Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version:16-10-2015 Exécuté par Galvez (administrateur) sur PC-GALVEZ (16-10-2015 19:24:29) Exécuté depuis C:\Users\Galvez\Desktop Profils chargés: Galvez (Profils disponibles: Galvez & Administrateur) Platform: Windows 8 (X64) Langue: Français (France) Internet Explorer Version 10 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\NF.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\TampMon.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\NF.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 5640 series\Bin\HPNetworkCommunicatorCom.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\RunOnce: [Remolepafamot] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Galvez\AppData\Local\4668D7~1\Kehoto.dat" HKU\S-1-5-21-3893194558-318786084-3912438258-1001\...\Run: [HP ENVY 5640 series (NET)] => C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe [3483656 2014-04-24] (Hewlett-Packard Co.) HKU\S-1-5-21-3893194558-318786084-3912438258-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{84CB43D4-116C-4341-8250-9C67F68F9A58}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3893194558-318786084-3912438258-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fr.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDzzzyzzyE0Azz0Ezz0E0DtCyB0B0BtN0D0Tzu0StCtBtBzytN1L2XzutAtFtCtDtFyCtFyEtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCzy0C0C0BtDzzyCtG0BzzzztCtGyCtDtCyBtGtDzz0F0AtGyC0Dzy0E0B0FtC0C0CyBtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyBtCtByE0CzztDtGzytAyC0FtGyE0C0AyEtGzzyDyByEtGtDyByD0A0EyB0F0AyEyDzy0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyByDyC%26cr%3D1492459284%26a%3Dwncy_clu_15_20%26os%3DWindows 8 HKU\S-1-5-21-3893194558-318786084-3912438258-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com URLSearchHook: HKLM-x32 -> Par défaut = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> DefaultScope {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDzzzyzzyE0Azz0Ezz0E0DtCyB0B0BtN0D0Tzu0StCtBtBzytN1L2XzutAtFtCtDtFyCtFyEtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCzy0C0C0BtDzzyCtG0BzzzztCtGyCtDtCyBtGtDzz0F0AtGyC0Dzy0E0B0FtC0C0CyBtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyBtCtByE0CzztDtGzytAyC0FtGyE0C0AyEtGzzyDyByEtGtDyByD0A0EyB0F0AyEyDzy0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyByDyC%26cr%3D1492459284%26a%3Dwncy_clu_15_20%26os%3DWindows 8&p={searchTerms} SearchScopes: HKLM -> {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDzzzyzzyE0Azz0Ezz0E0DtCyB0B0BtN0D0Tzu0StCtBtBzytN1L2XzutAtFtCtDtFyCtFyEtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCzy0C0C0BtDzzyCtG0BzzzztCtGyCtDtCyBtGtDzz0F0AtGyC0Dzy0E0B0FtC0C0CyBtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyBtCtByE0CzztDtGzytAyC0FtGyE0C0AyEtGzzyDyByEtGtDyByD0A0EyB0F0AyEyDzy0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyByDyC%26cr%3D1492459284%26a%3Dwncy_clu_15_20%26os%3DWindows 8&p={searchTerms} SearchScopes: HKU\S-1-5-21-3893194558-318786084-3912438258-1001 -> DefaultScope {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDzzzyzzyE0Azz0Ezz0E0DtCyB0B0BtN0D0Tzu0StCtBtBzytN1L2XzutAtFtCtDtFyCtFyEtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCzy0C0C0BtDzzyCtG0BzzzztCtGyCtDtCyBtGtDzz0F0AtGyC0Dzy0E0B0FtC0C0CyBtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyBtCtByE0CzztDtGzytAyC0FtGyE0C0AyEtGzzyDyByEtGtDyByD0A0EyB0F0AyEyDzy0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyByDyC%26cr%3D1492459284%26a%3Dwncy_clu_15_20%26os%3DWindows 8&p={searchTerms} SearchScopes: HKU\S-1-5-21-3893194558-318786084-3912438258-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-3893194558-318786084-3912438258-1001 -> {E0938EF3-0427-4EBB-A6DE-40EC4E8B5934} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDzzzyzzyE0Azz0Ezz0E0DtCyB0B0BtN0D0Tzu0StCtBtBzytN1L2XzutAtFtCtDtFyCtFyEtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCzy0C0C0BtDzzyCtG0BzzzztCtGyCtDtCyBtGtDzz0F0AtGyC0Dzy0E0B0FtC0C0CyBtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyBtCtByE0CzztDtGzytAyC0FtGyE0C0AyEtGzzyDyByEtGtDyByD0A0EyB0F0AyEyDzy0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyByDyC%26cr%3D1492459284%26a%3Dwncy_clu_15_20%26os%3DWindows 8&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files (x86)\Norton Family\Engine64\3.4.0.43\coIEPlg.dll [2015-08-12] (Symantec Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation) BHO-x32: Sale Charger -> {7a38e53c-e000-41e4-9b5a-47447db81c2b} -> C:\Program Files (x86)\Sale Charger\Extensions\7a38e53c-e000-41e4-9b5a-47447db81c2b.dll => Pas de fichier BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\coIEPlg.dll [2015-08-12] (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-26] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Galvez\AppData\Roaming\Mozilla\Firefox\Profiles\t35dmke6.default FF DefaultSearchEngine: Search Provided by Yahoo FF Homepage: hxxp://www.google.fr/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-26] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Galvez\AppData\Roaming\Mozilla\Firefox\Profiles\t35dmke6.default\user.js [2015-05-14] FF SearchPlugin: C:\Users\Galvez\AppData\Roaming\Mozilla\Firefox\Profiles\t35dmke6.default\searchplugins\search-provided-by-yahoo.xml [2015-05-14] FF Extension: ADB Helper - C:\Users\Galvez\AppData\Roaming\Mozilla\Firefox\Profiles\t35dmke6.default\Extensions\adbhelper@mozilla.org [2015-10-15] FF Extension: Valence - C:\Users\Galvez\AppData\Roaming\Mozilla\Firefox\Profiles\t35dmke6.default\Extensions\fxdevtools-adapters@mozilla.org [2015-09-29] FF Extension: Mozilla Firefox Hotfixer - C:\Users\Galvez\AppData\Roaming\Mozilla\Firefox\Profiles\t35dmke6.default\Extensions\veggy@veggyAddon.com [2015-09-01] FF Extension: Image Hover It - C:\Users\Galvez\AppData\Roaming\Mozilla\Firefox\Profiles\t35dmke6.default\Extensions\{8bf86d10-4043-8a8b-eb7e-6f7888d5a086} [2015-10-12] FF Extension: Image Hover It - C:\Users\Galvez\AppData\Roaming\Mozilla\Firefox\Profiles\t35dmke6.default\Extensions\{c778b950-0c49-574b-0516-3cbd2fd6075b} [2015-10-15] FF Extension: Adblock Plus - C:\Users\Galvez\AppData\Roaming\Mozilla\Firefox\Profiles\t35dmke6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-14] FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFFw FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.4.0.43\coFFFw [2015-10-15] FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn [2015-10-15] Chrome: ======= CHR Profile: C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-14] CHR Extension: (Google Docs) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-14] CHR Extension: (Google Drive) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-14] CHR Extension: (YouTube) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-14] CHR Extension: (Recherche Google) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14] CHR Extension: (Google Sheets) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-14] CHR Extension: (Bookmark Manager) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-14] CHR Extension: (Norton Identity Safe) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-26] CHR Extension: (Protecteur de web – Protection fiable contre l’hameçonnage) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko [2015-07-26] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-14] CHR Extension: (Norton™ Family) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2015-07-26] CHR Extension: (Gmail) - C:\Users\Galvez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-30] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\Extensions\Chrome.crx [2015-08-30] CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbidppmgmdmjgfenjdafcalmciolcehp] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3893194558-318786084-3912438258-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bbidppmgmdmjgfenjdafcalmciolcehp] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-30] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\Extensions\Chrome.crx [2015-08-30] ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe [282016 2015-09-24] (Symantec Corporation) R2 NSM; C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\NF.exe [364416 2015-08-21] (Symantec Corporation) R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2878152 2012-12-21] (Samsung Electronics CO., LTD.) R2 TampMon; C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\TampMon.exe [314680 2015-08-21] (Symantec Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20151008.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605040.018\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation) R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0304000.02B\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20151015.001\IDSvia64.sys [767216 2015-09-23] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151015.016\ENG64.SYS [138488 2015-05-20] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151015.016\EX64.SYS [2146040 2015-05-20] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605040.018\SRTSP64.SYS [930024 2015-09-24] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605040.018\SymELAM.sys [24192 2015-07-11] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605040.018\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605040.018\SYMNETS.SYS [577768 2015-09-24] (Symantec Corporation) R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0304000.02B\SymRdrS.SYS [243416 2015-08-19] (Symantec Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation) S1 tbfd_1_10_0_16; system32\drivers\tbfd_1_10_0_16.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2015-10-16 19:24 - 2015-10-16 19:25 - 00022912 _____ C:\Users\Galvez\Desktop\FRST.txt 2015-10-16 19:22 - 2015-10-16 19:24 - 00000000 ____D C:\FRST 2015-10-16 19:22 - 2015-10-16 19:22 - 02196480 _____ (Farbar) C:\Users\Galvez\Desktop\frst64.exe 2015-10-14 23:45 - 2015-09-29 05:33 - 06971224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-10-14 23:45 - 2015-09-29 04:02 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2015-10-14 23:45 - 2015-09-29 04:02 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2015-10-14 23:45 - 2015-09-29 04:01 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-10-14 23:45 - 2015-09-28 20:31 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2015-10-14 23:45 - 2015-09-28 20:31 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2015-10-14 23:45 - 2015-09-22 19:53 - 01405408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2015-10-14 23:45 - 2015-09-22 19:53 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2015-10-14 23:42 - 2015-10-14 23:42 - 08776392 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2015-10-13 18:39 - 2015-10-13 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-10-05 14:21 - 2015-10-05 14:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security 2015-09-30 16:24 - 2015-09-30 16:24 - 00000000 ____D C:\Users\Galvez\AppData\Local\Samsung 2015-09-24 10:16 - 2015-09-17 23:07 - 00811472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-09-24 10:16 - 2015-09-17 23:07 - 00177616 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-23 09:03 - 2015-09-12 15:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-09-23 09:03 - 2015-09-12 15:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll 2015-09-23 09:03 - 2015-09-12 15:29 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll 2015-09-23 09:03 - 2015-09-12 15:29 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll 2015-09-23 09:03 - 2015-09-12 15:29 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2015-10-16 19:24 - 2014-02-25 00:44 - 00293376 ___SH C:\Users\Galvez\Desktop\Thumbs.db 2015-10-16 19:23 - 2013-03-29 09:02 - 01645925 _____ C:\WINDOWS\WindowsUpdate.log 2015-10-16 19:09 - 2015-05-13 23:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3893194558-318786084-3912438258-1001 2015-10-16 19:04 - 2015-05-14 00:34 - 00000000 ____D C:\Users\Galvez\AppData\Roaming\Skype 2015-10-16 19:04 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru 2015-10-16 19:03 - 2015-05-14 15:54 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-16 13:38 - 2015-07-01 23:12 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-10-16 13:37 - 2015-05-14 15:54 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-15 23:56 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-10-15 23:36 - 2015-08-28 10:05 - 00000000 ____D C:\Users\Galvez\AppData\Local\NPE 2015-10-15 23:29 - 2012-07-26 09:21 - 00077235 _____ C:\WINDOWS\setupact.log 2015-10-15 18:29 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-10-15 18:27 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-10-15 18:11 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2015-10-15 00:02 - 2012-08-05 23:07 - 00168978 _____ C:\WINDOWS\PFRO.log 2015-10-15 00:00 - 2015-05-16 06:50 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-10-14 23:50 - 2015-05-16 06:50 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-10-14 23:44 - 2015-07-01 23:12 - 00003890 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-10-14 23:20 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2015-10-14 23:19 - 2015-05-14 12:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-10-14 23:09 - 2015-07-23 19:49 - 00000000 ____D C:\ProgramData\Norton 2015-10-14 15:21 - 2015-05-14 12:30 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-10-14 15:20 - 2015-05-14 12:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-10-13 18:40 - 2015-05-14 00:34 - 00000000 ____D C:\ProgramData\Skype 2015-10-13 18:39 - 2015-05-14 00:34 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk 2015-10-13 18:39 - 2015-05-14 00:34 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-10-11 09:14 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2015-10-09 08:27 - 2014-05-26 14:50 - 00000147 _____ C:\Users\Galvez\Desktop\Rien ne s'efface..URL 2015-10-09 08:27 - 2014-05-26 14:46 - 00000134 _____ C:\Users\Galvez\Desktop\Présence.URL 2015-10-05 15:29 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache 2015-10-05 15:02 - 2015-07-22 13:32 - 00317760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-10-05 14:58 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData 2015-10-05 14:58 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB 2015-10-05 14:58 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\en-GB 2015-10-05 14:22 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-10-05 14:15 - 2015-07-24 17:04 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2015-10-05 14:15 - 2015-07-24 17:04 - 00002429 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK 2015-10-05 14:15 - 2015-07-24 17:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2015-10-05 14:15 - 2015-07-24 17:02 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64 2015-10-04 08:22 - 2015-05-13 23:50 - 00000000 ____D C:\Users\Galvez\AppData\Local\Packages 2015-10-01 07:06 - 2015-06-15 21:52 - 00000000 ____D C:\Users\Galvez\AppData\Roaming\HpUpdate 2015-09-25 14:23 - 2014-01-05 18:42 - 00000000 ____D C:\Users\Galvez\Documents\NOUS 2015-09-25 07:22 - 2015-05-14 10:50 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-09-18 09:42 - 2015-05-14 11:48 - 00002305 _____ C:\Users\Galvez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-09-18 09:42 - 2014-05-20 15:09 - 00000000 __RDO C:\Users\Galvez\OneDrive 2015-09-17 15:26 - 2015-05-14 15:54 - 00004068 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-17 15:26 - 2015-05-14 15:54 - 00003832 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Fichiers à la racine de certains dossiers ======= 2015-06-28 18:12 - 2015-07-17 07:12 - 0000103 _____ () C:\Users\Galvez\AppData\Roaming\WB.CFG 2015-06-15 21:50 - 2015-06-15 21:50 - 0000057 _____ () C:\ProgramData\Ament.ini Certains fichiers dans TEMP: ==================== C:\Users\Galvez\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement C:\WINDOWS\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2015-10-08 14:30 ==================== Fin de FRST.txt ============================