Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016 02 Exécuté par Zéro-PC (administrateur) sur MON-PC (31-05-2016 16:13:32) Exécuté depuis C:\Users\Zéro-PC\Desktop Profils chargés: Zéro-PC (Profils disponibles: Zéro-PC) Platform: Microsoft Windows 8 Professionnel N (X86) Langue: Français (France) Internet Explorer Version 10 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Atheros Communications, Inc.) C:\Program Files\Jumpstart\jswpbapi.exe () C:\Program Files\Wi-Fi\WiFiGxSvc.exe (VMware, Inc.) C:\Windows\System32\vmnat.exe (VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe (SecureMix LLC) C:\Program Files\GlassWire\GWCtlSrv.exe () C:\Program Files\ThinkSky\iTools 3\iToolsDaemon.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Atheros Communications, Inc.) C:\Program Files\Jumpstart\jswtrayutil.exe (VMware, Inc.) C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (SecureMix LLC) C:\Program Files\GlassWire\GlassWire.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (NirSoft) C:\Users\Zéro-PC\Desktop\WifiInfoView.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [jswtrayutil] => C:\Program Files\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.) HKLM\...\Run: [vmware-tray.exe] => C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [112856 2014-06-12] (VMware, Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [284536 2011-06-22] (Alps Electric Co., Ltd.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.) HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2015-12-16] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.) HKLM\...\Run: [PD-Proxy] => C:\Users\Zéro-PC\Desktop\PD-Proxy_2.2.0\PD-Launcher.exe HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [ModemListener] => C:\Program Files\HSPA USB MODEM\ModemListener.exe [98304 2010-05-28] () HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-28] (AVAST Software) HKLM\...\Run: [Qsocial] => "C:\Program Files\QSocial\" /auto HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3911248 2015-10-21] (Tonec Inc.) HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\Run: [Qsocial] => "C:\Program Files\QSocial\QSocial.exe" /auto HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\Run: [GlassWire] => C:\Program Files\GlassWire\glasswire.exe [5507584 2016-05-06] (SecureMix LLC) HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\MountPoints2: {1abec500-0702-11e6-a377-d8d38524423c} - "G:\.\Setup.exe" AUTORUN=1 HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\MountPoints2: {9b05a8fc-9098-11e5-a2cd-002713c22b14} - "G:\AutoRun.exe" HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\MountPoints2: {9b05a909-9098-11e5-a2cd-002713c22b14} - "G:\AutoRun.exe" HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\MountPoints2: {a67c1a90-8ae6-11e5-a2c8-d8d38524423c} - "G:\autorun.exe" HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\MountPoints2: {cf3bc854-bcb9-11e5-a315-d8d38524423c} - "G:\AutoRun.exe" HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\MountPoints2: {de805270-aa59-11e5-a2e9-d8d38524423c} - "H:\LGAutoRun.exe" ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-28] (AVAST Software) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices. Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{039C52C6-6BD0-430C-BC2F-BD1F5BF987FB}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{2873DDE6-C1A4-495F-AB1F-FA9EB852364A}: [DhcpNameServer] 105.73.0.4 41.137.33.25 Tcpip\..\Interfaces\{2AE97DF5-CCA7-496A-93EC-B17BDC5FD166}: [DhcpNameServer] 105.73.0.3 41.137.33.25 Tcpip\..\Interfaces\{738ED96D-FDA2-4DD5-BD1D-2685F124783C}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B048E8A9-BAD5-4D3A-A6D7-27721D9778B4}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\S-1-5-21-493461314-785661750-2614819641-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-493461314-785661750-2614819641-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\S-1-5-21-493461314-785661750-2614819641-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-02-08] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-12] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation) BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2015-11-22] (iTools.hk) Toolbar: HKU\S-1-5-21-493461314-785661750-2614819641-1001 -> Pas de nom - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - Pas de fichier FireFox: ======== FF ProfilePath: C:\Users\Zéro-PC\AppData\Roaming\Mozilla\Firefox\Profiles\yj59wr6h.default FF NetworkProxy: "no_proxies_on", "*.local" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2010-01-08] (Google, Inc.) FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files\ThinkSky\iTools 3\Extensions\npiTools.dll [2015-11-22] () FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2016-02-08] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-28] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-28] FF HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-11-09] FF HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Zéro-PC\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Zéro-PC\AppData\Roaming\IDM\idmmzcc5 [2016-05-31] [non signé] FF HKU\S-1-5-21-493461314-785661750-2614819641-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi Chrome: ======= CHR Profile: C:\Users\Zéro-PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avast SafePrice) - C:\Users\Zéro-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-04-28] CHR Extension: (Avast Online Security) - C:\Users\Zéro-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-03] CHR Extension: (IDM Integration Module) - C:\Users\Zéro-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-05-04] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Zéro-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-12] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-12] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10] ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-28] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-05-28] (AVAST Software) R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2009-11-17] () [Fichier non signé] R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-12-16] (Freemake) [Fichier non signé] R2 GlassWire; C:\Program Files\GlassWire\GWCtlSrv.exe [4339712 2016-05-06] (SecureMix LLC) R2 jswpbapi; C:\Program Files\Jumpstart\jswpbapi.exe [188416 2008-09-26] (Atheros Communications, Inc.) [Fichier non signé] S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [Fichier non signé] R2 MyWiFiRouterDHCP; C:\Program Files\Wi-Fi\WiFiGxSvc.exe [47464 2014-11-18] () R2 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.) R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [359128 2014-06-12] (VMware, Inc.) R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-02-27] (VMware, Inc.) R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437976 2014-06-12] (VMware, Inc.) S2 VMwareHostd; C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-26] (Microsoft Corporation) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-28] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-28] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-28] (AVAST Software) R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [334776 2016-05-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-05-28] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-28] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-28] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-28] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-05-28] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-05-28] (AVAST Software) S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47656 2010-03-01] (Broadcom Corporation.) R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [27448 2015-05-29] (SecureMix LLC) R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43840 2014-02-27] (VMware, Inc.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-01-28] (REALiX(tm)) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.) S3 netr28u; C:\Windows\system32\DRIVERS\netr28u.sys [1839000 2015-09-16] (MediaTek Inc.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 RTL8187; C:\Windows\system32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation ) S3 SA760V32; C:\Windows\system32\DRIVERS\WlanUZAG.sys [873472 2008-03-10] (Atheros Communications, Inc.) S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [50688 2005-08-10] (Protection Technology) [Fichier non signé] R0 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [Fichier non signé] S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [19968 2005-08-10] (Protection Technology) [Fichier non signé] S0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [66048 2005-09-29] (Protection Technology) [Fichier non signé] R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [23040 2015-11-06] (The OpenVPN Project) R3 taphss; C:\Windows\system32\DRIVERS\taphss.sys [32768 2011-07-26] (AnchorFree Inc) R1 txwifinat; C:\Windows\system32\DRIVERS\txwifinat.sys [31152 2014-12-01] (Nanjing Tongxiang Network Technology Co.,LTD) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [15872 2012-07-26] (Microsoft Corporation) S3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [17104 2014-06-12] (VMware, Inc.) R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [37456 2014-06-12] (VMware, Inc.) R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26968 2014-06-12] (VMware, Inc.) S3 vmusb; C:\Windows\System32\drivers\vmusb.sys [42688 2014-02-27] (VMware, Inc.) R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [66136 2014-06-12] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys [23632 2013-02-22] (VMware, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [28072 2012-07-26] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [199920 2012-07-26] (Microsoft Corporation) S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)