000000 ____D C:\WINDOWS\CryptoGuard
2017-03-25 10:45 - 2017-03-25 10:55 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-25 10:17 - 2017-03-25 14:24 - 00028346 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-25 10:17 - 2017-03-25 11:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-25 10:17 - 2017-03-25 11:02 - 00053170 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-25 10:17 - 2017-03-25 10:17 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-25 10:16 - 2017-03-25 10:16 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Zemana
2017-03-25 10:09 - 2017-03-25 10:09 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Runscanner.net
2017-03-25 09:32 - 2017-03-25 09:32 - 00000000 _____ C:\autoexec.bat
2017-03-25 00:49 - 2017-03-25 00:52 - 00000000 ____D C:\AdwCleaner
2017-03-25 00:37 - 2017-03-25 00:50 - 00000000 ____D C:\Program Files\FreeFixer
2017-03-25 00:37 - 2017-03-25 00:47 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\FreeFixer
2017-03-25 00:37 - 2017-03-25 00:47 - 00000000 ____D C:\Users\Alexandra\AppData\Local\FreeFixer
2017-03-25 00:27 - 2017-03-25 00:27 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Battle.net
2017-03-20 22:53 - 2017-03-20 22:53 - 00197600 _____ C:\Users\Alexandra\Desktop\ADS302895AlexandraSILL.pdf

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-03-25 13:02 - 2016-10-02 20:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-25 11:30 - 2016-01-19 23:12 - 00000000 ___RD C:\Users\Alexandra\Google Drive
2017-03-25 11:29 - 2016-11-16 08:19 - 00000000 ____D C:\Users\Alexandra\AppData\LocalLow\Mozilla
2017-03-25 11:29 - 2016-10-02 20:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-25 11:29 - 2016-10-02 20:15 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-25 11:29 - 2016-01-12 16:23 - 00000000 __SHD C:\Users\Alexandra\IntelGraphicsProfiles
2017-03-25 11:28 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-25 10:58 - 2016-10-02 20:19 - 00000000 ____D C:\Users\Alexandra
2017-03-25 10:54 - 2016-04-29 22:09 - 00000000 ____D C:\WINDOWS\AutoKMS
2017-03-25 08:57 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-25 08:57 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-25 00:38 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-25 00:35 - 2016-10-07 17:00 - 00000000 ____D C:\ProgramData\Samsung
2017-03-25 00:35 - 2016-10-07 16:53 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Samsung
2017-03-25 00:35 - 2016-10-07 16:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-03-25 00:35 - 2016-10-07 16:53 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-03-24 08:22 - 2016-03-29 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-21 07:52 - 2016-07-16 23:40 - 05162862 _____ C:\WINDOWS\system32\perfh00C.dat
2017-03-21 07:52 - 2016-07-16 23:40 - 01439776 _____ C:\WINDOWS\system32\perfc00C.dat
2017-03-21 07:52 - 2016-03-28 18:38 - 10095850 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-21 07:49 - 2016-11-15 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-21 07:49 - 2016-03-29 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-15 23:04 - 2016-04-29 22:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-03-14 19:46 - 2016-03-28 20:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-14 19:43 - 2016-03-28 20:42 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-27 15:57 - 2016-05-01 20:48 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-27 13:33 - 2016-05-01 20:47 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Adobe
2017-02-27 13:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-27 13:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-24 20:12 - 2016-05-04 09:36 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Fichiers à la racine de certains dossiers =======

2016-10-02 20:15 - 2016-10-02 20:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Certains fichiers dans TEMP:
====================
2016-12-13 22:32 - 2016-12-01 09:31 - 0050720 _____ (HP Inc.) C:\Users\Alexandra\AppData\Local\Temp\ACLMInstaller.exe
2016-10-07 16:55 - 2016-10-07 16:55 - 0066048 _____ () C:\Users\Alexandra\AppData\Local\Temp\Execute2App.exe
2017-03-25 10:45 - 2017-03-25 10:45 - 11581544 _____ (SurfRight B.V.) C:\Users\Alexandra\AppData\Local\Temp\HitmanPro_x64.exe
2016-11-02 22:03 - 2016-11-03 20:09 - 0035680 _____ () C:\Users\Alexandra\AppData\Local\Temp\i4jdel0.exe
2016-10-07 16:55 - 2014-05-07 16:43 - 0568832 _____ (Microsoft Corporation) C:\Users\Alexandra\AppData\Local\Temp\msvcp90.dll
2016-10-07 16:55 - 2014-05-07 16:43 - 0655872 _____ (Microsoft Corporation) C:\Users\Alexandra\AppData\Local\Temp\msvcr90.dll

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2017-03-16 20:48

==================== Fin de FRST.txt ============================

 

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Exécuté par Alexandra (25-03-2017 14:26:40)
Exécuté depuis C:\Users\Alexandra\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-02 19:38:56)
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================

Administrateur (S-1-5-21-1857043209-3862827509-2798332448-500 - Administrator - Disabled)
Alexandra (S-1-5-21-1857043209-3862827509-2798332448-1001 - Administrator - Enabled) => C:\Users\Alexandra
DefaultAccount (S-1-5-21-1857043209-3862827509-2798332448-503 - Limited - Disabled)
Invité (S-1-5-21-1857043209-3862827509-2798332448-501 - Limited - Disabled)

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BNC Express 7 (HKLM-x32\...\{A9447A6C-56F1-4030-9FA0-4FD7B97AFE64}) (Version: 07.13.0002 - Trèfle Rouge)
Canon LBP6000/LBP6018 (HKLM\...\Canon LBP6000/LBP6018) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{EB72DB50-C935-4C26-8349-69828F198902}) (Version: 12.5.32.203 - HP)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 fr)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
MPC-HC 1.7.10 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
OpenOffice 4.1.2 (HKLM-x32\...\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}) (Version: 4.12.9782 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-040C-1000-0000000FF1CE}_Office15.PROPLUS_{8B3A877E-1B73-464A-AD21-9F26A0682AC6}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSFilter 2.41.322 (0c3a1ea) Nightly (HKLM-x32\...\vsfilter_is1) (Version: 2.41.322 - MPC-HC Team)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Personnalisé CLSID (Avec liste blanche): ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {19EEC607-F598-4D93-9B22-1918499AECA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {44C1E10A-F451-4321-A70B-9379647BA50A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {456F42B8-AA66-4B5C-8CEE-467DFDA346CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6F22FA77-A47F-4E79-8E27-EE5351E372AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {7CDFFFCF-8442-4DD5-8F2E-99DFC2A8C633} - \AutoKMS -> Pas de fichier <==== ATTENTION
Task: {9C151DA4-D3BC-4474-ADBC-3F8CAEB2EBC3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-27] (Adobe Systems Incorporated)
Task: {A654C8E0-5F78-4D48-9B7F-41EFF4892A4F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {B07B1438-EB3A-4C9D-99C4-007908257B26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-29] (Google Inc.)
Task: {B0CED2D3-BF45-48DB-8D9A-FE00F851F658} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CDF157CE-468A-4F98-81D7-28923CA31350} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Raccourcis =============================

(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

==================== Modules chargés (Avec liste blanche) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 09:30 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-21 16:31 - 2017-02-01 01:01 - 00410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-12-14 09:30 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-02 20:45 - 2016-10-02 20:45 - 00959168 _____ () C:\Users\Alexandra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-02 21:03 - 2016-10-02 21:03 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 11:26 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 11:26 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 11:26 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 11:26 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 11:26 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 11:26 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 11:26 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-11 11:26 - 2016-12-21 07:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-03-25 11:29 - 2017-03-25 11:29 - 00098816 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32api.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00110080 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\pywintypes27.dll
2017-03-25 11:29 - 2017-03-25 11:29 - 00364544 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\pythoncom27.dll
2017-03-25 11:29 - 2017-03-25 11:29 - 00320512 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32com.shell.shell.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00914432 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\_hashlib.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 01176576 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\wx._core_.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00806400 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\wx._gdi_.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00816128 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\wx._windows_.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 01067008 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\wx._controls_.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00733184 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\wx._misc_.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00682496 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\pysqlite2._sqlite.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00088064 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\_ctypes.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00686080 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\unicodedata.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00119808 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32file.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00108544 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32security.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00007168 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\hashobjs_ext.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00017920 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\thumbnails_ext.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00088064 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\usb_ext.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00012800 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\common.time34.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00018432 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32event.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00167936 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32gui.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00046080 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\_socket.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 01303552 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\_ssl.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00128512 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\_elementtree.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00127488 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\pyexpat.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00038912 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32inet.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00036864 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\_psutil_windows.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00524248 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\windows._lib_cacheinvalidation.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00011264 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32crypt.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00123392 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\wx._wizard.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00077312 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\wx._html2.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00027648 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\_multiprocessing.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00020480 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\_yappi.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00035840 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32process.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00078848 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\wx._animate.pyd
2017-03-25 11:29 - 2017-03-25 11:30 - 00024064 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32pipe.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00010240 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\select.pyd
2017-03-25 11:29 - 2017-03-25 11:29 - 00025600 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32pdh.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00017408 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32profile.pyd
2017-03-25 11:30 - 2017-03-25 11:30 - 00022528 ____R () C:\Users\Alexandra\AppData\Local\Temp\_MEI59362\win32ts.pyd

==================== Alternate Data Streams (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)


==================== Mode sans échec (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)


==================== Internet Explorer sites de confiance/sensibles ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)


==================== Hosts contenu: ===============================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2016-03-28 19:09 - 2016-03-28 19:05 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Autres zones ============================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKU\S-1-5-21-1857043209-3862827509-2798332448-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Fond d’écran.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.

==================== MSCONFIG/TASK MANAGER éléments désactivés ==

HKU\S-1-5-21-1857043209-3862827509-2798332448-1001\...\StartupApproved\Run: => "Skype"

==================== RèglesPare-feu (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{03C389A7-03AC-4E36-AEA6-2612EA5CF4AA}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{812D939F-91B1-47A9-B43D-5E161E0E957F}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{3E221D0C-6C54-4528-BD41-E35ADA5538CB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1014A2F8-F695-4652-A278-8A4C1B471008}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EF2D9400-73CF-4DDA-874D-F6950A17FC7E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ED5E5F86-25E9-4FD5-BF01-566F7ECA512E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F7DBE984-01BA-4E43-9CD0-B9F544807413}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B29964A8-1C01-4678-BB7D-6174C81AB9D2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{02EFC1C6-6B75-45D4-8354-CBAE40F931FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{993BE645-D954-4C71-8FAF-8BD9140AEE34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{75886643-B433-47E6-99F8-A919E35F5DEA}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{982597D5-BB44-4871-9F4E-0B233A3C2C8C}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{8F711CD0-438E-49C5-88DC-BFD05761E1CA}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [UDP Query User{E27AC700-D7AE-427B-A80A-30C200040393}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [TCP Query User{93B1CC04-9C52-4CCA-8DCC-C00AB85AEF00}C:\program files (x86)\coolmuster\coolmuster android assistant\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\coolmuster\coolmuster android assistant\bin\androidassistserver.exe
FirewallRules: [UDP Query User{8FCD1A7E-D43F-4CBE-A2E3-B55C8AA92B9D}C:\program files (x86)\coolmuster\coolmuster android assistant\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\coolmuster\coolmuster android assistant\bin\androidassistserver.exe
FirewallRules: [{5DD1395E-63AD-43C3-B5EC-12D41E0AF573}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Points de restauration =========================

11-03-2017 12:12:14 Point de contrôle planifié
14-03-2017 19:40:46 Windows Update
25-03-2017 00:49:06 Removed Bonjour
25-03-2017 10:31:45 JRT Pre-Junkware Removal

==================== Éléments en erreur du Gestionnaire de périphériques =============


==================== Erreurs du Journal des événements: =========================

Erreurs Application:
==================
Error: (03/25/2017 10:32:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.
.

Error: (03/25/2017 12:52:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante firefox.exe, version : 52.0.1.6284, horodatage : 0x58cb7774
Nom du module défaillant : mozglue.dll, version : 52.0.1.6284, horodatage : 0x58cb7766
Code d’exception : 0x80000003
Décalage d’erreur : 0x0000f74f
ID du processus défaillant : 0x858
Heure de début de l’application défaillante : 0x01d2a4f21c8bb1f4
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chemin d’accès du module défaillant: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
ID de rapport : 6fde6f3e-39b8-49fa-be73-5c93a1b67bf3
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (03/25/2017 12:49:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.
.

Error: (03/25/2017 12:34:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, Descripteur non valide
.


Opération :
   Opération asynchrone en cours d’exécution

Contexte :
   État actuel: DoSnapshotSet

Error: (03/25/2017 12:34:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.
.

Error: (03/21/2017 07:56:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-02U6HNM)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (03/21/2017 07:50:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5124703

Error: (03/21/2017 07:50:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5124703

Error: (03/21/2017 07:50:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/21/2017 06:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2328


Erreurs système:
=============
Error: (03/25/2017 02:15:04 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 au SID AUTORITE NT\Système de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2017 11:29:14 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 et l’APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 au SID AUTORITE NT\Système de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2017 11:28:04 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 au SID AUTORITE NT\Système de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2017 11:02:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service ZAM Controller Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (03/25/2017 11:01:07 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 et l’APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 au SID AUTORITE NT\Système de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2017 11:00:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Gestionnaire des cartes téléchargées s’est arrêté avec l’erreur :
%%2147942419 = Média protégé en écriture.

Error: (03/25/2017 10:59:32 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 au SID AUTORITE NT\Système de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2017 10:57:12 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 et l’APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 au SID AUTORITE NT\Système de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (03/25/2017 10:57:11 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Le service HitmanPro 3.7 Crusader (Boot) s’est arrêté avec l’erreur spécifique au service suivante :
L’opération a réussi.

Error: (03/25/2017 10:55:41 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 au SID AUTORITE NT\Système de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.


CodeIntegrity:
===================================
  Date: 2017-03-20 23:08:31.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-17 23:43:57.961
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-16 20:48:35.795
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-15 23:54:25.272
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-15 13:19:08.231
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-13 01:14:15.708
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-11 12:14:30.932
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-07 22:51:26.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-06 22:03:44.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-06 16:37:57.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Infos Mémoire ===========================

Processeur: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Pourcentage de mémoire utilisée: 57%
Mémoire physique - RAM - totale: 4023.36 MB
Mémoire physique - RAM - disponible: 1703.89 MB
Mémoire virtuelle totale: 4727.36 MB
Mémoire virtuelle disponible: 2093.74 MB

==================== Lecteurs ================================

Drive c: () (Fixed) (Total:299.97 GB) (Free:41.54 GB) NTFS

==================== MBR & Table des partitions ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CB29D7A4)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=631.1 GB) - (Type=06)

==================== Fin de Addition.txt ============================

Link to post
Share on other sites

Hello heather67.

To avoid confusion, I asked to merge your two topics. Please keep posting your replies just in this topic.

 

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please DO NOT run any tools on your own and follow the directions in the order listed.

Make sure to run all the tools from the Desktop and with Administrator privileges.

 

With that being said, let's start cleaning your system.


Follow the instructions below to execute a fix on your system using FRST, and provide the produced log (fixlog.txt) in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open that file.
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the fixlog.txt in your next reply;

 

Please download Malwarebytes from here and install it on your computer.
Restart your computer when finished.

 

Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.

 

Next,

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator;
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits: BleepingComputer and Aura
  • Once the scan is complete, a log will open. Please attach the log in your next reply;

 

Next,

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please attach the log in your next reply;

 

To summarize, in your next reply please attach:
The fixlog.txt produced by FRST;
The Malwarebytes log.
The JRT log;
The AdwCleaner clean log.

Let me also know how is your computer running and how is the Firefox browser behaving.

Thank you.

fixlist.txt

Edited by Android8888
To attach fixlist.txt
Link to post
Share on other sites

Thank you so much for your reply, this is really kind of you.

I followed all your instructions. Just one thing, the AdwCleaner scan didn't find anything but I did run a scan yesterday and I think it did quarantine one thing (not entirely sure because I ran several different scans yesterday and some detected certain things but none resolved the whole facebook tab problem). Thought I should mention it in case.

Otherwise I can't say I've noticed my computer run any differently and Firefox seems to be behaving fine apart from these persistent Facebook tabs. I must say I put off doing anything about this problem for a short while because it didn't seem to be having a visible impact, until suddenly lots of unwanted posts started coming from my Facebook account.

Hope that answers everything. Thanks again!!!

malwarereport.txt

JRT.txt

Fixlog.txt

AdwCleaner[C2].txt

Link to post
Share on other sites

Hello heather67.

11 minutes ago, heather67 said:

Thank you so much for your reply, this is really kind of you.

You're very welcome! :)

The logs are clean.

Let's get a scan with ESET Online Scanner. This is a very thorough scan so may take several hours.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    2. Close all your programs and browsers.
    3. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    4. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

 

Please post the ESET log (if it produced one).

Thank you.

Link to post
Share on other sites

Hello heather67.

1 hour ago, heather67 said:

I've just completed the scan and it hasn't detected anything so there's no log

This is a good sign. Your computer appear to be clean and free of malware.

Please proceed as follow:

Clear Firefox browsing history and cookies and then see if the Facebook tabs issue is solved.
https://support.mozilla.org/t5/Privacy-and-security/Clear-browsing-history-and-cookies/ta-p/8602


If that doesn't solve the problem please try to reset the Firefox browser:
How to Reset Firefox

Does this solved the problem or not?

Link to post
Share on other sites

Hello heather67.

2 hours ago, heather67 said:

I've just reset Firefox and it's done the trick! :)

I'm glad to know that your problem is solved. :)

 

2 hours ago, heather67 said:

Thanks so much for all your help. It's really very kind of you!!

Thank you for your kind words. You're very welcome!

 

Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

 

Now that your system is clean and malware free you can delete the tools we used.

Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. I don't need to see the log file;

To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. default_cool.png

Android8888

Link to post
Share on other sites

4 hours ago, heather67 said:

That's great, thanks again for all the recommendations and advice!!! :) It's very much appreciated!

Take care,

You're welcome. Come back whenever you need. :)

Regards,

Android8888

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.