Publicité

Commentaire : Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version:10-04-2016 01 Exécuté par sara (administrateur) sur SARA-PC (12-04-2016 21:50:30) Exécuté depuis C:\Users\sara\Downloads Profils chargés: sara (Profils disponibles: sara & Invité) Platform: Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\ProgramData\DatacardService\HWDeviceService.exe () C:\ProgramData\Internet Mobile\OnlineUpdate\ouc.exe (CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Modem HDM EC156\OnlineUpdate\ouc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe () C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe () C:\Users\sara\AppData\Roaming\DRPSu\DrvUpdater.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Microsoft Corporation) C:\Program Files\Microsoft Reference\Bibliorom Larousse 2.0\QShlf2f.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10967656 2012-02-22] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-14] (AVAST Software) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\QTTask.exe [421888 2015-06-17] (Apple Inc.) HKLM\...\Run: [autodetect] => C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe [129872 2010-11-24] () HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\Run: [DrvUpdater] => C:\Users\sara\AppData\Roaming\DRPSu\DrvUpdater.exe [195256 2012-12-23] () HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\Run: [TornTv Downloader] => C:\Users\sara\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\Run: [Infigo] => C:\Program Files\Infigo\Infigo.exe onrun HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\Run: [VideoBox] => C:\Users\sara\AppData\Roaming\Baidu\VideoBox\VideoBox.exe --minimize HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\RunOnce: [l74k2h7ys42ldd] => C:\Users\sara\l74k2h7ys42ldd\92964.vbs [147 2014-03-30] () HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {0ed38f2e-6d88-11e5-bf9c-1867b0887ce2} - F:\Windows/AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {10c1ed7e-d48a-11e5-8404-1867b0887ce2} - F:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {2b59be45-9653-11e3-b39e-001e101f7fb6} - F:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {37265e5f-54fc-11e3-95dc-1867b0887ce2} - F:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {608f70da-a1fa-11e3-a669-001e101fb4df} - F:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {608f70ee-a1fa-11e3-a669-001e101fb4df} - F:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {794bb9e3-cbe0-11e4-ba6e-1867b0887ce2} - I:\LGAutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {7e1e067f-5213-11e3-b0cc-1867b0887ce2} - F:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {870187a9-4e63-11e3-9fab-1867b0887ce2} - I:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {93c551ad-54db-11e3-9af5-1867b0887ce2} - F:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {ac4b3608-a771-11e3-a4ad-001e101faa49} - F:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {b7839a01-54d1-11e3-9c9a-1867b0887ce2} - F:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {ebe9e162-d989-11e5-bfb9-1867b0887ce2} - F:\AutoRun.exe HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\MountPoints2: {ebe9e164-d989-11e5-bfb9-1867b0887ce2} - F:\AutoRun.exe HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\safetynut\x64\safetycrt.dll ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-20] (AVAST Software) Startup: C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QuickShelf Fr.lnk [2014-10-13] ShortcutTarget: QuickShelf Fr.lnk -> C:\Program Files\Microsoft Reference\Bibliorom Larousse 2.0\QShlf2f.exe (Microsoft Corporation) Startup: C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk [2016-04-11] ShortcutTarget: start.lnk -> C:\Users\sara\l74k2h7ys42ldd\92964.vbs () Startup: C:\Users\sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-11-01] ShortcutTarget: TornTvDownloader.lnk -> C:\Users\sara\AppData\Roaming\TornTV.com\TornTV Downloader.exe (Pas de fichier) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{AA8C01D5-5A51-4490-9DEB-E4BF35E86E9A}: [NameServer] 192.168.50.58 192.168.60.55 Tcpip\..\Interfaces\{EC23B96F-CEF5-42BE-95FC-D65EB5039D0C}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://search.gboxapp.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1414853111&from=ild&uid=WDCXWD3200BPVT-35JJ5T0_WD-WXB1A430128101281&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1414853111&from=ild&uid=WDCXWD3200BPVT-35JJ5T0_WD-WXB1A430128101281 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1414853111&from=ild&uid=WDCXWD3200BPVT-35JJ5T0_WD-WXB1A430128101281&q={searchTerms} HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://search.gboxapp.com/ HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1414853111&from=ild&uid=WDCXWD3200BPVT-35JJ5T0_WD-WXB1A430128101281 SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21929&r=2015/02/04&hid=953879814910869893&lg=EN&cc=MA&unqvl=74 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1414853111&from=ild&uid=WDCXWD3200BPVT-35JJ5T0_WD-WXB1A430128101281&q={searchTerms} SearchScopes: HKLM -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=a13277-393&apn_uid=0207923847254842&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21929&r=2015/02/04&hid=953879814910869893&lg=EN&cc=MA&unqvl=74 SearchScopes: HKU\S-1-5-21-2028535596-2605408871-1084430410-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21929&r=2015/02/04&hid=953879814910869893&lg=EN&cc=MA&unqvl=74 SearchScopes: HKU\S-1-5-21-2028535596-2605408871-1084430410-1000 -> {0297EA4E-D362-45DB-AFF2-20EE946CD050} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=673 SearchScopes: HKU\S-1-5-21-2028535596-2605408871-1084430410-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=113348&babsrc=SP_ss&mntrId=de597ed70000000000001867b0887ce1 SearchScopes: HKU\S-1-5-21-2028535596-2605408871-1084430410-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1414853111&from=ild&uid=WDCXWD3200BPVT-35JJ5T0_WD-WXB1A430128101281&q={searchTerms} SearchScopes: HKU\S-1-5-21-2028535596-2605408871-1084430410-1000 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=a13277-393&apn_uid=0207923847254842&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\S-1-5-21-2028535596-2605408871-1084430410-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-2028535596-2605408871-1084430410-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21929&r=2015/02/04&hid=953879814910869893&lg=EN&cc=MA&unqvl=74 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1414852903&from=ild&uid=WDCXWD3200BPVT-35JJ5T0_WD-WXB1A430128101281 FireFox: ======== FF ProfilePath: C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\2fbcene6.default FF DefaultSearchEngine: WebSearch FF DefaultSearchEngine,S: WebSearch FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=21929&r=2015/02/04&hid=953879814910869893&lg=EN&cc=MA&unqvl=74&l=1&q= FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SelectedSearchEngine: WebSearch FF SelectedSearchEngine,S: WebSearch FF Homepage: www.google.com FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pid=21929&r=2015/02/04&hid=953879814910869893&lg=EN&cc=MA&unqvl=74&l=1&q= FF Plugin: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [2004-07-02] (Macromedia, Inc.) FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-02-06] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll [2013-01-30] (Adobe Systems, Inc.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Pas de fichier] FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.) FF user.js: detected! => C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\2fbcene6.default\user.js [2014-07-09] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2006-09-03] (Adobe Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2006-06-22] () FF SearchPlugin: C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\2fbcene6.default\searchplugins\Ask.xml [2014-07-05] FF SearchPlugin: C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\2fbcene6.default\searchplugins\keepmysearch.xml [2014-06-24] FF SearchPlugin: C:\Users\sara\AppData\Roaming\Mozilla\Firefox\Profiles\2fbcene6.default\searchplugins\WebSearch.xml [2016-02-06] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12] FF HKU\S-1-5-21-2028535596-2605408871-1084430410-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => non trouvé(e) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22] CHR Extension: (CacheList) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhhdbdhoghppijbjfdkiaconkmfbbpa [2015-02-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Docs) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-23] CHR Extension: (Google Drive) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (YouTube) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Recherche Google) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (MediaPlus) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\emaamodndfmmmcjepfigalbjjjemadom [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Avast SafePrice) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Sheets) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22] CHR Extension: (Google Docs hors connexion) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21] CHR Extension: (Avast Online Security) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (NickelBlock) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnpmbhfdelldocceoekndfaholphcobg [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Start) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh [2015-02-21] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Wallet) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Gmail) - C:\Users\sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20] ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-04-09] (Intel Corporation) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-10-28] () R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation) S2 Internet Mobile. RunOuc; C:\Program Files\Internet Mobile\UpdateDog\ouc.exe [655744 2012-09-10] () R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2117960 2014-04-01] (CybelSoft) S2 Modem HDM EC156. RunOuc; C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe [651856 2013-12-05] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-20] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-20] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-20] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-07-20] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-20] (AVAST Software) R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-18] (Qualcomm Atheros Communications, Inc.) R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [489832 2013-11-21] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24424 2013-11-21] (Intel Corporation) S3 ma-config_x86; C:\Program Files\ma-config.com\Drivers\ma-config_x86.sys [16160 2014-02-24] (CybelSoft) S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-08-29] (MBB Incorporated) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation) S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-04-12 21:50 - 2016-04-12 21:51 - 00022273 _____ C:\Users\sara\Downloads\FRST.txt 2016-04-12 21:49 - 2016-04-12 21:50 - 00000000 ____D C:\FRST 2016-04-12 21:48 - 2016-04-12 21:48 - 01725952 _____ (Farbar) C:\Users\sara\Downloads\FRST.exe 2016-04-09 15:33 - 2016-04-09 15:34 - 00227840 _____ C:\Users\sara\Downloads\pec_intox_aigues.ppt 2016-03-30 22:36 - 2016-03-30 22:36 - 00432105 _____ C:\Users\sara\Downloads\fms-01410.pdf 2016-03-30 22:36 - 2016-03-30 22:36 - 00258739 _____ C:\Users\sara\Downloads\Sondage vesical texte à lire.pdf 2016-03-30 19:41 - 2016-03-29 15:00 - 04739072 _____ C:\Users\sara\Desktop\cours AVC.ppt 2016-03-29 20:46 - 2016-03-29 20:46 - 00547810 _____ C:\Users\sara\Downloads\3 Anesthésie pour chirurgie abdominale laparoscopique.pptx 2016-03-26 10:25 - 2016-03-26 10:25 - 00024343 _____ C:\Users\sara\Desktop\Mahatma-Gandhi-Be-the-change-that-you-wish-to-see-in-the-world.htm 2016-03-25 20:06 - 2016-03-25 20:06 - 01657399 _____ C:\Users\sara\Downloads\anesthesie et HTA.pdf 2016-03-23 11:59 - 2016-03-23 12:01 - 09166532 _____ C:\Users\sara\Downloads\Jet Ventilation.mp4 2016-03-23 11:44 - 2016-03-30 13:03 - 03935920 _____ C:\Users\sara\Desktop\La Jet ventilation.pptx 2016-03-23 11:14 - 2016-03-23 11:14 - 02048000 _____ C:\Users\sara\Downloads\BAUDRY_CASSAR_VentilationHte_frequenceFinal.ppt 2016-03-22 21:26 - 2016-03-22 21:26 - 01168384 _____ C:\Users\sara\Downloads\ROSSI_HyperinflationDynamique.ppt 2016-03-22 20:36 - 2016-03-22 20:36 - 00136429 _____ C:\Users\sara\Downloads\2 l’anesthésie en chirurgie abdominale par laparotomie de l’adulte.pptx 2016-03-22 20:34 - 2016-03-22 20:35 - 00086110 _____ C:\Users\sara\Downloads\1 ANESTHESIE EN CHIRURGIE ABDOMINALE.pptx 2016-03-20 10:18 - 2016-03-20 10:19 - 04243456 _____ C:\Users\sara\Downloads\Coma cours.ppt 2016-03-15 21:30 - 2016-03-07 17:29 - 00556531 _____ C:\Users\sara\Desktop\ANESTHESIE EN UROLOGIE.pptx 2016-03-14 00:21 - 2016-03-14 00:21 - 02532864 _____ C:\Users\sara\Downloads\75_le_defibrillateur_semi_automatique.pps 2016-03-14 00:20 - 2016-03-14 00:20 - 01825792 _____ C:\Users\sara\Downloads\lyon2006-2viramus (3).ppt 2016-03-14 00:04 - 2016-02-09 09:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-03-14 00:04 - 2016-02-09 09:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-03-14 00:04 - 2016-02-09 09:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2016-03-14 00:04 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2016-03-14 00:04 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2016-03-13 22:11 - 2016-02-12 18:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-03-13 22:11 - 2016-02-12 18:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-03-13 22:11 - 2016-02-12 18:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-03-13 22:11 - 2016-02-12 18:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-03-13 22:11 - 2016-02-12 18:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-03-13 22:11 - 2016-02-12 18:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-03-13 22:11 - 2016-02-12 18:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-03-13 22:11 - 2016-02-12 18:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-03-13 22:11 - 2016-02-12 18:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-03-13 22:11 - 2016-02-12 18:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-03-13 22:11 - 2016-02-12 18:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-03-13 21:42 - 2016-03-13 21:43 - 01823744 _____ C:\Users\sara\Downloads\lyon2006-2viramus (2).ppt ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-04-12 21:21 - 2011-04-12 01:35 - 00748850 _____ C:\Windows\system32\perfh00C.dat 2016-04-12 21:21 - 2011-04-12 01:35 - 00150840 _____ C:\Windows\system32\perfc00C.dat 2016-04-12 21:21 - 2010-11-20 21:01 - 01672662 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-12 21:21 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf 2016-04-12 21:16 - 2016-02-06 17:11 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-12 21:16 - 2014-05-11 07:09 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-04-12 21:12 - 2016-02-06 17:14 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-12 20:28 - 2009-07-14 04:34 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-12 20:28 - 2009-07-14 04:34 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-11 21:26 - 2016-02-06 17:11 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-11 21:26 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\tracing 2016-04-11 21:25 - 2016-01-09 09:08 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-04-11 21:25 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-11 09:57 - 2015-11-18 10:26 - 00868352 ___SH C:\Users\sara\Documents\Thumbs.db 2016-04-11 08:04 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\NDF 2016-04-10 09:20 - 2015-11-07 14:24 - 00496128 ___SH C:\Users\sara\Desktop\Thumbs.db 2016-04-08 20:40 - 2013-11-21 13:20 - 00000000 ____D C:\Users\sara\AppData\Roaming\vlc 2016-04-06 23:54 - 2013-11-21 12:44 - 00000000 ____D C:\Users\sara\Documents\Mes Fichiers 2016-03-27 22:14 - 2012-12-23 14:44 - 00000000 ____D C:\Users\sara\Documents\Stuff 2016-03-25 19:53 - 2015-04-04 23:11 - 00000000 ___SD C:\Windows\system32\GWX 2016-03-18 21:05 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\rescache 2016-03-15 20:38 - 2009-07-14 04:33 - 00409048 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-13 20:24 - 2015-04-15 20:32 - 00000000 ____D C:\Windows\system32\appraiser ==================== Fichiers à la racine de certains dossiers ======= 2013-02-07 12:22 - 2013-02-07 12:22 - 0050330 _____ () C:\Program Files\AntiDust.exe 2015-02-09 21:57 - 2015-03-13 05:53 - 0000020 _____ () C:\Users\sara\AppData\Roaming\appdataFr3.bin 2014-03-30 22:42 - 2014-03-30 22:42 - 0000000 _____ () C:\Users\sara\AppData\Roaming\bitlord_log.txt 2014-03-02 12:56 - 2016-02-09 20:56 - 0009216 _____ () C:\Users\sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-27 22:04 - 2015-03-27 22:04 - 0007597 _____ () C:\Users\sara\AppData\Local\Resmon.ResmonCfg 2015-03-21 20:52 - 2015-03-21 20:52 - 0000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Fichiers à déplacer ou supprimer: ==================== C:\Users\sara\IDMan.exe Certains fichiers dans TEMP: ==================== C:\Users\sara\AppData\Local\Temp\cdo731251325.dll C:\Users\sara\AppData\Local\Temp\DataCard_Setup.exe C:\Users\sara\AppData\Local\Temp\GoogleInstall.dll C:\Users\sara\AppData\Local\Temp\gtapi.dll C:\Users\sara\AppData\Local\Temp\ResetDevice.exe ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2016-03-18 20:57 ==================== Fin de FRST.txt ============================

Format du document : text/plain

Prévisualisation