cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016
Exécuté par user (administrateur) sur BUREAU (17-05-2016 21:53:40)
Exécuté depuis C:\Users\user\Downloads
Profils chargés: user (Profils disponibles: user)
Platform: Windows 10 Enterprise Version 1511 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2955922507-2666424734-2459421253-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2955922507-2666424734-2459421253-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2955922507-2666424734-2459421253-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2955922507-2666424734-2459421253-1001\...\Run: [Chromium] => "c:\users\user\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-2955922507-2666424734-2459421253-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241
Tcpip\..\Interfaces\{fc774dd4-22d8-4439-a3c2-a0ae8e3e77e5}: [DhcpNameServer] 212.27.40.240 212.27.40.241

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_16¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0DtB0DtC0DyDyCyCyC0AtN0D0Tzu0StCyDyBtBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0B0CyE0EyCtA0EtGtB0AyEzztGyCyB0CtAtGtDyCzzyBtGyDtDyD0EyD0DtDzyyE0B0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtD0E0FtB0D0DzztG0Czz0AzztGyE0DyBtCtGzyzz0D0EtGtAyEtCtCtC0FyB0A0FyEtA0D2QtN0A0LzuyE%26cr%3D964119585%26a%3Dwncy_mdaffmarmarie_16_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_16¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0DtB0DtC0DyDyCyCyC0AtN0D0Tzu0StCyDyBtBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0B0CyE0EyCtA0EtGtB0AyEzztGyCyB0CtAtGtDyCzzyBtGyDtDyD0EyD0DtDzyyE0B0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtD0E0FtB0D0DzztG0Czz0AzztGyE0DyBtCtGzyzz0D0EtGtAyEtCtCtC0FyB0A0FyEtA0D2QtN0A0LzuyE%26cr%3D964119585%26a%3Dwncy_mdaffmarmarie_16_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
HKU\S-1-5-21-2955922507-2666424734-2459421253-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_16¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0DtB0DtC0DyDyCyCyC0AtN0D0Tzu0StCyDyBtBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0B0CyE0EyCtA0EtGtB0AyEzztGyCyB0CtAtGtDyCzzyBtGyDtDyD0EyD0DtDzyyE0B0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtD0E0FtB0D0DzztG0Czz0AzztGyE0DyBtCtGzyzz0D0EtGtAyEtCtCtC0FyB0A0FyEtA0D2QtN0A0LzuyE%26cr%3D964119585%26a%3Dwncy_mdaffmarmarie_16_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0DtB0DtC0DyDyCyCyC0AtN0D0Tzu0StCyDyBtBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0B0CyE0EyCtA0EtGtB0AyEzztGyCyB0CtAtGtDyCzzyBtGyDtDyD0EyD0DtDzyyE0B0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtD0E0FtB0D0DzztG0Czz0AzztGyE0DyBtCtGzyzz0D0EtGtAyEtCtCtC0FyB0A0FyEtA0D2QtN0A0LzuyE%26cr%3D964119585%26a%3Dwncy_mdaffmarmarie_16_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0DtB0DtC0DyDyCyCyC0AtN0D0Tzu0StCyDyBtBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0B0CyE0EyCtA0EtGtB0AyEzztGyCyB0CtAtGtDyCzzyBtGyDtDyD0EyD0DtDzyyE0B0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtD0E0FtB0D0DzztG0Czz0AzztGyE0DyBtCtGzyzz0D0EtGtAyEtCtCtC0FyB0A0FyEtA0D2QtN0A0LzuyE%26cr%3D964119585%26a%3Dwncy_mdaffmarmarie_16_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2955922507-2666424734-2459421253-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0DtB0DtC0DyDyCyCyC0AtN0D0Tzu0StCyDyBtBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0B0CyE0EyCtA0EtGtB0AyEzztGyCyB0CtAtGtDyCzzyBtGyDtDyD0EyD0DtDzyyE0B0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtD0E0FtB0D0DzztG0Czz0AzztGyE0DyBtCtGzyzz0D0EtGtAyEtCtCtC0FyB0A0FyEtA0D2QtN0A0LzuyE%26cr%3D964119585%26a%3Dwncy_mdaffmarmarie_16_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2955922507-2666424734-2459421253-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0C0A0E0CyD0DtB0DtC0DyDyCyCyC0AtN0D0Tzu0StCyDyBtBtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0B0CyE0EyCtA0EtGtB0AyEzztGyCyB0CtAtGtDyCzzyBtGyDtDyD0EyD0DtDzyyE0B0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtD0E0FtB0D0DzztG0Czz0AzztGyE0DyBtCtGzyzz0D0EtGtAyEtCtCtC0FyB0A0FyEtA0D2QtN0A0LzuyE%26cr%3D964119585%26a%3Dwncy_mdaffmarmarie_16_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-04-28]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-21]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Recherche Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-21]
CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-28]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09]
CHR Extension: (Google Docs hors connexion) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-22]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-22]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2955922507-2666424734-2459421253-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Avec liste blanche) ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Pilotes (Avec liste blanche) ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-04-28] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [927640 2016-04-28] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\system32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
R3 NETJME; C:\Windows\System32\drivers\NETJME.sys [137728 2015-10-30] (JMicron Technology Corp.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-05-17 21:53 - 2016-05-17 21:54 - 00017935 _____ C:\Users\user\Downloads\FRST.txt
2016-05-17 21:51 - 2016-05-17 21:53 - 00000000 ____D C:\FRST
2016-05-17 21:51 - 2016-05-17 21:51 - 02382336 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2016-05-17 21:51 - 2016-05-17 21:51 - 01733120 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2016-05-17 21:37 - 2016-05-17 21:37 - 02207232 _____ C:\Users\user\Downloads\ZHPDiag3.exe
2016-05-17 21:30 - 2016-05-17 21:31 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2016-05-17 21:30 - 2016-05-17 21:30 - 03521617 _____ (Nicolas Coolman ) C:\Users\user\Downloads\ZHPFix.exe
2016-05-17 21:30 - 2016-05-17 21:30 - 00001922 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-05-17 21:30 - 2016-05-17 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-05-17 21:13 - 2016-05-17 21:13 - 02207232 _____ C:\Users\user\ZHPDiag3.exe
2016-05-17 21:11 - 2016-05-17 21:11 - 00000000 ___HD C:\OneDriveTemp
2016-05-16 23:02 - 2016-05-16 23:02 - 05658358 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2016-05-16 22:25 - 2016-05-16 22:26 - 04503623 _____ C:\Users\user\Downloads\1897413_696081827105388_1521675270_n.mp4
2016-05-16 22:25 - 2016-05-16 22:25 - 03095421 _____ C:\Users\user\Downloads\facebook-album-132690520111191.zip
2016-05-16 22:19 - 2016-05-16 22:19 - 02225167 _____ C:\Users\user\Downloads\facebook-album-349124355134472.zip
2016-05-16 22:18 - 2016-05-16 22:19 - 12277207 _____ C:\Users\user\Downloads\facebook-album-190258107687765.zip
2016-05-16 22:01 - 2016-05-16 22:01 - 00919282 _____ C:\Users\user\Downloads\facebook-album-366082143438693.zip
2016-05-16 22:00 - 2016-05-16 22:00 - 01507637 _____ C:\Users\user\Downloads\facebook-album-475436965836543.zip
2016-05-16 21:58 - 2016-05-16 21:58 - 02880294 _____ C:\Users\user\Downloads\facebook-album-241832545863654.zip
2016-05-16 21:57 - 2016-05-16 21:58 - 01798365 _____ C:\Users\user\Downloads\facebook-album-176522809061295.zip
2016-05-16 21:44 - 2016-05-16 21:44 - 01466594 _____ C:\Users\user\Downloads\facebook-album-133534856693424.zip
2016-05-16 21:44 - 2016-05-16 21:44 - 00589437 _____ C:\Users\user\Downloads\facebook-album-164036546976588.zip
2016-05-16 21:42 - 2016-05-16 21:42 - 00959247 _____ C:\Users\user\Downloads\facebook-album-120053864708190.zip
2016-05-16 21:15 - 2016-05-16 21:16 - 00491616 _____ C:\Users\user\Downloads\facebook-album-106365336077043.zip
2016-05-15 02:38 - 2016-05-15 02:38 - 00000043 _____ C:\Users\user\AppData\Roaming\WB.CFG
2016-05-09 23:21 - 2016-05-09 23:21 - 00366518 _____ C:\Users\user\Documents\RELEVE M1 S1.oxps
2016-05-09 23:21 - 2016-05-09 23:21 - 00123027 _____ C:\Users\user\Documents\Relevés de notes.pdf
2016-05-09 23:20 - 2016-05-09 23:20 - 00256875 _____ C:\Users\user\Documents\Lettre de motivation Marjorie ROMAN.pdf
2016-05-09 11:20 - 2016-05-09 11:20 - 00207447 _____ C:\Users\user\Documents\Attestation 09-05-2016.pdf
2016-05-09 10:47 - 2016-05-09 10:47 - 00091984 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-08 21:13 - 2016-05-08 21:13 - 00995248 _____ ( ) C:\Users\user\Downloads\HDVideoPlayer.exe
2016-05-07 10:28 - 2016-05-17 21:38 - 00000000 ____D C:\Users\user\AppData\Roaming\ZHP
2016-05-07 10:28 - 2016-05-17 21:13 - 00000763 _____ C:\Users\user\Desktop\ZHPDiag.lnk
2016-05-05 09:19 - 2016-05-05 09:19 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-05-05 09:19 - 2016-05-05 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-05 09:19 - 2016-05-05 09:19 - 00000000 ____D C:\Program Files\iTunes
2016-05-05 09:19 - 2016-05-05 09:19 - 00000000 ____D C:\Program Files\iPod
2016-05-05 09:19 - 2016-05-05 09:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-05 09:18 - 2016-05-05 09:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-05-05 09:17 - 2016-05-05 09:17 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-05 09:17 - 2016-05-05 09:17 - 00000000 ____D C:\Program Files\Bonjour
2016-05-05 09:17 - 2016-05-05 09:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-05-05 09:17 - 2016-05-05 09:17 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-05 09:14 - 2016-05-05 09:16 - 169713992 _____ (Apple Inc.) C:\Users\user\Downloads\iTunes6464Setup (1).exe
2016-05-04 19:10 - 2016-05-04 19:14 - 00000000 ____D C:\Users\user\Desktop\musique
2016-04-29 19:12 - 2016-04-29 19:12 - 00174484 _____ C:\Users\user\Documents\attestation (2).pdf
2016-04-28 19:52 - 2016-04-28 19:52 - 00002162 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2016-04-28 19:52 - 2016-04-28 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-04-28 19:51 - 2016-05-17 21:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-28 19:51 - 2016-04-28 19:51 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-04-28 19:51 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-04-28 19:50 - 2016-04-28 20:00 - 00927640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-04-28 19:50 - 2015-12-08 01:24 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-04-28 19:50 - 2015-12-08 01:24 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-04-28 19:46 - 2016-04-28 19:47 - 01933320 _____ (Kaspersky Lab) C:\Users\user\Downloads\kav16.0.0.614abcdfr_9986.exe
2016-04-24 17:55 - 2016-05-16 21:28 - 00000000 ____D C:\Users\user\Documents\MARJORIE
2016-04-24 17:55 - 2016-04-24 17:55 - 00101399 _____ C:\Users\user\Documents\AVIS SITUATION DECLARATIVE 2015.pdf
2016-04-24 17:33 - 2016-04-24 17:33 - 00000000 ___RD C:\Users\user\Documents\iCloudDrive
2016-04-21 21:49 - 2016-04-21 21:49 - 00001228 _____ C:\Users\Public\Desktop\MediaPlayAir.lnk
2016-04-21 21:49 - 2016-04-21 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaPlayAir
2016-04-21 21:49 - 2016-04-21 21:49 - 00000000 ____D C:\Program Files (x86)\MediaPlayAir
2016-04-21 21:44 - 2016-04-21 21:44 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-04-21 21:44 - 2016-04-21 21:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-21 21:44 - 2016-04-21 21:44 - 00000000 ____D C:\Program Files\MSBuild
2016-04-21 21:44 - 2016-04-21 21:44 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-21 21:42 - 2016-04-21 21:42 - 00000000 ____D C:\Users\user\Documents\PC Speed Maximizer
2016-04-21 21:41 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-04-21 21:41 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-04-21 21:41 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-04-21 21:41 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-04-21 21:41 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-04-21 21:41 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-04-21 21:38 - 2016-05-17 21:38 - 00000284 _____ C:\WINDOWS\Tasks\{5DC21156-50E6-C400-3C03-5E2831B48C24}.job
2016-04-21 21:38 - 2016-05-16 22:28 - 00000000 ____D C:\Users\user\AppData\Roaming\PriceFountainUpdateVer
2016-04-21 21:38 - 2016-05-05 09:26 - 00000000 ____D C:\Users\user\AppData\Local\Chromium
2016-04-21 21:37 - 2016-04-28 20:06 - 00000000 ____D C:\Users\user\AppData\Local\MuttsDisinclining
2016-04-21 21:37 - 2016-04-21 21:37 - 05933558 _____ (MediaPlayAir ) C:\Users\user\Downloads\FlashPlayerPro [1].exe
2016-04-21 21:37 - 2016-04-21 21:37 - 00003516 _____ C:\WINDOWS\System32\Tasks\userMuttsDisincliningV2
2016-04-21 21:37 - 2016-04-21 21:37 - 00001946 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amazon.fr .lnk
2016-04-21 21:37 - 2016-04-21 21:37 - 00001934 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booking .lnk
2016-04-21 21:37 - 2016-04-21 21:37 - 00000376 __RSH C:\ProgramData\ntuser.pol
2016-04-21 21:37 - 2016-04-21 21:37 - 00000297 _____ C:\Users\user\Desktop\amazon.fr.URL
2016-04-21 21:37 - 2016-04-21 21:37 - 00000291 _____ C:\Users\user\Desktop\Booking.URL
2016-04-21 21:36 - 2016-04-21 21:36 - 01006672 _____ ( ) C:\Users\user\Downloads\FlashPlayerPro.exe

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-05-17 21:31 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-17 21:30 - 2015-03-09 21:16 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-17 21:26 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-17 21:11 - 2016-01-19 17:31 - 00000000 ___RD C:\Users\user\OneDrive
2016-05-17 21:11 - 2015-12-09 13:53 - 00000000 ___RD C:\Users\user\iCloudDrive
2016-05-17 21:11 - 2015-03-09 21:16 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-16 23:04 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-16 22:40 - 2016-01-26 18:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-16 22:39 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-16 22:29 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-16 21:19 - 2015-03-15 14:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-16 21:05 - 2015-03-15 14:22 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-16 19:36 - 2016-01-26 18:17 - 01848398 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-16 19:36 - 2015-10-30 21:00 - 00825500 _____ C:\WINDOWS\system32\perfh00C.dat
2016-05-16 19:36 - 2015-10-30 21:00 - 00155764 _____ C:\WINDOWS\system32\perfc00C.dat
2016-05-16 19:36 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-16 19:35 - 2015-05-26 17:12 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{35145044-2B6E-46EF-8C17-137B4005F257}
2016-05-15 02:31 - 2016-03-15 14:23 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-15 02:31 - 2015-03-09 21:17 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-15 02:31 - 2015-03-09 21:17 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-15 02:30 - 2016-03-15 14:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-15 02:25 - 2015-03-09 21:16 - 00004148 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-15 02:25 - 2015-03-09 21:16 - 00003916 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-15 02:17 - 2015-03-09 20:12 - 00000000 ____D C:\ProgramData\ProductData
2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-05 09:19 - 2015-12-09 13:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-05 09:16 - 2015-12-09 13:37 - 00000000 ____D C:\ProgramData\Apple
2016-05-05 09:16 - 2015-03-09 20:09 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-04-28 20:00 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2016-04-28 19:51 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-28 19:50 - 2013-08-22 15:36 - 00000000 ____D C:\Users\Default.migrated
2016-04-27 20:48 - 2016-01-26 18:30 - 00002444 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-25 00:35 - 2014-01-22 08:52 - 00221824 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-04-25 00:35 - 2014-01-22 08:52 - 00129152 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-04-24 17:34 - 2015-12-01 13:22 - 00000000 ____D C:\Users\user\Documents\yahouni nassim
2016-04-22 22:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-22 21:25 - 2015-10-05 21:45 - 00000000 ____D C:\Users\user\Documents\DCIM
2016-04-22 09:57 - 2015-03-09 21:25 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-21 21:44 - 2015-03-09 21:18 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-21 21:37 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-21 21:37 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-18 19:47 - 2016-01-26 17:55 - 00352928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-17 22:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-17 22:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-17 22:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-17 22:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr

==================== Fichiers à la racine de certains dossiers =======

2016-05-15 02:38 - 2016-05-15 02:38 - 0000043 _____ () C:\Users\user\AppData\Roaming\WB.CFG

Fichiers à déplacer ou supprimer:
====================
C:\Users\user\ZHPDiag3.exe
C:\Windows\Tasks\{5DC21156-50E6-C400-3C03-5E2831B48C24}.job


==================== Bamital & volsnap =================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


LastRegBack: 2016-05-16 21:03

==================== Fin de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité