cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Exécuté par Ludo (administrateur) sur LUDO-PC (18-04-2016 13:29:34)
Exécuté depuis C:\Users\Ludo\Desktop
Profils chargés: UpdatusUser & Ludo (Profils disponibles: UpdatusUser & Ludo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: IE)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-02-25] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe [4566016 2011-08-26] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-17] (AVAST Software)
Winlogon\Notify\avldr: avldr64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3130750385-2192580418-1621175004-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
HKU\S-1-5-21-3130750385-2192580418-1621175004-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-12] (Google Inc.)
HKU\S-1-5-21-3130750385-2192580418-1621175004-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [cacls] => C:\Users\Ludo\AppData\Roaming\{54A890A9-F6AA-636B-C98C-AEBF6368CE18}\cacls.exe [0 2016-04-13] ()
HKU\S-1-5-18\...\RunOnce: [cacls] => C:\Users\Ludo\AppData\Roaming\{54A890A9-F6AA-636B-C98C-AEBF6368CE18}\cacls.exe [0 2016-04-13] ()
HKU\S-1-5-18\...\Policies\Explorer: [Run] "C:\Users\Ludo\AppData\Roaming\{54A890A9-F6AA-636B-C98C-AEBF6368CE18}\cacls.exe"
HKU\S-1-5-18\...\Command Processor: C:\Users\Ludo\AppData\Roaming\{54A890A9-F6AA-636B-C98C-AEBF6368CE18}\cacls.exe [0 2016-04-13] () <===== ATTENTION
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Ludo\AppData\Roaming\{54A890A9-F6AA-636B-C98C-AEBF6368CE18}\cacls.exe [0 2016-04-13] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-03-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-03-08] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-17] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-01-12]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-12-08]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2011-05-31]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.2.0.10
Tcpip\..\Interfaces\{6098202F-C05F-4EF9-8A96-97D66558D6B6}: [DhcpNameServer] 89.2.0.10
Tcpip\..\Interfaces\{FDECCE07-B3E4-4B7D-924C-3E56D7B0282A}: [DhcpNameServer] 89.2.0.10

Internet Explorer:
==================
HKU\S-1-5-21-3130750385-2192580418-1621175004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-3130750385-2192580418-1621175004-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-3130750385-2192580418-1621175004-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dailymotion.com/video/x2omsw_vercoutre-lyon-lille_fun#.Uexvd71OJDN
HKU\S-1-5-21-3130750385-2192580418-1621175004-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope la valeur est absente
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-3130750385-2192580418-1621175004-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-3130750385-2192580418-1621175004-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3130750385-2192580418-1621175004-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3130750385-2192580418-1621175004-1002 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=CA31E63413EEB3D4FB2E065165C4B314&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-08] (Google Inc.)
BHO-x32: Pas de nom -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> Pas de fichier
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-07] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-17] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-08] (Google Inc.)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll => Pas de fichier
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-07] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-08] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-08] (Google Inc.)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Pas de fichier]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-27] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3130750385-2192580418-1621175004-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ludo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2012-10-12] (Skype Limited)
FF Plugin HKU\S-1-5-21-3130750385-2192580418-1621175004-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ludo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => Pas de fichier
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => Pas de fichier
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => Pas de fichier
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => Pas de fichier
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => Pas de fichier
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => Pas de fichier
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => Pas de fichier
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Pas de fichier
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Pas de fichier
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Ludo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => Pas de fichier
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => Pas de fichier
CHR Profile: C:\Users\Ludo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SecureSearch) - C:\Users\Ludo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik [2016-03-05]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Ludo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-17]
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [2013-02-04]

==================== Services (Avec liste blanche) ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [Fichier non signé]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [Fichier non signé]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-17] (AVAST Software)
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1114608 2015-04-29] ()
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [Fichier non signé]
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [Fichier non signé]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] () [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Pilotes (Avec liste blanche) ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-17] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-17] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81920 2011-02-25] (Fresco Logic)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-12] (GFI Software)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-04-18 13:29 - 2016-04-18 13:31 - 00025488 _____ C:\Users\Ludo\Desktop\FRST.txt
2016-04-17 22:41 - 2016-04-17 22:41 - 00003072 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1460925691
2016-04-17 22:41 - 2016-04-17 22:41 - 00001039 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-04-17 22:41 - 2016-04-17 22:41 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-17 22:40 - 2016-04-17 22:40 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-17 22:39 - 2016-04-17 22:39 - 00001924 _____ C:\Users\Public\Desktop\Avast Antivirus Gratuit.lnk
2016-04-17 22:39 - 2016-04-17 22:39 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\AVAST Software
2016-04-17 22:39 - 2016-04-17 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-17 22:37 - 2016-04-18 12:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-17 22:37 - 2016-04-17 22:37 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-04-17 22:37 - 2016-04-17 22:37 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-17 22:36 - 2016-04-17 22:37 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-04-17 22:36 - 2016-04-17 22:34 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-17 22:36 - 2016-04-17 22:34 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-17 22:36 - 2016-04-17 22:34 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-17 22:36 - 2016-04-17 22:34 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-17 22:36 - 2016-04-17 22:34 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-17 22:36 - 2016-04-17 22:34 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-17 22:36 - 2016-04-17 22:34 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-17 22:35 - 2016-04-17 22:34 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-17 22:34 - 2016-04-17 22:34 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-17 22:33 - 2016-04-17 22:33 - 05066104 _____ (AVAST Software) C:\Users\Ludo\Desktop\avast_free_antivirus_setup_online.exe
2016-04-13 01:06 - 2016-04-13 01:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2016-04-13 01:03 - 2016-04-13 01:03 - 00000020 ___SH C:\Users\Ludo\ntuser.ini
2016-04-13 00:42 - 2016-04-13 00:42 - 00012834 _____ C:\Users\Ludo\Desktop\# DECRYPT MY FILES #.html
2016-04-13 00:42 - 2016-04-13 00:42 - 00012834 _____ C:\Users\Default\# DECRYPT MY FILES #.html
2016-04-13 00:42 - 2016-04-13 00:42 - 00011382 _____ C:\Users\Ludo\Desktop\# DECRYPT MY FILES #.txt
2016-04-13 00:42 - 2016-04-13 00:42 - 00011382 _____ C:\Users\Default\# DECRYPT MY FILES #.txt
2016-04-13 00:42 - 2016-04-13 00:42 - 00000204 _____ C:\Users\Ludo\Desktop\# DECRYPT MY FILES #.vbs
2016-04-13 00:42 - 2016-04-13 00:42 - 00000204 _____ C:\Users\Default\# DECRYPT MY FILES #.vbs
2016-04-13 00:41 - 2016-04-13 00:41 - 00012834 _____ C:\Users\UpdatusUser\# DECRYPT MY FILES #.html
2016-04-13 00:41 - 2016-04-13 00:41 - 00012834 _____ C:\Users\Ludo\# DECRYPT MY FILES #.html
2016-04-13 00:41 - 2016-04-13 00:41 - 00012834 _____ C:\# DECRYPT MY FILES #.html
2016-04-13 00:41 - 2016-04-13 00:41 - 00011382 _____ C:\Users\UpdatusUser\# DECRYPT MY FILES #.txt
2016-04-13 00:41 - 2016-04-13 00:41 - 00011382 _____ C:\Users\Ludo\# DECRYPT MY FILES #.txt
2016-04-13 00:41 - 2016-04-13 00:41 - 00011382 _____ C:\# DECRYPT MY FILES #.txt
2016-04-13 00:41 - 2016-04-13 00:41 - 00000204 _____ C:\Users\UpdatusUser\# DECRYPT MY FILES #.vbs
2016-04-13 00:41 - 2016-04-13 00:41 - 00000204 _____ C:\Users\Ludo\# DECRYPT MY FILES #.vbs
2016-04-13 00:41 - 2016-04-13 00:41 - 00000204 _____ C:\# DECRYPT MY FILES #.vbs
2016-04-13 00:36 - 2016-04-13 00:36 - 00012834 _____ C:\Users\Ludo\AppData\Roaming\# DECRYPT MY FILES #.html
2016-04-13 00:36 - 2016-04-13 00:36 - 00011382 _____ C:\Users\Ludo\AppData\Roaming\# DECRYPT MY FILES #.txt
2016-04-13 00:36 - 2016-04-13 00:36 - 00000204 _____ C:\Users\Ludo\AppData\Roaming\# DECRYPT MY FILES #.vbs
2016-04-13 00:33 - 2016-04-13 00:33 - 00012834 _____ C:\Users\Ludo\Downloads\# DECRYPT MY FILES #.html
2016-04-13 00:33 - 2016-04-13 00:33 - 00012834 _____ C:\Users\Ludo\Desktop\Documents\# DECRYPT MY FILES #.html
2016-04-13 00:33 - 2016-04-13 00:33 - 00012834 _____ C:\Users\Ludo\AppData\# DECRYPT MY FILES #.html
2016-04-13 00:33 - 2016-04-13 00:33 - 00011382 _____ C:\Users\Ludo\Downloads\# DECRYPT MY FILES #.txt
2016-04-13 00:33 - 2016-04-13 00:33 - 00011382 _____ C:\Users\Ludo\Desktop\Documents\# DECRYPT MY FILES #.txt
2016-04-13 00:33 - 2016-04-13 00:33 - 00011382 _____ C:\Users\Ludo\AppData\# DECRYPT MY FILES #.txt
2016-04-13 00:33 - 2016-04-13 00:33 - 00000204 _____ C:\Users\Ludo\Downloads\# DECRYPT MY FILES #.vbs
2016-04-13 00:33 - 2016-04-13 00:33 - 00000204 _____ C:\Users\Ludo\Desktop\Documents\# DECRYPT MY FILES #.vbs
2016-04-13 00:33 - 2016-04-13 00:33 - 00000204 _____ C:\Users\Ludo\AppData\# DECRYPT MY FILES #.vbs
2016-04-13 00:19 - 2016-04-13 00:37 - 00000000 ____D C:\Users\Ludo\Desktop\Zone-Telechargement.com-PreyReckGoingH3ll
2016-04-04 23:58 - 2016-04-04 23:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0F506A60.sys
2016-04-04 23:21 - 2016-04-04 23:22 - 00000000 ____D C:\Users\Ludo\Desktop\Factures FREE
2016-04-04 00:07 - 2016-04-04 00:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\3297231E.sys
2016-04-04 00:07 - 2016-04-04 00:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\18F122CD.sys
2016-04-03 23:57 - 2016-04-13 00:40 - 00000000 ____D C:\Users\Ludo\Desktop\ShadowExplorerPortable-0.9
2016-04-03 23:55 - 2016-04-03 23:57 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\www.shadowexplorer.com
2016-04-03 23:55 - 2016-04-03 23:55 - 00001891 _____ C:\Users\Ludo\Desktop\ShadowExplorer.lnk
2016-04-03 23:55 - 2016-04-03 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2016-04-03 23:55 - 2016-04-03 23:55 - 00000000 ____D C:\Program Files (x86)\ShadowExplorer
2016-04-03 23:48 - 2016-04-03 23:48 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Ludo\Desktop\ShadowExplorer-0.9-setup.exe
2016-04-02 13:46 - 2016-04-13 00:33 - 00000000 ____D C:\Users\Ludo\Desktop\Nouveau dossier
2016-04-02 00:59 - 2016-04-02 00:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\086D2EB4.sys
2016-03-30 00:07 - 2016-03-30 00:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\73261C26.sys
2016-03-30 00:07 - 2016-03-30 00:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\36C81C7B.sys
2016-03-29 23:54 - 2016-04-18 13:29 - 00000000 ____D C:\FRST
2016-03-29 23:54 - 2016-03-29 23:54 - 02374144 _____ (Farbar) C:\Users\Ludo\Desktop\FRST64.exe
2016-03-29 23:38 - 2016-04-01 00:48 - 00000000 ____D C:\Users\Ludo\AppData\Local\adawarebp
2016-03-29 23:32 - 2016-03-29 23:32 - 00001855 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-03-29 23:32 - 2016-03-29 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-03-29 23:32 - 2016-03-29 23:32 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2016-03-29 23:30 - 2016-03-29 23:30 - 03521617 _____ (Nicolas Coolman ) C:\Users\Ludo\Desktop\ZHPFix.exe
2016-03-29 23:10 - 2016-03-29 23:10 - 00071048 _____ C:\Users\Ludo\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-29 23:08 - 2016-04-17 23:03 - 00313696 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-28 21:55 - 2016-04-13 00:40 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\ZHP
2016-03-28 21:55 - 2016-04-12 23:33 - 00000822 _____ C:\Users\Ludo\Desktop\ZHPDiag.lnk
2016-03-28 21:54 - 2016-03-28 21:54 - 02166272 _____ C:\Users\Ludo\Desktop\ZHPDiag3.exe
2016-03-19 02:08 - 2016-03-19 02:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\7ACD1D0A.sys
2016-03-19 02:07 - 2016-03-19 02:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\39361CAB.sys

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-04-18 13:29 - 2011-01-12 17:50 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-18 13:00 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-18 13:00 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-18 12:50 - 2011-01-12 17:50 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-18 12:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-17 23:16 - 2012-03-08 10:50 - 00000000 ____D C:\Vega5
2016-04-17 23:03 - 2011-05-31 06:20 - 00002632 _____ C:\Windows\system32\AutoRunFilter.ini
2016-04-17 22:40 - 2011-09-18 13:10 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-17 22:40 - 2011-09-18 13:10 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-17 22:39 - 2012-11-01 18:25 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-17 22:37 - 2013-03-29 14:32 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130750385-2192580418-1621175004-1002UA.job
2016-04-13 01:06 - 2011-05-31 06:08 - 00000000 ____D C:\Users\UpdatusUser
2016-04-13 01:03 - 2011-09-18 01:23 - 00000000 ____D C:\Users\Ludo
2016-04-13 00:42 - 2014-04-09 13:26 - 00000000 __SHD C:\Users\Ludo\AppData\Roaming\{54A890A9-F6AA-636B-C98C-AEBF6368CE18}
2016-04-13 00:42 - 2012-03-08 11:06 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\UX6948867
2016-04-13 00:42 - 2011-10-09 19:00 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\WinRAR
2016-04-13 00:42 - 2011-05-31 06:22 - 00000000 ___HD C:\ExpressGateUtil
2016-04-13 00:41 - 2011-10-29 11:58 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\SoftGrid Client
2016-04-13 00:41 - 2011-09-18 01:23 - 00000000 ___HD C:\ASUS.DAT
2016-04-13 00:40 - 2012-11-19 22:22 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Scan2PDF
2016-04-13 00:40 - 2012-10-15 01:37 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\PhotoFiltre 7
2016-04-13 00:40 - 2012-09-07 00:10 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\FreeBurner
2016-04-13 00:40 - 2012-03-08 16:06 - 00000000 ____D C:\temp
2016-04-13 00:39 - 2013-07-20 19:02 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\St Trond
2016-04-13 00:39 - 2013-05-14 01:25 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\Saint Trond
2016-04-13 00:39 - 2013-04-26 00:13 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Skype
2016-04-13 00:38 - 2014-09-21 18:52 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\Salzburg
2016-04-13 00:38 - 2014-06-03 00:31 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\CP210x_VCP_Windows
2016-04-13 00:38 - 2013-04-10 21:58 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Ad-Aware Antivirus
2016-04-13 00:38 - 2011-01-12 18:03 - 00000000 ____D C:\AsusVibeData
2016-04-13 00:37 - 2016-03-04 01:38 - 00000000 ____D C:\Users\Ludo\Desktop\Sia - 1000 Forms Of Fear (Deluxe Version) - 2015
2016-04-13 00:37 - 2015-06-08 17:37 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\Films
2016-04-13 00:36 - 2016-02-26 23:41 - 00000000 ____D C:\Users\Ludo\Desktop\The Beatles - Good Songs (2015)
2016-04-13 00:36 - 2016-02-24 03:28 - 00000000 ____D C:\Users\Ludo\Desktop\Kinégarde
2016-04-13 00:36 - 2015-08-09 23:52 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Leawo
2016-04-13 00:36 - 2015-08-09 23:52 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\com.leawo.imediago
2016-04-13 00:36 - 2013-04-10 22:10 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\LavasoftStatistics
2016-04-13 00:36 - 2012-10-14 20:02 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\vlc
2016-04-13 00:34 - 2015-05-23 23:05 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Expert PDF 7
2016-04-13 00:34 - 2013-04-07 19:54 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Malwarebytes
2016-04-13 00:34 - 2011-09-18 14:36 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Apple Computer
2016-04-13 00:34 - 2011-09-18 13:01 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Adobe
2016-04-13 00:34 - 2011-05-31 05:43 - 00000000 ____D C:\eSupport
2016-04-13 00:33 - 2016-03-04 02:44 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\Nouveau dossier
2016-04-13 00:33 - 2014-12-16 01:56 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\A Photos & Vidéos & Tout les dossiers a remettre sur le bureau
2016-04-13 00:33 - 2012-02-18 11:18 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\TomTom
2016-04-12 23:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-12 22:28 - 2011-09-18 01:23 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2016-04-11 21:35 - 2016-03-02 02:35 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-11 21:35 - 2011-01-12 17:50 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 20:05 - 2009-08-04 12:03 - 00759774 _____ C:\Windows\system32\perfh00C.dat
2016-04-11 20:05 - 2009-08-04 12:03 - 00154348 _____ C:\Windows\system32\perfc00C.dat
2016-04-11 20:05 - 2009-07-14 07:13 - 01701968 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-11 18:39 - 2011-11-30 18:53 - 00000000 ____D C:\CM save
2016-04-10 19:20 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-04-04 23:29 - 2011-09-18 15:12 - 00000000 ____D C:\Users\Ludo\AppData\Local\CrashDumps
2016-04-04 22:23 - 2011-05-31 06:20 - 00001593 _____ C:\Windows\system32\ServiceFilter.ini
2016-04-01 01:12 - 2011-09-18 01:26 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\Bluetooth Folder
2016-04-01 01:07 - 2011-12-04 22:27 - 00000000 ___SD C:\Users\Ludo\AppData\LocalLow\Temp
2016-03-28 22:39 - 2016-03-11 01:39 - 19384512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-03-28 21:55 - 2012-05-05 10:34 - 00000000 ____D C:\Windows\Minidump
2016-03-28 20:40 - 2011-10-25 22:46 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Fichiers à la racine de certains dossiers =======

2016-04-13 00:36 - 2016-04-13 00:36 - 0012834 _____ () C:\Users\Ludo\AppData\Roaming\# DECRYPT MY FILES #.html
2016-04-13 00:36 - 2016-04-13 00:36 - 0011382 _____ () C:\Users\Ludo\AppData\Roaming\# DECRYPT MY FILES #.txt
2016-04-13 00:36 - 2016-04-13 00:36 - 0000204 _____ () C:\Users\Ludo\AppData\Roaming\# DECRYPT MY FILES #.vbs
1602-05-15 16:07 - 1602-05-15 16:07 - 0071448 _____ () C:\Users\Ludo\AppData\Roaming\batrKjelB_.cerber
2011-05-31 06:33 - 2011-05-31 06:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-01-12 17:48 - 2011-01-12 17:49 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-01-12 17:48 - 2011-01-12 17:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2011-05-31 06:28 - 2011-05-31 06:32 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-05-31 06:32 - 2011-05-31 06:33 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2011-05-31 06:26 - 2011-05-31 06:27 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

Fichiers à déplacer ou supprimer:
====================
C:\Users\Ludo\AppData\Roaming\{54A890A9-F6AA-636B-C98C-AEBF6368CE18}\cacls.exe
C:\Users\Default\# DECRYPT MY FILES #.vbs
C:\Users\Ludo\# DECRYPT MY FILES #.vbs
C:\Users\UpdatusUser\# DECRYPT MY FILES #.vbs


Certains fichiers dans TEMP:
====================
C:\Users\Ludo\AppData\Local\Temp\a.exe


==================== Bamital & volsnap =================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


LastRegBack: 2016-04-13 00:03

==================== Fin de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité