Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2016 01
Exécuté par jerôme (administrateur) sur JERÔME-PC (13-06-2016 19:44:07)
Exécuté depuis C:\Users\jerôme\Desktop
Profils chargés: jerôme & UpdatusUser (Profils disponibles: jerôme & UpdatusUser)
Platform: Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X86) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\BASVC.exe
(National Instruments Corporation) C:\Windows\System32\lkads.exe
(National Instruments Corporation) C:\Windows\System32\lktsrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Windows\System32\nisvcloc.exe
() C:\Windows\System32\PnkBstrA.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Piriform Ltd) E:\Téléchargements\CCleaner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [814608 2016-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [212000 2016-01-18] (Geek Software GmbH)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\update\realsched.exe [286960 2016-03-23] (RealNetworks, Inc.)
HKLM\...\Run: [RealDownloader] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [712432 2016-02-03] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2066270090-2916732561-56594420-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-2066270090-2916732561-56594420-1000\...\Run: [CCleaner Monitoring] => E:\Téléchargements\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-2066270090-2916732561-56594420-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter
ShellIconOverlayIdentifiers: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-03-23]
ShortcutTarget: RealTimes.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{a4cf3164-1cba-4168-9ce2-2a9ea093f944}: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{c580d05d-aa6c-4b5c-bac0-0f5ce38893aa}: [DhcpNameServer] 192.168.0.254
Internet Explorer:
==================
HKU\S-1-5-21-2066270090-2916732561-56594420-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.fr
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2066270090-2916732561-56594420-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U305&ocid=U305DHP&osmkt=fr-fr
HKU\S-1-5-21-2066270090-2916732561-56594420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-2066270090-2916732561-56594420-1000] ATTENTION => URLSearchHook par défaut est absent
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2066270090-2916732561-56594420-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2066270090-2916732561-56594420-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-02] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-02] (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - Pas de fichier
FireFox:
========
FF ProfilePath: C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623
FF DefaultSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.msn.com/?pc=U206&ocid=U206DHP&osmkt=fr-fr
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=18.1.3.100 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2016-03-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=18.1.3.100 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2016-03-23] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2066270090-2916732561-56594420-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\jerôme\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2066270090-2916732561-56594420-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jerôme\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2066270090-2916732561-56594420-1000: facebook.com/fbDesktopPlugin -> C:\Users\jerôme\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nplv85win32.dll [2007-07-24] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-03-17] (Apple Inc.)
FF SearchPlugin: C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\searchplugins\startpage-http---francais.xml [2016-02-05]
FF SearchPlugin: C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\searchplugins\startpage-https---francais.xml [2016-02-05]
FF Extension: Pricemetry - First on deals you like - C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\Extensions\contact@pricemetry.com.xpi [2014-10-10] [non signé]
FF Extension: Adblock Plus - C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-05]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-02-05] [non signé]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-02-05] [non signé]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => non trouvé(e)
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=fr-fr
CHR StartupUrls: Default -> "hxxp://www.msn.com/fr-fr"
CHR DefaultSearchURL: Default -> hxxp://www.smarter.yt
CHR Profile: C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02]
CHR Extension: (Recherche Google) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (RealPlayer Cloud) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\damemajnpodbdjndboidpmfpjlabocje [2015-08-28]
CHR Extension: (Google Sheets) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (MSN Homepage) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-07-02]
CHR Extension: (Google Docs hors connexion) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Blockulicious) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngglkijfekbhidmchmlfmpkdffmedob [2015-10-15]
CHR Extension: (Ashish Mishra) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2015-02-11]
CHR Extension: (Ghostery) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-21]
CHR Extension: (Test-Quizz) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nigifnelknobgkiciafiblpbaakilpgn [2016-05-19]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (ScriptSafe) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-06-11]
CHR Extension: (Gmail) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKU\S-1-5-21-2066270090-2916732561-56594420-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Avec liste blanche) ========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [467016 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [467016 2016-06-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1435704 2016-06-02] (Avira Operations GmbH & Co. KG)
S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1807608 2009-08-05] (AuthenTec, Inc.)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [285176 2016-05-19] (Avira Operations GmbH & Co. KG)
R2 BEWConfigSrv; C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe [195536 2012-10-31] () [Fichier non signé]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 FTRTSVC; C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632 2009-08-03] (France Telecom SA) [Fichier non signé]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Fichier non signé]
R2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.) [Fichier non signé]
S3 LkCitadelServer; C:\Windows\system32\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\system32\lkads.exe [42544 2009-06-18] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\system32\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
R2 NIDomainService; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation)
R2 niSvcLoc; C:\Windows\system32\nisvcloc.exe [13896 2009-06-04] (National Instruments Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-10-04] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-23] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
S2 RealTimes Desktop Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-23] (RealNetworks, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\jerôme\AppData\Local\Temp\7zS1DB7\hpslpsvc32.dll [X]
S2 TomTomHOMEService; "C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe" [X]
===================== Pilotes (Avec liste blanche) ==========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137240 2016-06-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [4096 2007-10-23] () [Fichier non signé]
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388848 2016-05-14] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-04-15] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2009-06-15] (Huawei Technologies Co., Ltd.)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2008-03-12] () [Fichier non signé]
S3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [11360 2007-07-12] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [11344 2007-07-12] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [580184 2007-07-18] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [11896 2007-07-18] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [15448 2007-07-10] (National Instruments Corporation)
S3 NiViFWK; C:\Windows\System32\drivers\NiViFWKl.sys [11384 2007-07-19] (National Instruments Corporation)
S3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [11360 2007-07-19] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [11360 2007-07-19] (National Instruments Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [44544 2009-08-31] (Nuvoton Technology Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 nipalfwedl; System32\drivers\nipalfwedl.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2016-06-13 19:44 - 2016-06-13 19:44 - 00025778 _____ C:\Users\jerôme\Desktop\FRST.txt
2016-06-13 19:43 - 2016-06-13 19:44 - 00000000 ____D C:\FRST
2016-06-13 19:42 - 2016-06-13 19:42 - 01735680 _____ (Farbar) C:\Users\jerôme\Desktop\FRST.exe
2016-06-13 19:41 - 2016-06-13 19:41 - 00089376 _____ C:\Users\jerôme\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-11 12:14 - 2016-06-11 12:14 - 00450947 _____ C:\Users\jerôme\Downloads\Bulletin de paie mai 2016.compressed.pdf
2016-06-10 22:03 - 2016-06-10 22:03 - 00001058 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-06-08 20:18 - 2016-06-08 20:18 - 00012901 _____ C:\Users\jerôme\Downloads\recu_de_participation.pdf
2016-06-08 20:10 - 2016-06-08 20:09 - 00002779 _____ C:\Users\jerôme\Desktop\e-Carte Bleue Caisse d'Epargne.lnk
2016-06-08 20:09 - 2016-06-08 20:09 - 00000000 ____D C:\Program Files\e-Carte Bleue
2016-06-07 19:54 - 2016-06-07 19:54 - 00967670 _____ C:\Users\jerôme\Downloads\3 derniers bulletin de paie.compressed.pdf
2016-06-07 18:53 - 2016-06-07 18:53 - 00406336 _____ C:\Users\jerôme\Downloads\permis de conduite.compressed.pdf
2016-06-05 10:25 - 2016-06-05 10:25 - 00085837 _____ C:\Users\jerôme\Desktop\CV Jérôme version 20.pdf
2016-06-04 09:38 - 2016-06-04 09:53 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-06-02 18:57 - 2016-06-10 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-28 22:26 - 2016-05-28 22:26 - 01200749 _____ C:\Users\jerôme\Downloads\QuestionnaireDeSuiviAnnuel2016.pdf
2016-05-27 23:15 - 2016-05-27 23:15 - 07728399 _____ C:\Users\jerôme\Downloads\les_reseaux_de_vinci_autoroutes_et_leurs_aires_de_services_-_juillet_2015_0.pdf
2016-05-27 22:03 - 2016-05-27 22:03 - 01463424 _____ (Skype Technologies S.A.) C:\Users\jerôme\Downloads\SkypeSetup (1).exe
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2016-06-13 19:38 - 2011-08-20 19:39 - 00000000 ____D C:\Users\jerôme\AppData\Roaming\Skype
2016-06-13 18:54 - 2015-08-31 18:01 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e4065d89e885.job
2016-06-13 18:54 - 2015-08-31 18:01 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e4065d26b9dc.job
2016-06-13 18:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-06-13 18:06 - 2011-02-09 19:10 - 00000000 ____D C:\Windows\Minidump
2016-06-13 18:00 - 2015-10-15 16:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-13 17:56 - 2015-07-01 15:42 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 22:33 - 2012-11-17 21:24 - 00000000 ____D C:\Users\jerôme\AppData\Roaming\vlc
2016-06-12 21:42 - 2009-07-14 06:34 - 00022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-12 21:42 - 2009-07-14 06:34 - 00022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-12 21:33 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-12 16:56 - 2016-03-23 21:20 - 00000438 ____H C:\Windows\Tasks\Norton Security Scan for jerôme.job
2016-06-11 12:33 - 2016-03-23 19:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-11 12:06 - 2010-12-29 21:13 - 01669656 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-11 12:06 - 2009-07-14 10:39 - 00747910 _____ C:\Windows\system32\perfh00C.dat
2016-06-11 12:06 - 2009-07-14 10:39 - 00150402 _____ C:\Windows\system32\perfc00C.dat
2016-06-09 18:53 - 2014-12-01 12:55 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 20:09 - 2015-05-09 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Carte Bleue Caisse d'Epargne
2016-06-08 20:09 - 2012-11-01 15:36 - 00000000 ____D C:\Users\jerôme\AppData\Local\Downloaded Installations
2016-06-04 21:56 - 2015-07-01 21:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-04 14:41 - 2012-05-03 10:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-03 22:43 - 2013-03-12 21:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-03 22:43 - 2013-03-12 21:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-02 18:57 - 2014-12-09 20:43 - 00000000 ____D C:\ProgramData\Avira
2016-06-02 18:57 - 2014-12-09 20:43 - 00000000 ____D C:\Program Files\Avira
2016-06-02 18:55 - 2014-12-09 20:43 - 00137240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-06-02 18:55 - 2014-12-09 20:43 - 00060088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-29 21:51 - 2013-01-28 21:15 - 00000000 ___RD C:\Program Files\Skype
2016-05-28 23:02 - 2013-12-29 21:05 - 00002896 _____ C:\Users\jerôme\Desktop\bloc note n°3.txt
==================== Fichiers à la racine de certains dossiers =======
2011-01-02 17:46 - 2011-01-02 17:52 - 0000095 _____ () C:\Program Files\satsukidecodersettings.ini
2011-01-12 03:00 - 2011-01-12 03:00 - 0146944 _____ () C:\Program Files\Common Files\dsfFLACDecoder.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0221184 _____ () C:\Program Files\Common Files\dsfFLACEncoder.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0204800 _____ () C:\Program Files\Common Files\dsfNativeFLACSource.dll
2012-05-11 15:16 - 2012-05-11 15:16 - 0171520 _____ () C:\Program Files\Common Files\dsfOggDemux2.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0240128 _____ () C:\Program Files\Common Files\dsfVorbisDecoder.dll
2009-07-12 00:08 - 2009-07-12 00:08 - 0001860 _____ () C:\Program Files\Common Files\Microsoft.VC90.CRT.manifest
2011-04-18 23:51 - 2011-04-18 23:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files\Common Files\MSVCP90.dll
2011-04-18 23:51 - 2011-04-18 23:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files\Common Files\MSVCR90.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0412672 _____ (Google) C:\Program Files\Common Files\vp8decoder.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0701440 _____ (Google) C:\Program Files\Common Files\vp8encoder.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0302592 _____ (Google) C:\Program Files\Common Files\webmmux.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0292352 _____ (Google) C:\Program Files\Common Files\webmsplit.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0030208 _____ () C:\Program Files\Common Files\wmpinfo.dll
2012-04-19 20:02 - 2012-10-28 22:41 - 0000006 _____ () C:\Program Files\Common Files\WPVersion.txt
2011-10-03 16:40 - 2011-10-03 16:40 - 0000000 _____ () C:\Users\jerôme\AppData\Roaming\KQuqz.txt
2011-10-03 16:40 - 2011-10-10 21:59 - 0045120 _____ () C:\Users\jerôme\AppData\Roaming\localhost
2014-11-29 20:58 - 2014-11-29 20:58 - 0000044 _____ () C:\Users\jerôme\AppData\Roaming\WB.CFG
2011-03-12 19:34 - 1997-01-27 01:00 - 0000002 _____ () C:\Users\jerôme\AppData\Roaming\Microsoft\ArtGalry.cag
2014-12-01 13:55 - 2014-12-01 13:55 - 0000435 _____ () C:\Users\jerôme\AppData\Local\LMIR0001.tmp.bat
2014-12-01 13:55 - 2014-12-01 13:55 - 0000360 _____ () C:\Users\jerôme\AppData\Local\LMIR0001.tmp_r.bat
2015-02-03 18:45 - 2015-02-03 18:45 - 0000410 _____ () C:\Users\jerôme\AppData\Local\LMIR0002.tmp.bat
2015-02-03 18:45 - 2015-02-03 18:45 - 0000335 _____ () C:\Users\jerôme\AppData\Local\LMIR0002.tmp_r.bat
2015-11-16 23:20 - 2015-11-16 23:20 - 0000989 _____ () C:\Users\jerôme\AppData\Local\recently-used.xbel
2011-01-09 21:06 - 2011-01-09 21:06 - 0000017 _____ () C:\Users\jerôme\AppData\Local\resmon.resmoncfg
2012-11-28 12:35 - 2012-11-28 12:35 - 10668037 _____ () C:\Users\jerôme\AppData\Local\SelfExtractible.zip
2014-08-04 10:11 - 2014-08-04 10:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-09-16 13:35 - 2015-09-16 13:35 - 0000130 _____ () C:\ProgramData\defraggler_list.txt
2014-08-18 21:44 - 2014-08-18 21:44 - 0005081 _____ () C:\ProgramData\hnbdehzc.pfe
2012-10-28 22:43 - 2012-10-28 22:43 - 0000097 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Fichiers à déplacer ou supprimer:
====================
C:\Users\jerôme\ZHPDiag3.exe
Certains fichiers dans TEMP:
====================
C:\Users\jerôme\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2016-06-07 19:17
==================== Fin de FRST.txt ============================
Exécuté par jerôme (administrateur) sur JERÔME-PC (13-06-2016 19:44:07)
Exécuté depuis C:\Users\jerôme\Desktop
Profils chargés: jerôme & UpdatusUser (Profils disponibles: jerôme & UpdatusUser)
Platform: Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X86) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\BASVC.exe
(National Instruments Corporation) C:\Windows\System32\lkads.exe
(National Instruments Corporation) C:\Windows\System32\lktsrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Windows\System32\nisvcloc.exe
() C:\Windows\System32\PnkBstrA.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Piriform Ltd) E:\Téléchargements\CCleaner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [814608 2016-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [212000 2016-01-18] (Geek Software GmbH)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\update\realsched.exe [286960 2016-03-23] (RealNetworks, Inc.)
HKLM\...\Run: [RealDownloader] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [712432 2016-02-03] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2066270090-2916732561-56594420-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-2066270090-2916732561-56594420-1000\...\Run: [CCleaner Monitoring] => E:\Téléchargements\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-2066270090-2916732561-56594420-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter
ShellIconOverlayIdentifiers: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-03-23]
ShortcutTarget: RealTimes.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{a4cf3164-1cba-4168-9ce2-2a9ea093f944}: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{c580d05d-aa6c-4b5c-bac0-0f5ce38893aa}: [DhcpNameServer] 192.168.0.254
Internet Explorer:
==================
HKU\S-1-5-21-2066270090-2916732561-56594420-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.fr
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2066270090-2916732561-56594420-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U305&ocid=U305DHP&osmkt=fr-fr
HKU\S-1-5-21-2066270090-2916732561-56594420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-2066270090-2916732561-56594420-1000] ATTENTION => URLSearchHook par défaut est absent
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2066270090-2916732561-56594420-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2066270090-2916732561-56594420-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-02] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-02] (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - Pas de fichier
FireFox:
========
FF ProfilePath: C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623
FF DefaultSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.msn.com/?pc=U206&ocid=U206DHP&osmkt=fr-fr
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=18.1.3.100 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2016-03-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=18.1.3.100 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2016-03-23] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2066270090-2916732561-56594420-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\jerôme\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2066270090-2916732561-56594420-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jerôme\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2066270090-2916732561-56594420-1000: facebook.com/fbDesktopPlugin -> C:\Users\jerôme\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nplv85win32.dll [2007-07-24] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-03-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-03-17] (Apple Inc.)
FF SearchPlugin: C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\searchplugins\startpage-http---francais.xml [2016-02-05]
FF SearchPlugin: C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\searchplugins\startpage-https---francais.xml [2016-02-05]
FF Extension: Pricemetry - First on deals you like - C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\Extensions\contact@pricemetry.com.xpi [2014-10-10] [non signé]
FF Extension: Adblock Plus - C:\Users\jerôme\AppData\Roaming\Mozilla\Firefox\Profiles\3zn4j7zs.default-1363033740623\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-05]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-02-05] [non signé]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-02-05] [non signé]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => non trouvé(e)
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=fr-fr
CHR StartupUrls: Default -> "hxxp://www.msn.com/fr-fr"
CHR DefaultSearchURL: Default -> hxxp://www.smarter.yt
CHR Profile: C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02]
CHR Extension: (Recherche Google) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (RealPlayer Cloud) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\damemajnpodbdjndboidpmfpjlabocje [2015-08-28]
CHR Extension: (Google Sheets) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (MSN Homepage) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-07-02]
CHR Extension: (Google Docs hors connexion) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Blockulicious) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngglkijfekbhidmchmlfmpkdffmedob [2015-10-15]
CHR Extension: (Ashish Mishra) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2015-02-11]
CHR Extension: (Ghostery) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-21]
CHR Extension: (Test-Quizz) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nigifnelknobgkiciafiblpbaakilpgn [2016-05-19]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (ScriptSafe) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-06-11]
CHR Extension: (Gmail) - C:\Users\jerôme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKU\S-1-5-21-2066270090-2916732561-56594420-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Avec liste blanche) ========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [467016 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [467016 2016-06-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1435704 2016-06-02] (Avira Operations GmbH & Co. KG)
S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1807608 2009-08-05] (AuthenTec, Inc.)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [285176 2016-05-19] (Avira Operations GmbH & Co. KG)
R2 BEWConfigSrv; C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe [195536 2012-10-31] () [Fichier non signé]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 FTRTSVC; C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632 2009-08-03] (France Telecom SA) [Fichier non signé]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Fichier non signé]
R2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.) [Fichier non signé]
S3 LkCitadelServer; C:\Windows\system32\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\system32\lkads.exe [42544 2009-06-18] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\system32\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
R2 NIDomainService; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation)
R2 niSvcLoc; C:\Windows\system32\nisvcloc.exe [13896 2009-06-04] (National Instruments Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-10-04] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-23] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
S2 RealTimes Desktop Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-23] (RealNetworks, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\jerôme\AppData\Local\Temp\7zS1DB7\hpslpsvc32.dll [X]
S2 TomTomHOMEService; "C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe" [X]
===================== Pilotes (Avec liste blanche) ==========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137240 2016-06-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 cvintdrv; C:\Windows\system32\Drivers\cvintdrv.sys [4096 2007-10-23] () [Fichier non signé]
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388848 2016-05-14] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-04-15] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2009-06-15] (Huawei Technologies Co., Ltd.)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2008-03-12] () [Fichier non signé]
S3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [11360 2007-07-12] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [11344 2007-07-12] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [580184 2007-07-18] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [11896 2007-07-18] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [15448 2007-07-10] (National Instruments Corporation)
S3 NiViFWK; C:\Windows\System32\drivers\NiViFWKl.sys [11384 2007-07-19] (National Instruments Corporation)
S3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [11360 2007-07-19] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [11360 2007-07-19] (National Instruments Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [44544 2009-08-31] (Nuvoton Technology Corporation)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 nipalfwedl; System32\drivers\nipalfwedl.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2016-06-13 19:44 - 2016-06-13 19:44 - 00025778 _____ C:\Users\jerôme\Desktop\FRST.txt
2016-06-13 19:43 - 2016-06-13 19:44 - 00000000 ____D C:\FRST
2016-06-13 19:42 - 2016-06-13 19:42 - 01735680 _____ (Farbar) C:\Users\jerôme\Desktop\FRST.exe
2016-06-13 19:41 - 2016-06-13 19:41 - 00089376 _____ C:\Users\jerôme\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-11 12:14 - 2016-06-11 12:14 - 00450947 _____ C:\Users\jerôme\Downloads\Bulletin de paie mai 2016.compressed.pdf
2016-06-10 22:03 - 2016-06-10 22:03 - 00001058 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-06-08 20:18 - 2016-06-08 20:18 - 00012901 _____ C:\Users\jerôme\Downloads\recu_de_participation.pdf
2016-06-08 20:10 - 2016-06-08 20:09 - 00002779 _____ C:\Users\jerôme\Desktop\e-Carte Bleue Caisse d'Epargne.lnk
2016-06-08 20:09 - 2016-06-08 20:09 - 00000000 ____D C:\Program Files\e-Carte Bleue
2016-06-07 19:54 - 2016-06-07 19:54 - 00967670 _____ C:\Users\jerôme\Downloads\3 derniers bulletin de paie.compressed.pdf
2016-06-07 18:53 - 2016-06-07 18:53 - 00406336 _____ C:\Users\jerôme\Downloads\permis de conduite.compressed.pdf
2016-06-05 10:25 - 2016-06-05 10:25 - 00085837 _____ C:\Users\jerôme\Desktop\CV Jérôme version 20.pdf
2016-06-04 09:38 - 2016-06-04 09:53 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-06-02 18:57 - 2016-06-10 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-28 22:26 - 2016-05-28 22:26 - 01200749 _____ C:\Users\jerôme\Downloads\QuestionnaireDeSuiviAnnuel2016.pdf
2016-05-27 23:15 - 2016-05-27 23:15 - 07728399 _____ C:\Users\jerôme\Downloads\les_reseaux_de_vinci_autoroutes_et_leurs_aires_de_services_-_juillet_2015_0.pdf
2016-05-27 22:03 - 2016-05-27 22:03 - 01463424 _____ (Skype Technologies S.A.) C:\Users\jerôme\Downloads\SkypeSetup (1).exe
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2016-06-13 19:38 - 2011-08-20 19:39 - 00000000 ____D C:\Users\jerôme\AppData\Roaming\Skype
2016-06-13 18:54 - 2015-08-31 18:01 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e4065d89e885.job
2016-06-13 18:54 - 2015-08-31 18:01 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e4065d26b9dc.job
2016-06-13 18:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-06-13 18:06 - 2011-02-09 19:10 - 00000000 ____D C:\Windows\Minidump
2016-06-13 18:00 - 2015-10-15 16:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-13 17:56 - 2015-07-01 15:42 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 22:33 - 2012-11-17 21:24 - 00000000 ____D C:\Users\jerôme\AppData\Roaming\vlc
2016-06-12 21:42 - 2009-07-14 06:34 - 00022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-12 21:42 - 2009-07-14 06:34 - 00022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-12 21:33 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-12 16:56 - 2016-03-23 21:20 - 00000438 ____H C:\Windows\Tasks\Norton Security Scan for jerôme.job
2016-06-11 12:33 - 2016-03-23 19:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-11 12:06 - 2010-12-29 21:13 - 01669656 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-11 12:06 - 2009-07-14 10:39 - 00747910 _____ C:\Windows\system32\perfh00C.dat
2016-06-11 12:06 - 2009-07-14 10:39 - 00150402 _____ C:\Windows\system32\perfc00C.dat
2016-06-09 18:53 - 2014-12-01 12:55 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 20:09 - 2015-05-09 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Carte Bleue Caisse d'Epargne
2016-06-08 20:09 - 2012-11-01 15:36 - 00000000 ____D C:\Users\jerôme\AppData\Local\Downloaded Installations
2016-06-04 21:56 - 2015-07-01 21:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-04 14:41 - 2012-05-03 10:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-03 22:43 - 2013-03-12 21:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-03 22:43 - 2013-03-12 21:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-02 18:57 - 2014-12-09 20:43 - 00000000 ____D C:\ProgramData\Avira
2016-06-02 18:57 - 2014-12-09 20:43 - 00000000 ____D C:\Program Files\Avira
2016-06-02 18:55 - 2014-12-09 20:43 - 00137240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-06-02 18:55 - 2014-12-09 20:43 - 00060088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-29 21:51 - 2013-01-28 21:15 - 00000000 ___RD C:\Program Files\Skype
2016-05-28 23:02 - 2013-12-29 21:05 - 00002896 _____ C:\Users\jerôme\Desktop\bloc note n°3.txt
==================== Fichiers à la racine de certains dossiers =======
2011-01-02 17:46 - 2011-01-02 17:52 - 0000095 _____ () C:\Program Files\satsukidecodersettings.ini
2011-01-12 03:00 - 2011-01-12 03:00 - 0146944 _____ () C:\Program Files\Common Files\dsfFLACDecoder.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0221184 _____ () C:\Program Files\Common Files\dsfFLACEncoder.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0204800 _____ () C:\Program Files\Common Files\dsfNativeFLACSource.dll
2012-05-11 15:16 - 2012-05-11 15:16 - 0171520 _____ () C:\Program Files\Common Files\dsfOggDemux2.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0240128 _____ () C:\Program Files\Common Files\dsfVorbisDecoder.dll
2009-07-12 00:08 - 2009-07-12 00:08 - 0001860 _____ () C:\Program Files\Common Files\Microsoft.VC90.CRT.manifest
2011-04-18 23:51 - 2011-04-18 23:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files\Common Files\MSVCP90.dll
2011-04-18 23:51 - 2011-04-18 23:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files\Common Files\MSVCR90.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0412672 _____ (Google) C:\Program Files\Common Files\vp8decoder.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0701440 _____ (Google) C:\Program Files\Common Files\vp8encoder.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0302592 _____ (Google) C:\Program Files\Common Files\webmmux.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0292352 _____ (Google) C:\Program Files\Common Files\webmsplit.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0030208 _____ () C:\Program Files\Common Files\wmpinfo.dll
2012-04-19 20:02 - 2012-10-28 22:41 - 0000006 _____ () C:\Program Files\Common Files\WPVersion.txt
2011-10-03 16:40 - 2011-10-03 16:40 - 0000000 _____ () C:\Users\jerôme\AppData\Roaming\KQuqz.txt
2011-10-03 16:40 - 2011-10-10 21:59 - 0045120 _____ () C:\Users\jerôme\AppData\Roaming\localhost
2014-11-29 20:58 - 2014-11-29 20:58 - 0000044 _____ () C:\Users\jerôme\AppData\Roaming\WB.CFG
2011-03-12 19:34 - 1997-01-27 01:00 - 0000002 _____ () C:\Users\jerôme\AppData\Roaming\Microsoft\ArtGalry.cag
2014-12-01 13:55 - 2014-12-01 13:55 - 0000435 _____ () C:\Users\jerôme\AppData\Local\LMIR0001.tmp.bat
2014-12-01 13:55 - 2014-12-01 13:55 - 0000360 _____ () C:\Users\jerôme\AppData\Local\LMIR0001.tmp_r.bat
2015-02-03 18:45 - 2015-02-03 18:45 - 0000410 _____ () C:\Users\jerôme\AppData\Local\LMIR0002.tmp.bat
2015-02-03 18:45 - 2015-02-03 18:45 - 0000335 _____ () C:\Users\jerôme\AppData\Local\LMIR0002.tmp_r.bat
2015-11-16 23:20 - 2015-11-16 23:20 - 0000989 _____ () C:\Users\jerôme\AppData\Local\recently-used.xbel
2011-01-09 21:06 - 2011-01-09 21:06 - 0000017 _____ () C:\Users\jerôme\AppData\Local\resmon.resmoncfg
2012-11-28 12:35 - 2012-11-28 12:35 - 10668037 _____ () C:\Users\jerôme\AppData\Local\SelfExtractible.zip
2014-08-04 10:11 - 2014-08-04 10:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-09-16 13:35 - 2015-09-16 13:35 - 0000130 _____ () C:\ProgramData\defraggler_list.txt
2014-08-18 21:44 - 2014-08-18 21:44 - 0005081 _____ () C:\ProgramData\hnbdehzc.pfe
2012-10-28 22:43 - 2012-10-28 22:43 - 0000097 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Fichiers à déplacer ou supprimer:
====================
C:\Users\jerôme\ZHPDiag3.exe
Certains fichiers dans TEMP:
====================
C:\Users\jerôme\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2016-06-07 19:17
==================== Fin de FRST.txt ============================