Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2016 01 Exécuté par jerôme (administrateur) sur JERÔME-PC (13-06-2016 19:44:07) Exécuté depuis C:\Users\jerôme\Desktop Profils chargés: jerôme & UpdatusUser (Profils disponibles: jerôme & UpdatusUser) Platform: Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X86) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Egis Technology Inc.) C:\Program Files\Acer Bio Protection\CompPtcVUI.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe () C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe (Egis Technology Inc.) C:\Program Files\Acer Bio Protection\BASVC.exe (National Instruments Corporation) C:\Windows\System32\lkads.exe (National Instruments Corporation) C:\Windows\System32\lktsrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (National Instruments Corporation) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation) C:\Windows\System32\nisvcloc.exe () C:\Windows\System32\PnkBstrA.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Piriform Ltd) E:\Téléchargements\CCleaner.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Program Files\RealNetworks\RealDownloader\downloader2.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [] => [X] HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [814608 2016-06-02] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [212000 2016-01-18] (Geek Software GmbH) HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\update\realsched.exe [286960 2016-03-23] (RealNetworks, Inc.) HKLM\...\Run: [RealDownloader] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [712432 2016-02-03] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2066270090-2916732561-56594420-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" HKU\S-1-5-21-2066270090-2916732561-56594420-1000\...\Run: [CCleaner Monitoring] => E:\Téléchargements\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd) HKU\S-1-5-21-2066270090-2916732561-56594420-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter ShellIconOverlayIdentifiers: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.) ShellIconOverlayIdentifiers: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.) ShellIconOverlayIdentifiers: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.) ShellIconOverlayIdentifiers: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-03-23] ShortcutTarget: RealTimes.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{a4cf3164-1cba-4168-9ce2-2a9ea093f944}: [DhcpNameServer] 212.27.40.241 212.27.40.240 Tcpip\..\Interfaces\{c580d05d-aa6c-4b5c-bac0-0f5ce38893aa}: [DhcpNameServer] 192.168.0.254 Internet Explorer: ================== HKU\S-1-5-21-2066270090-2916732561-56594420-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.fr HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2066270090-2916732561-56594420-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U305&ocid=U305DHP&osmkt=fr-fr HKU\S-1-5-21-2066270090-2916732561-56594420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: [S-1-5-21-2066270090-2916732561-56594420-1000] ATTENTION => URLSearchHook par défaut est absent SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2066270090-2916732561-56594420-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2066270090-2916732561-56594420-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-02] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-02] (Oracle Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - Pas de fichier FireFox: ======== FF ProfilePath: C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623 FF DefaultSearchEngine: DuckDuckGo FF Homepage: hxxp://www.msn.com/?pc=U206&ocid=U206DHP&osmkt=fr-fr FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-02] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=18.1.3.100 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2016-03-23] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=18.1.3.100 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2016-03-23] (RealPlayer) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2066270090-2916732561-56594420-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\jerôme\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2066270090-2916732561-56594420-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jerôme\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [Pas de fichier] FF Plugin HKU\S-1-5-21-2066270090-2916732561-56594420-1000: facebook.com/fbDesktopPlugin -> C:\Users\jerôme\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nplv85win32.dll [2007-07-24] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-03-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-03-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-03-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-03-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-03-17] (Apple Inc.) FF SearchPlugin: C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\searchplugins\startpage-http---francais.xml [2016-02-05] FF SearchPlugin: C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\searchplugins\startpage-https---francais.xml [2016-02-05] FF Extension: Pricemetry - First on deals you like - C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\Extensions\contact@pricemetry.com.xpi [2014-10-10] [non signé] FF Extension: Adblock Plus - C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-05] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-02-05] [non signé] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-02-05] [non signé] FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => non trouvé(e) Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=fr-fr CHR StartupUrls: Default -> "hxxp://www.msn.com/fr-fr" CHR DefaultSearchURL: Default -> hxxp://www.smarter.yt CHR Profile: C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04] CHR Extension: (Google Docs) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02] CHR Extension: (Recherche Google) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (RealPlayer Cloud) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\damemajnpodbdjndboidpmfpjlabocje [2015-08-28] CHR Extension: (Google Sheets) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04] CHR Extension: (MSN Homepage) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-07-02] CHR Extension: (Google Docs hors connexion) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Blockulicious) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngglkijfekbhidmchmlfmpkdffmedob [2015-10-15] CHR Extension: (Ashish Mishra) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2015-02-11] CHR Extension: (Ghostery) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-21] CHR Extension: (Test-Quizz) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nigifnelknobgkiciafiblpbaakilpgn [2016-05-19] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (ScriptSafe) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-06-11] CHR Extension: (Gmail) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR HKU\S-1-5-21-2066270090-2916732561-56594420-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-06-02] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [467016 2016-06-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [467016 2016-06-02] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1435704 2016-06-02] (Avira Operations GmbH & Co. KG) S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1807608 2009-08-05] (AuthenTec, Inc.) R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [285176 2016-05-19] (Avira Operations GmbH & Co. KG) R2 BEWConfigSrv; C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe [195536 2012-10-31] () [Fichier non signé] R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 FTRTSVC; C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632 2009-08-03] (France Telecom SA) [Fichier non signé] R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Fichier non signé] R2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.) [Fichier non signé] S3 LkCitadelServer; C:\Windows\system32\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.) R2 lkClassAds; C:\Windows\system32\lkads.exe [42544 2009-06-18] (National Instruments Corporation) R2 lkTimeSync; C:\Windows\system32\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation) R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation) R2 NIDomainService; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation) R2 niSvcLoc; C:\Windows\system32\nisvcloc.exe [13896 2009-06-04] (National Instruments Corporation) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-10-04] () R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-23] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] () S2 RealTimes Desktop Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-23] (RealNetworks, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 HPSLPSVC; C:\Users\jerôme\AppData\Local\Temp\7zS1DB7\hpslpsvc32.dll [X] S2 TomTomHOMEService; "C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe" [X] ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-03-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137240 2016-06-02] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-19] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-06-02] (Avira Operations GmbH & Co. KG) R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [4096 2007-10-23] () [Fichier non signé] S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388848 2016-05-14] (Symantec Corporation) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-04-15] () S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2009-06-15] (Huawei Technologies Co., Ltd.) R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2008-03-12] () [Fichier non signé] S3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [11360 2007-07-12] (National Instruments Corporation) S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [11344 2007-07-12] (National Instruments Corporation) R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [580184 2007-07-18] (National Instruments Corporation) S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [11896 2007-07-18] (National Instruments Corporation) R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [15448 2007-07-10] (National Instruments Corporation) S3 NiViFWK; C:\Windows\System32\drivers\NiViFWKl.sys [11384 2007-07-19] (National Instruments Corporation) S3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [11360 2007-07-19] (National Instruments Corporation) R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [11360 2007-07-19] (National Instruments Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.) R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [44544 2009-08-31] (Nuvoton Technology Corporation) S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG) S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation) S3 nipalfwedl; System32\drivers\nipalfwedl.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-06-13 19:44 - 2016-06-13 19:44 - 00025778 _____ C:\Users\jerôme\Desktop\FRST.txt 2016-06-13 19:43 - 2016-06-13 19:44 - 00000000 ____D C:\FRST 2016-06-13 19:42 - 2016-06-13 19:42 - 01735680 _____ (Farbar) C:\Users\jerôme\Desktop\FRST.exe 2016-06-13 19:41 - 2016-06-13 19:41 - 00089376 _____ C:\Users\jerôme\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-11 12:14 - 2016-06-11 12:14 - 00450947 _____ C:\Users\jerôme\Downloads\Bulletin de paie mai 2016.compressed.pdf 2016-06-10 22:03 - 2016-06-10 22:03 - 00001058 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-06-08 20:18 - 2016-06-08 20:18 - 00012901 _____ C:\Users\jerôme\Downloads\recu_de_participation.pdf 2016-06-08 20:10 - 2016-06-08 20:09 - 00002779 _____ C:\Users\jerôme\Desktop\e-Carte Bleue Caisse d'Epargne.lnk 2016-06-08 20:09 - 2016-06-08 20:09 - 00000000 ____D C:\Program Files\e-Carte Bleue 2016-06-07 19:54 - 2016-06-07 19:54 - 00967670 _____ C:\Users\jerôme\Downloads\3 derniers bulletin de paie.compressed.pdf 2016-06-07 18:53 - 2016-06-07 18:53 - 00406336 _____ C:\Users\jerôme\Downloads\permis de conduite.compressed.pdf 2016-06-05 10:25 - 2016-06-05 10:25 - 00085837 _____ C:\Users\jerôme\Desktop\CV Jérôme version 20.pdf 2016-06-04 09:38 - 2016-06-04 09:53 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2016-06-02 18:57 - 2016-06-10 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-05-28 22:26 - 2016-05-28 22:26 - 01200749 _____ C:\Users\jerôme\Downloads\QuestionnaireDeSuiviAnnuel2016.pdf 2016-05-27 23:15 - 2016-05-27 23:15 - 07728399 _____ C:\Users\jerôme\Downloads\les_reseaux_de_vinci_autoroutes_et_leurs_aires_de_services_-_juillet_2015_0.pdf 2016-05-27 22:03 - 2016-05-27 22:03 - 01463424 _____ (Skype Technologies S.A.) C:\Users\jerôme\Downloads\SkypeSetup (1).exe ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-06-13 19:38 - 2011-08-20 19:39 - 00000000 ____D C:\Users\jerôme\AppData\Roaming\Skype 2016-06-13 18:54 - 2015-08-31 18:01 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e4065d89e885.job 2016-06-13 18:54 - 2015-08-31 18:01 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e4065d26b9dc.job 2016-06-13 18:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf 2016-06-13 18:06 - 2011-02-09 19:10 - 00000000 ____D C:\Windows\Minidump 2016-06-13 18:00 - 2015-10-15 16:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-06-13 17:56 - 2015-07-01 15:42 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-12 22:33 - 2012-11-17 21:24 - 00000000 ____D C:\Users\jerôme\AppData\Roaming\vlc 2016-06-12 21:42 - 2009-07-14 06:34 - 00022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-12 21:42 - 2009-07-14 06:34 - 00022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-12 21:33 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-12 16:56 - 2016-03-23 21:20 - 00000438 ____H C:\Windows\Tasks\Norton Security Scan for jerôme.job 2016-06-11 12:33 - 2016-03-23 19:49 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-11 12:06 - 2010-12-29 21:13 - 01669656 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-11 12:06 - 2009-07-14 10:39 - 00747910 _____ C:\Windows\system32\perfh00C.dat 2016-06-11 12:06 - 2009-07-14 10:39 - 00150402 _____ C:\Windows\system32\perfc00C.dat 2016-06-09 18:53 - 2014-12-01 12:55 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-08 20:09 - 2015-05-09 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Carte Bleue Caisse d'Epargne 2016-06-08 20:09 - 2012-11-01 15:36 - 00000000 ____D C:\Users\jerôme\AppData\Local\Downloaded Installations 2016-06-04 21:56 - 2015-07-01 21:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-06-04 14:41 - 2012-05-03 10:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-06-03 22:43 - 2013-03-12 21:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-06-03 22:43 - 2013-03-12 21:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-06-02 18:57 - 2014-12-09 20:43 - 00000000 ____D C:\ProgramData\Avira 2016-06-02 18:57 - 2014-12-09 20:43 - 00000000 ____D C:\Program Files\Avira 2016-06-02 18:55 - 2014-12-09 20:43 - 00137240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-06-02 18:55 - 2014-12-09 20:43 - 00060088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2016-05-29 21:51 - 2013-01-28 21:15 - 00000000 ___RD C:\Program Files\Skype 2016-05-28 23:02 - 2013-12-29 21:05 - 00002896 _____ C:\Users\jerôme\Desktop\bloc note n°3.txt ==================== Fichiers à la racine de certains dossiers ======= 2011-01-02 17:46 - 2011-01-02 17:52 - 0000095 _____ () C:\Program Files\satsukidecodersettings.ini 2011-01-12 03:00 - 2011-01-12 03:00 - 0146944 _____ () C:\Program Files\Common Files\dsfFLACDecoder.dll 2011-01-12 03:00 - 2011-01-12 03:00 - 0221184 _____ () C:\Program Files\Common Files\dsfFLACEncoder.dll 2011-01-12 03:00 - 2011-01-12 03:00 - 0204800 _____ () C:\Program Files\Common Files\dsfNativeFLACSource.dll 2012-05-11 15:16 - 2012-05-11 15:16 - 0171520 _____ () C:\Program Files\Common Files\dsfOggDemux2.dll 2011-01-12 03:00 - 2011-01-12 03:00 - 0240128 _____ () C:\Program Files\Common Files\dsfVorbisDecoder.dll 2009-07-12 00:08 - 2009-07-12 00:08 - 0001860 _____ () C:\Program Files\Common Files\Microsoft.VC90.CRT.manifest 2011-04-18 23:51 - 2011-04-18 23:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files\Common Files\MSVCP90.dll 2011-04-18 23:51 - 2011-04-18 23:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files\Common Files\MSVCR90.dll 2010-12-16 22:39 - 2010-12-16 22:39 - 0412672 _____ (Google) C:\Program Files\Common Files\vp8decoder.dll 2010-12-16 22:39 - 2010-12-16 22:39 - 0701440 _____ (Google) C:\Program Files\Common Files\vp8encoder.dll 2010-12-16 22:39 - 2010-12-16 22:39 - 0302592 _____ (Google) C:\Program Files\Common Files\webmmux.dll 2010-12-16 22:39 - 2010-12-16 22:39 - 0292352 _____ (Google) C:\Program Files\Common Files\webmsplit.dll 2011-01-12 03:00 - 2011-01-12 03:00 - 0030208 _____ () C:\Program Files\Common Files\wmpinfo.dll 2012-04-19 20:02 - 2012-10-28 22:41 - 0000006 _____ () C:\Program Files\Common Files\WPVersion.txt 2011-10-03 16:40 - 2011-10-03 16:40 - 0000000 _____ () C:\Users\jerôme\AppData\Roaming\KQuqz.txt 2011-10-03 16:40 - 2011-10-10 21:59 - 0045120 _____ () C:\Users\jerôme\AppData\Roaming\localhost 2014-11-29 20:58 - 2014-11-29 20:58 - 0000044 _____ () C:\Users\jerôme\AppData\Roaming\WB.CFG 2011-03-12 19:34 - 1997-01-27 01:00 - 0000002 _____ () C:\Users\jerôme\AppData\Roaming\Microsoft\ArtGalry.cag 2014-12-01 13:55 - 2014-12-01 13:55 - 0000435 _____ () C:\Users\jerôme\AppData\Local\LMIR0001.tmp.bat 2014-12-01 13:55 - 2014-12-01 13:55 - 0000360 _____ () C:\Users\jerôme\AppData\Local\LMIR0001.tmp_r.bat 2015-02-03 18:45 - 2015-02-03 18:45 - 0000410 _____ () C:\Users\jerôme\AppData\Local\LMIR0002.tmp.bat 2015-02-03 18:45 - 2015-02-03 18:45 - 0000335 _____ () C:\Users\jerôme\AppData\Local\LMIR0002.tmp_r.bat 2015-11-16 23:20 - 2015-11-16 23:20 - 0000989 _____ () C:\Users\jerôme\AppData\Local\recently-used.xbel 2011-01-09 21:06 - 2011-01-09 21:06 - 0000017 _____ () C:\Users\jerôme\AppData\Local\resmon.resmoncfg 2012-11-28 12:35 - 2012-11-28 12:35 - 10668037 _____ () C:\Users\jerôme\AppData\Local\SelfExtractible.zip 2014-08-04 10:11 - 2014-08-04 10:11 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-09-16 13:35 - 2015-09-16 13:35 - 0000130 _____ () C:\ProgramData\defraggler_list.txt 2014-08-18 21:44 - 2014-08-18 21:44 - 0005081 _____ () C:\ProgramData\hnbdehzc.pfe 2012-10-28 22:43 - 2012-10-28 22:43 - 0000097 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Fichiers à déplacer ou supprimer: ==================== C:\Users\jerôme\ZHPDiag3.exe Certains fichiers dans TEMP: ==================== C:\Users\jerôme\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2016-06-07 19:17 ==================== Fin de FRST.txt ============================