Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Exécuté par Mylene (administrateur) sur ORDI (09-09-2017 13:56:45)
Exécuté depuis C:\Users\Mylene\Desktop
Profils chargés: Mylene (Profils disponibles: Mylene)
Platform: Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 (X86) Langue: Français (France)
Internet Explorer Version 8 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Windows\System32\PSIService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(Interactive Digital Media) C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4444160 2007-04-25] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509496 2007-05-23] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [577536 2007-04-02] (TOSHIBA)
HKLM\...\Run: [Desktop SMS] => C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-01-19] (Interactive Digital Media)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-04-10] (Chicony)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [861744 2007-04-19] (Synaptics, Inc.)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831576 2016-08-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [413696 2006-11-13] (TOSHIBA)
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2015-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2015-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\...\MountPoints2: {efeaa50d-f2c6-11de-a2ac-001eec05be1f} - D:\dettol.exe
HKU\S-1-5-18\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems)
Startup: C:\Users\Mylene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-10-22]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DC9A3CA2-8B7E-4197-A4C5-437F0BB2B0FC}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F9100758-5121-4C03-9C1B-41EB18693344}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2536498027-1875745652-444619778-1000 -> DefaultScope {765AA8AE-7A4A-4093-8D3B-1CAD90EBF080} URL = hxxp://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
SearchScopes: HKU\S-1-5-21-2536498027-1875745652-444619778-1000 -> Live Search URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-2536498027-1875745652-444619778-1000 -> {765AA8AE-7A4A-4093-8D3B-1CAD90EBF080} URL = hxxp://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
BHO: Aide pour le lien d'Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Pas de nom -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Pas de fichier
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03] (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Mylene\AppData\Roaming\Mozilla\Firefox\Profiles\7th5ylol.default [2017-09-09]
FF user.js: detected! => C:\Users\Mylene\AppData\Roaming\Mozilla\Firefox\Profiles\7th5ylol.default\user.js [2010-06-05]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Mylene\AppData\Roaming\Mozilla\Firefox\Profiles\7th5ylol.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-05-01] [non signé]
FF Extension: (Pas de nom) - C:\Users\Mylene\AppData\Roaming\Mozilla\Firefox\Profiles\7th5ylol.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [non trouvé(e)]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-05] [non signé]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-23] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2011-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2536498027-1875745652-444619778-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Mylene\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-04-12] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-03-12] (Apple Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.fr/","hxxp://www.google.com/"
CHR Profile: C:\Users\Mylene\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Mylene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-08-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [470600 2016-08-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [470600 2016-08-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1253352 2016-08-31] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [Fichier non signé]
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2015-11-02] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Fichier non signé]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes)
R2 Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [114688 2007-05-17] (TOSHIBA Corporation) [Fichier non signé]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [Fichier non signé]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [Fichier non signé]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [115600 2016-08-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140272 2016-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-12-24] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-08-24] ()
S3 ICDUSB2; C:\Windows\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [166848 2017-09-08] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-09-08] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221632 2017-09-09] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [65312 2017-09-08] (Malwarebytes)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [83592 2007-05-02] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [15112 2007-05-02] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [109704 2007-05-02] (MCCI Corporation)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2009-02-06] () [Fichier non signé]
R3 UVCFTR; C:\Windows\System32\DRIVERS\UVCFTR_S.SYS [11264 2007-03-12] (Chicony Electronics Co., Ltd.)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-09-09 13:56 - 2017-09-09 13:58 - 000020103 _____ C:\Users\Mylene\Desktop\FRST.txt
2017-09-09 13:56 - 2017-09-09 13:56 - 000000000 ____D C:\FRST
2017-09-09 13:55 - 2017-09-09 13:55 - 001792512 _____ (Farbar) C:\Users\Mylene\Desktop\FRST.exe
2017-09-09 12:52 - 2017-09-09 12:52 - 000126859 _____ C:\Users\Mylene\Desktop\ZHPDiag2.txt
2017-09-09 12:31 - 2017-09-09 12:31 - 000001569 _____ C:\Users\Mylene\Desktop\Malware 2 Mylene.txt
2017-09-09 12:18 - 2017-09-09 12:18 - 000002610 _____ C:\Users\Mylene\Desktop\AdwCleaner[C0].txt
2017-09-09 12:10 - 2017-09-09 12:24 - 000000000 ____D C:\AdwCleaner
2017-09-09 12:03 - 2017-09-09 12:07 - 000006266 _____ C:\Users\Mylene\Desktop\ZHPCleaner.txt
2017-09-09 11:22 - 2017-09-09 11:23 - 000000719 _____ C:\Users\Mylene\Desktop\ZHPCleaner.lnk
2017-09-08 22:42 - 2017-09-08 22:42 - 000130265 _____ C:\Users\Mylene\Desktop\ZHPDiag01.txt
2017-09-08 21:18 - 2017-09-09 12:42 - 000000000 ____D C:\Users\Mylene\AppData\Roaming\ZHP
2017-09-08 21:18 - 2017-09-09 12:32 - 000000709 _____ C:\Users\Mylene\Desktop\ZHPDiag.lnk
2017-09-08 21:18 - 2017-09-09 11:22 - 000000000 ____D C:\Users\Mylene\AppData\Local\ZHP
2017-09-08 21:14 - 2017-09-08 21:14 - 000003681 _____ C:\Users\Mylene\Desktop\malware mylene.txt
2017-09-08 20:38 - 2017-09-08 20:38 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-08 20:37 - 2017-09-08 20:37 - 000065312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-08 20:36 - 2017-09-09 12:22 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-08 20:36 - 2017-09-08 20:36 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-08 20:34 - 2017-09-08 20:34 - 000001891 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-08 20:34 - 2017-09-08 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-08 20:34 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-09-08 20:32 - 2017-09-08 20:32 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-04 23:20 - 2017-09-04 23:35 - 000000770 _____ C:\Users\Mylene\Documents\MGK mind of.txt
2017-09-04 23:13 - 2017-09-04 23:13 - 000000490 _____ C:\Users\Mylene\Documents\Mind of a stoner.txt
2017-09-04 21:22 - 2017-09-04 21:23 - 000014027 _____ C:\Users\Mylene\Documents\RETOUR ASOS SEPT 2017.pdf
2017-09-04 14:48 - 2017-09-04 15:03 - 000000000 ____D C:\Users\Mylene\Documents\Colopathie 2017
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-09-09 12:21 - 2006-11-02 15:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-09 12:21 - 2006-11-02 14:47 - 000003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-09 12:21 - 2006-11-02 14:47 - 000003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-09 12:20 - 2006-11-02 15:01 - 000032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-08 21:38 - 2010-04-22 16:18 - 000000000 ___RD C:\Users\Mylene\Images
2017-09-08 20:32 - 2010-01-31 16:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-04 22:04 - 2008-04-13 15:11 - 000133632 _____ C:\Users\Mylene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-04 14:50 - 2006-11-02 17:48 - 000683414 _____ C:\Windows\system32\perfh00C.dat
2017-09-04 14:50 - 2006-11-02 17:48 - 000128706 _____ C:\Windows\system32\perfc00C.dat
2017-09-04 14:50 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf
2017-09-04 14:50 - 2006-11-02 12:33 - 001508702 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-04 14:05 - 2008-04-08 17:57 - 000000000 ____D C:\Users\Mylene
2017-09-04 14:01 - 2015-11-02 22:38 - 000000801 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2017-08-23 13:30 - 2017-07-26 18:27 - 000000000 ____D C:\Users\Mylene\Desktop\Remboursement mutuelle 2017
==================== Fichiers à la racine de certains dossiers =======
2010-04-03 08:57 - 2011-03-26 12:02 - 000001184 _____ () C:\Users\Mylene\AppData\Roaming\wklnhst.dat
2010-08-23 14:31 - 2017-01-31 21:20 - 000007268 _____ () C:\Users\Mylene\AppData\Local\d3d9caps.dat
2008-04-13 15:11 - 2017-09-04 22:04 - 000133632 _____ () C:\Users\Mylene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-04 14:28 - 2011-07-10 15:30 - 000000088 __RSH () C:\ProgramData\535E72740E.sys
2011-06-04 14:28 - 2011-07-10 15:31 - 000002828 ___SH () C:\ProgramData\KGyGaAvL.sys
2008-12-21 13:24 - 2013-03-16 13:24 - 000000000 _____ () C:\ProgramData\LauncherAccess.dt
2008-07-09 20:38 - 2008-07-09 20:42 - 000007795 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
Certains fichiers dans TEMP:
====================
2015-10-04 20:34 - 2015-10-14 17:40 - 000000000 ____D () C:\Users\Mylene\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-09-09 12:30
==================== Fin de FRST.txt ============================
Exécuté par Mylene (administrateur) sur ORDI (09-09-2017 13:56:45)
Exécuté depuis C:\Users\Mylene\Desktop
Profils chargés: Mylene (Profils disponibles: Mylene)
Platform: Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 (X86) Langue: Français (France)
Internet Explorer Version 8 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Windows\System32\PSIService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(Interactive Digital Media) C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4444160 2007-04-25] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509496 2007-05-23] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [577536 2007-04-02] (TOSHIBA)
HKLM\...\Run: [Desktop SMS] => C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-01-19] (Interactive Digital Media)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-04-10] (Chicony)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [861744 2007-04-19] (Synaptics, Inc.)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831576 2016-08-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [413696 2006-11-13] (TOSHIBA)
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2015-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2015-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\...\MountPoints2: {efeaa50d-f2c6-11de-a2ac-001eec05be1f} - D:\dettol.exe
HKU\S-1-5-18\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems)
Startup: C:\Users\Mylene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-10-22]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DC9A3CA2-8B7E-4197-A4C5-437F0BB2B0FC}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F9100758-5121-4C03-9C1B-41EB18693344}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-2536498027-1875745652-444619778-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2536498027-1875745652-444619778-1000 -> DefaultScope {765AA8AE-7A4A-4093-8D3B-1CAD90EBF080} URL = hxxp://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
SearchScopes: HKU\S-1-5-21-2536498027-1875745652-444619778-1000 -> Live Search URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-2536498027-1875745652-444619778-1000 -> {765AA8AE-7A4A-4093-8D3B-1CAD90EBF080} URL = hxxp://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
BHO: Aide pour le lien d'Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Pas de nom -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Pas de fichier
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03] (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Mylene\AppData\Roaming\Mozilla\Firefox\Profiles\7th5ylol.default [2017-09-09]
FF user.js: detected! => C:\Users\Mylene\AppData\Roaming\Mozilla\Firefox\Profiles\7th5ylol.default\user.js [2010-06-05]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Mylene\AppData\Roaming\Mozilla\Firefox\Profiles\7th5ylol.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-05-01] [non signé]
FF Extension: (Pas de nom) - C:\Users\Mylene\AppData\Roaming\Mozilla\Firefox\Profiles\7th5ylol.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [non trouvé(e)]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-05] [non signé]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-23] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2011-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2536498027-1875745652-444619778-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Mylene\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-04-12] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-03-12] (Apple Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.fr/","hxxp://www.google.com/"
CHR Profile: C:\Users\Mylene\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Mylene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-08-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [470600 2016-08-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [470600 2016-08-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1253352 2016-08-31] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [Fichier non signé]
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2015-11-02] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Fichier non signé]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes)
R2 Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [114688 2007-05-17] (TOSHIBA Corporation) [Fichier non signé]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [Fichier non signé]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [Fichier non signé]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [115600 2016-08-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140272 2016-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-12-24] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-08-24] ()
S3 ICDUSB2; C:\Windows\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [166848 2017-09-08] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-09-08] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221632 2017-09-09] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [65312 2017-09-08] (Malwarebytes)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [83592 2007-05-02] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [15112 2007-05-02] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [109704 2007-05-02] (MCCI Corporation)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2009-02-06] () [Fichier non signé]
R3 UVCFTR; C:\Windows\System32\DRIVERS\UVCFTR_S.SYS [11264 2007-03-12] (Chicony Electronics Co., Ltd.)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-09-09 13:56 - 2017-09-09 13:58 - 000020103 _____ C:\Users\Mylene\Desktop\FRST.txt
2017-09-09 13:56 - 2017-09-09 13:56 - 000000000 ____D C:\FRST
2017-09-09 13:55 - 2017-09-09 13:55 - 001792512 _____ (Farbar) C:\Users\Mylene\Desktop\FRST.exe
2017-09-09 12:52 - 2017-09-09 12:52 - 000126859 _____ C:\Users\Mylene\Desktop\ZHPDiag2.txt
2017-09-09 12:31 - 2017-09-09 12:31 - 000001569 _____ C:\Users\Mylene\Desktop\Malware 2 Mylene.txt
2017-09-09 12:18 - 2017-09-09 12:18 - 000002610 _____ C:\Users\Mylene\Desktop\AdwCleaner[C0].txt
2017-09-09 12:10 - 2017-09-09 12:24 - 000000000 ____D C:\AdwCleaner
2017-09-09 12:03 - 2017-09-09 12:07 - 000006266 _____ C:\Users\Mylene\Desktop\ZHPCleaner.txt
2017-09-09 11:22 - 2017-09-09 11:23 - 000000719 _____ C:\Users\Mylene\Desktop\ZHPCleaner.lnk
2017-09-08 22:42 - 2017-09-08 22:42 - 000130265 _____ C:\Users\Mylene\Desktop\ZHPDiag01.txt
2017-09-08 21:18 - 2017-09-09 12:42 - 000000000 ____D C:\Users\Mylene\AppData\Roaming\ZHP
2017-09-08 21:18 - 2017-09-09 12:32 - 000000709 _____ C:\Users\Mylene\Desktop\ZHPDiag.lnk
2017-09-08 21:18 - 2017-09-09 11:22 - 000000000 ____D C:\Users\Mylene\AppData\Local\ZHP
2017-09-08 21:14 - 2017-09-08 21:14 - 000003681 _____ C:\Users\Mylene\Desktop\malware mylene.txt
2017-09-08 20:38 - 2017-09-08 20:38 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-08 20:37 - 2017-09-08 20:37 - 000065312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-08 20:36 - 2017-09-09 12:22 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-08 20:36 - 2017-09-08 20:36 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-08 20:34 - 2017-09-08 20:34 - 000001891 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-08 20:34 - 2017-09-08 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-08 20:34 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-09-08 20:32 - 2017-09-08 20:32 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-04 23:20 - 2017-09-04 23:35 - 000000770 _____ C:\Users\Mylene\Documents\MGK mind of.txt
2017-09-04 23:13 - 2017-09-04 23:13 - 000000490 _____ C:\Users\Mylene\Documents\Mind of a stoner.txt
2017-09-04 21:22 - 2017-09-04 21:23 - 000014027 _____ C:\Users\Mylene\Documents\RETOUR ASOS SEPT 2017.pdf
2017-09-04 14:48 - 2017-09-04 15:03 - 000000000 ____D C:\Users\Mylene\Documents\Colopathie 2017
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-09-09 12:21 - 2006-11-02 15:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-09 12:21 - 2006-11-02 14:47 - 000003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-09 12:21 - 2006-11-02 14:47 - 000003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-09 12:20 - 2006-11-02 15:01 - 000032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-08 21:38 - 2010-04-22 16:18 - 000000000 ___RD C:\Users\Mylene\Images
2017-09-08 20:32 - 2010-01-31 16:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-04 22:04 - 2008-04-13 15:11 - 000133632 _____ C:\Users\Mylene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-04 14:50 - 2006-11-02 17:48 - 000683414 _____ C:\Windows\system32\perfh00C.dat
2017-09-04 14:50 - 2006-11-02 17:48 - 000128706 _____ C:\Windows\system32\perfc00C.dat
2017-09-04 14:50 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf
2017-09-04 14:50 - 2006-11-02 12:33 - 001508702 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-04 14:05 - 2008-04-08 17:57 - 000000000 ____D C:\Users\Mylene
2017-09-04 14:01 - 2015-11-02 22:38 - 000000801 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2017-08-23 13:30 - 2017-07-26 18:27 - 000000000 ____D C:\Users\Mylene\Desktop\Remboursement mutuelle 2017
==================== Fichiers à la racine de certains dossiers =======
2010-04-03 08:57 - 2011-03-26 12:02 - 000001184 _____ () C:\Users\Mylene\AppData\Roaming\wklnhst.dat
2010-08-23 14:31 - 2017-01-31 21:20 - 000007268 _____ () C:\Users\Mylene\AppData\Local\d3d9caps.dat
2008-04-13 15:11 - 2017-09-04 22:04 - 000133632 _____ () C:\Users\Mylene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-04 14:28 - 2011-07-10 15:30 - 000000088 __RSH () C:\ProgramData\535E72740E.sys
2011-06-04 14:28 - 2011-07-10 15:31 - 000002828 ___SH () C:\ProgramData\KGyGaAvL.sys
2008-12-21 13:24 - 2013-03-16 13:24 - 000000000 _____ () C:\ProgramData\LauncherAccess.dt
2008-07-09 20:38 - 2008-07-09 20:42 - 000007795 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
Certains fichiers dans TEMP:
====================
2015-10-04 20:34 - 2015-10-14 17:40 - 000000000 ____D () C:\Users\Mylene\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-09-09 12:30
==================== Fin de FRST.txt ============================