Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Exécuté par xavier (administrateur) sur IPH204XG2 (27-06-2017 13:01:37)
Exécuté depuis C:\Users\xavier\Desktop
Profils chargés: xavier & UpdatusUser (Profils disponibles: xavier & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
(LANDesk Software Ltd.) C:\Windows\SysWOW64\cba\pds.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.569\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
Impossible d'accéder au processus -> rescue-system.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-24] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [LANDeskCustomData] => C:\Program Files (x86)\LANDesk\LDClient\ldcstm32.exe [306448 2013-03-15] (LANDesk Software, Inc. and its affiliates.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Parametres SFR 3G\Parametres SFR 3G
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\Run: [RunSpeed.vbs] => C:\Users\xavier\AppData\Roaming\RunSpeed\RunSpeed.vbs [275 2017-06-24] ()
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\MountPoints2: {3fdbb1da-4b30-11e5-8108-74de2b50a6a2} - F:\AutoRun.exe
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\MountPoints2: {4d29bcba-5c50-11e5-9a3f-d4bed900c13d} - F:\AutoRun.exe
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\MountPoints2: {4d29bcc4-5c50-11e5-9a3f-d4bed900c13d} - F:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-11] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-24] (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-06-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.569\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Serveur réseau.lnk [2015-11-15]
ShortcutTarget: Serveur réseau.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8230ED42-E12F-4A3E-80E0-464F26C27DCA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{960C5638-63B3-4F93-884C-8237393037F1}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{B90CE30B-BD3B-4657-A3EA-0265513103D0}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FB2B43B5-5ACF-432C-8853-8149DFBFDECE}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.fr/
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-06-24] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2013-10-21] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-06-24] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office 2010\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-24] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
FireFox:
========
FF DefaultProfile: gisederw.Xav
FF DefaultProfile: 0r75apk4.default
FF ProfilePath: C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default [2017-06-27]
FF user.js: detected! => C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\user.js [2017-04-08]
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.ftp", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.ftp_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.socks", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.socks_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.ssl", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.ssl_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> ftp", "proxy.upd.edu.ph"
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> ftp_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> http", "proxy.upd.edu.ph"
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> http_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> socks", "proxy.upd.edu.ph"
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> socks_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> ssl", "proxy.upd.edu.ph"
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> ssl_port", 8080
FF Extension: (Tables) - C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\Extensions\378507@extcorp.net.xpi [2017-04-08]
FF Extension: (Avast SafePrice) - C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\Extensions\sp@avast.com.xpi [2017-06-24]
FF Extension: (Avast Online Security) - C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\Extensions\wrc@avast.com.xpi [2017-06-24]
FF Extension: (Adblock Plus) - C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Bitdefender QuickScan) - C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-24]
FF ProfilePath: C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\gisederw.Xav [2017-06-26]
FF ProfilePath: C:\Users\xavier\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\0r75apk4.default [2017-06-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-05-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-05-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\local-settings.js [2013-03-13] <==== ATTENTION (Pointe vers un fichier *.cfg)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\xavier\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Avast SafePrice) - C:\Users\xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-25]
CHR Extension: (Avast Online Security) - C:\Users\xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-25]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16]
CHR Extension: (Chrome Media Router) - C:\Users\xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-24] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-24] (AVAST Software)
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [158936 2013-08-19] (LANDesk Software, Inc. and its affiliates.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] ()
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [203768 2013-03-12] (LANDesk Software, Inc. and its affiliates.)
R2 Intel PDS; C:\Windows\SysWOW64\CBA\pds.exe [32825 2012-10-04] (LANDesk Software Ltd.) [Fichier non signé]
R2 ISSUSER; C:\Program Files (x86)\LANDesk\LDClient\issuser.exe [1192592 2013-05-15] (LANDesk Software, Inc. and its affiliates.)
R2 LANDesk Policy Invoker; C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [243200 2013-07-11] (LANDesk Software, Inc. and its affiliates.) [Fichier non signé]
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [179200 2012-10-04] (LANDesk Software, Inc. and its affiliates.) [Fichier non signé]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.569\McCHSvc.exe [404376 2017-05-25] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2015-08-25] ()
S2 ProcTrigger; C:\Program Files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe [153816 2013-01-18] (LANDesk Software, Inc. and its affiliates.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-21] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-21] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-21] (Symantec Corporation)
R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [639464 2013-06-05] (LANDesk Software, Inc. and its affiliates.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [Fichier non signé]
S2 tracksvc; C:\Program Files (x86)\LANDesk\LDClient\tracksvc.exe [76048 2013-01-18] (LANDesk Software, Inc. and its affiliates.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-18] (Dell Inc.) [Fichier non signé]
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [Fichier non signé]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-06-24] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-06-24] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-06-24] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-06-24] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-06-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-06-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-06-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-06-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-06-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-06-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-06-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-06-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-06-24] (AVAST Software)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20170620.005\BHDrvx64.sys [1862784 2017-05-18] (Symantec Corporation)
S2 BrukerIR; C:\Windows\SysWow64\Drivers\BrukerIR.sys [11776 2013-01-05] () [Fichier non signé]
R1 ccSettings_{9548528D-61AB-41F4-8FDF-91D28B582B7A}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-10-21] (Symantec Corporation)
R2 CISMBIOS; C:\Windows\system32\drivers\cismbios.sys [21336 2012-10-04] (LANDesk Software, Inc. and its affiliates.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-15] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20170621.011\IDSvia64.sys [1012864 2017-05-28] (Symantec Corporation)
S3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [20992 2012-10-04] (LANDesk Software, Inc. and its affiliates.)
R3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2012-10-04] (LANDesk Software, Inc. and its affiliates.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-25] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-26] (Malwarebytes)
R3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [7168 2012-10-04] (LANDesk Software, Inc. and its affiliates.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20170622.008\ENG64.SYS [138880 2017-05-28] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20170622.008\EX64.SYS [2152064 2017-05-28] (Symantec Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-05-11] (NVIDIA Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-21] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-03-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-21] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-21] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2015-03-23] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2013-10-21] (Symantec Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2013-01-05] (WIBU-SYSTEMS AG)
U1 aswbdisk; pas de ImagePath
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Exécuté par xavier (administrateur) sur IPH204XG2 (27-06-2017 13:01:37)
Exécuté depuis C:\Users\xavier\Desktop
Profils chargés: xavier & UpdatusUser (Profils disponibles: xavier & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
(LANDesk Software Ltd.) C:\Windows\SysWOW64\cba\pds.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.569\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
Impossible d'accéder au processus -> rescue-system.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-24] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [LANDeskCustomData] => C:\Program Files (x86)\LANDesk\LDClient\ldcstm32.exe [306448 2013-03-15] (LANDesk Software, Inc. and its affiliates.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Parametres SFR 3G\Parametres SFR 3G
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\Run: [RunSpeed.vbs] => C:\Users\xavier\AppData\Roaming\RunSpeed\RunSpeed.vbs [275 2017-06-24] ()
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\MountPoints2: {3fdbb1da-4b30-11e5-8108-74de2b50a6a2} - F:\AutoRun.exe
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\MountPoints2: {4d29bcba-5c50-11e5-9a3f-d4bed900c13d} - F:\AutoRun.exe
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\...\MountPoints2: {4d29bcc4-5c50-11e5-9a3f-d4bed900c13d} - F:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-11] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-24] (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-06-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.569\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Serveur réseau.lnk [2015-11-15]
ShortcutTarget: Serveur réseau.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8230ED42-E12F-4A3E-80E0-464F26C27DCA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{960C5638-63B3-4F93-884C-8237393037F1}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{B90CE30B-BD3B-4657-A3EA-0265513103D0}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FB2B43B5-5ACF-432C-8853-8149DFBFDECE}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.fr/
HKU\S-1-5-21-2859652213-845612038-2080401675-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-06-24] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2013-10-21] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-06-24] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office 2010\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-24] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
FireFox:
========
FF DefaultProfile: gisederw.Xav
FF DefaultProfile: 0r75apk4.default
FF ProfilePath: C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default [2017-06-27]
FF user.js: detected! => C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\user.js [2017-04-08]
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.ftp", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.ftp_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.socks", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.socks_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.ssl", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> backup.ssl_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> ftp", "proxy.upd.edu.ph"
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> ftp_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> http", "proxy.upd.edu.ph"
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> http_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> socks", "proxy.upd.edu.ph"
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> socks_port", 8080
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> ssl", "proxy.upd.edu.ph"
FF NetworkProxy: Mozilla\Firefox\Profiles\fkx8kew1.default -> ssl_port", 8080
FF Extension: (Tables) - C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\Extensions\378507@extcorp.net.xpi [2017-04-08]
FF Extension: (Avast SafePrice) - C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\Extensions\sp@avast.com.xpi [2017-06-24]
FF Extension: (Avast Online Security) - C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\Extensions\wrc@avast.com.xpi [2017-06-24]
FF Extension: (Adblock Plus) - C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Bitdefender QuickScan) - C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\fkx8kew1.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-24]
FF ProfilePath: C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\gisederw.Xav [2017-06-26]
FF ProfilePath: C:\Users\xavier\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\0r75apk4.default [2017-06-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-05-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-05-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\local-settings.js [2013-03-13] <==== ATTENTION (Pointe vers un fichier *.cfg)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\xavier\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Avast SafePrice) - C:\Users\xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-25]
CHR Extension: (Avast Online Security) - C:\Users\xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-25]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16]
CHR Extension: (Chrome Media Router) - C:\Users\xavier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-24] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-24] (AVAST Software)
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [158936 2013-08-19] (LANDesk Software, Inc. and its affiliates.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] ()
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [203768 2013-03-12] (LANDesk Software, Inc. and its affiliates.)
R2 Intel PDS; C:\Windows\SysWOW64\CBA\pds.exe [32825 2012-10-04] (LANDesk Software Ltd.) [Fichier non signé]
R2 ISSUSER; C:\Program Files (x86)\LANDesk\LDClient\issuser.exe [1192592 2013-05-15] (LANDesk Software, Inc. and its affiliates.)
R2 LANDesk Policy Invoker; C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [243200 2013-07-11] (LANDesk Software, Inc. and its affiliates.) [Fichier non signé]
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [179200 2012-10-04] (LANDesk Software, Inc. and its affiliates.) [Fichier non signé]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.569\McCHSvc.exe [404376 2017-05-25] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2015-08-25] ()
S2 ProcTrigger; C:\Program Files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe [153816 2013-01-18] (LANDesk Software, Inc. and its affiliates.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-21] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-21] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-21] (Symantec Corporation)
R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [639464 2013-06-05] (LANDesk Software, Inc. and its affiliates.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [Fichier non signé]
S2 tracksvc; C:\Program Files (x86)\LANDesk\LDClient\tracksvc.exe [76048 2013-01-18] (LANDesk Software, Inc. and its affiliates.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-18] (Dell Inc.) [Fichier non signé]
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [Fichier non signé]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-06-24] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-06-24] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-06-24] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-06-24] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-06-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-06-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-06-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-06-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-06-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-06-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-06-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-06-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-06-24] (AVAST Software)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20170620.005\BHDrvx64.sys [1862784 2017-05-18] (Symantec Corporation)
S2 BrukerIR; C:\Windows\SysWow64\Drivers\BrukerIR.sys [11776 2013-01-05] () [Fichier non signé]
R1 ccSettings_{9548528D-61AB-41F4-8FDF-91D28B582B7A}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-10-21] (Symantec Corporation)
R2 CISMBIOS; C:\Windows\system32\drivers\cismbios.sys [21336 2012-10-04] (LANDesk Software, Inc. and its affiliates.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-15] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20170621.011\IDSvia64.sys [1012864 2017-05-28] (Symantec Corporation)
S3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [20992 2012-10-04] (LANDesk Software, Inc. and its affiliates.)
R3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2012-10-04] (LANDesk Software, Inc. and its affiliates.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-25] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-26] (Malwarebytes)
R3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [7168 2012-10-04] (LANDesk Software, Inc. and its affiliates.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20170622.008\ENG64.SYS [138880 2017-05-28] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20170622.008\EX64.SYS [2152064 2017-05-28] (Symantec Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-05-11] (NVIDIA Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-21] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-03-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-21] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-21] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2015-03-23] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2013-10-21] (Symantec Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2013-01-05] (WIBU-SYSTEMS AG)
U1 aswbdisk; pas de ImagePath
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)