cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Exécuté par léa (administrateur) sur PC-DE-LÉA (21-08-2016 18:08:51)
Exécuté depuis C:\Users\léa\Desktop
Profils chargés: léa (Profils disponibles: léa & camille & véro & Invité)
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 8 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.7.0.76\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.7.0.76\nav.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3320388575-4113975711-526249532-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3320388575-4113975711-526249532-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3320388575-4113975711-526249532-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3320388575-4113975711-526249532-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3320388575-4113975711-526249532-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-3320388575-4113975711-526249532-1000\...\MountPoints2: {1b255a5a-02cc-11e5-8835-002421abe2b6} - F:\setup.exe
HKU\S-1-5-21-3320388575-4113975711-526249532-1000\...\MountPoints2: {e91060bc-4af4-11e5-9a7d-002421abe2b6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3320388575-4113975711-526249532-1000\...\MountPoints2: {ee48b0a0-0436-11e5-92a3-002421abe2b6} - F:\setup.exe
HKU\S-1-5-21-3320388575-4113975711-526249532-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ezScrSvr.scr
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
Startup: C:\Users\camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-07-19]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\véro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-07-06]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5CC4E505-1BC4-428C-8F1D-15FBC48C7B49}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://mywwwsites.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3320388575-4113975711-526249532-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.fr/
SearchScopes: HKLM -> {4986B214-5E79-49B0-A07C-C0D9D8DC369C} URL = hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
SearchScopes: HKLM -> {6C175DBE-21EB-4DB8-AFC2-59510A68FBCC} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1156&query={searchTerms}&invocationType=tb50hpcndtie7-fr-fr
SearchScopes: HKLM -> {8243E506-21E3-4D02-9047-2B1822302D7F} URL = hxxp://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente
SearchScopes: HKLM-x32 -> {4986B214-5E79-49B0-A07C-C0D9D8DC369C} URL = hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
SearchScopes: HKLM-x32 -> {6C175DBE-21EB-4DB8-AFC2-59510A68FBCC} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1156&query={searchTerms}&invocationType=tb50hpcndtie7-fr-fr
SearchScopes: HKLM-x32 -> {8243E506-21E3-4D02-9047-2B1822302D7F} URL = hxxp://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> {4986B214-5E79-49B0-A07C-C0D9D8DC369C} URL =
SearchScopes: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> {6C175DBE-21EB-4DB8-AFC2-59510A68FBCC} URL =
SearchScopes: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> {8243E506-21E3-4D02-9047-2B1822302D7F} URL =
SearchScopes: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=FR&ver=22&locale=fr_FR&gct=sb&qsrc=2869
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => Pas de fichier
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-06-16] (Sun Microsystems, Inc.)
BHO-x32: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21] (SEIKO EPSON CORPORATION)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> Pas de nom - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Pas de fichier
Toolbar: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Toolbar: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> Pas de nom - {1C491116-C175-45E1-A570-6FB14FEA8B7B} - Pas de fichier
Toolbar: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> Pas de nom - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - Pas de fichier
Toolbar: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> Pas de nom - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - Pas de fichier
Toolbar: HKU\S-1-5-21-3320388575-4113975711-526249532-1000 -> Pas de nom - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Pas de fichier
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL Pas de fichier
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL Pas de fichier
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-05-28] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\léa\AppData\Roaming\Mozilla\Firefox\Profiles\9r5jrefx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\léa\AppData\Roaming\mozilla\plugins\npzohoassisthelper.dll [2016-04-07] (Zoho Corporation Private Ltd)
FF Extension: DownloadHelper - C:\Users\léa\AppData\Roaming\Mozilla\Firefox\Profiles\9r5jrefx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2016-03-14]
FF Extension: Adblock Plus - C:\Users\léa\AppData\Roaming\Mozilla\Firefox\Profiles\9r5jrefx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-14]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon [2016-07-06]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-25] [non signé]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-12] [non signé]
FF HKLM-x32\...\Firefox\Extensions: [moovida@spointer.com] - C:\Program Files (x86)\Fluendo\Moovida\spointer\extensions\moovida@spointer.com => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon
FF HKU\S-1-5-21-3320388575-4113975711-526249532-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3320388575-4113975711-526249532-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [non signé]

Chrome:
=======
CHR HomePage: Profile 2 -> hxxps://www.google.fr/?gws_rd=ssl
CHR StartupUrls: Profile 2 -> "hxxps://www.google.fr/?gws_rd=ssl"
CHR Profile: C:\Users\léa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-03]
CHR Extension: (YouTube) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-01-27]
CHR Extension: (Recherche Google) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (AdBlock Premium) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-02-12]
CHR Extension: (Google Docs hors connexion) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-03]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Profile: C:\Users\léa\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Fireshot) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\adikddnmmpkpfpjnnfhbeomcoifmgchc [2016-08-05]
CHR Extension: (Adblock Plus) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (Norton Security Toolbar) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-06-30]
CHR Extension: (OpenWhyd ✚ track) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\foohaghobcolamikniehcnnijdjehfjk [2016-07-20]
CHR Extension: (AdBlock) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-29]
CHR Extension: (Norton Identity Safe) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-20]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (better Browser - for Chrome) - C:\Users\léa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pbegekjleoplkhibgbmkmnnfffcpfanh [2016-05-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3320388575-4113975711-526249532-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\léa\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-06]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-05]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Avec liste blanche) ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S4 Boonty Games; C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe [69120 2010-06-28] (BOONTY) [Fichier non signé]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-01-04] (EasyBits Sofware AS) [Fichier non signé]
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [387928 2014-02-12] (Garmin Ltd or its subsidiaries)
S4 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [Fichier non signé]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [Fichier non signé]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [Fichier non signé]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [Fichier non signé]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\22.7.1.32\NAV.exe [289080 2016-08-16] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
S4 Zoho Assist-Remote Support; C:\Program Files (x86)\ZohoMeeting\ZohoMeeting.exe [694912 2016-04-07] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]

===================== Pilotes (Avec liste blanche) ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\BASHDefs\20160810.001\BHDrvx64.sys [1832176 2016-05-13] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1607010.020\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2009-10-27] (Devguru Co., Ltd)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-25] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\IPSDefs\20160819.001\IDSvia64.sys [876760 2016-07-08] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1607010.020\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [125952 2009-09-21] (MCCI Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NAVx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1607010.020\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
R3 SYMTDIv; C:\Windows\System32\Drivers\NAVx64\1607000.04C\SYMTDIV.SYS [468152 2016-06-02] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\SDSDefs\20160705.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\SDSDefs\20160705.020\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-08-21 18:08 - 2016-08-21 18:09 - 00025484 _____ C:\Users\léa\Desktop\FRST.txt
2016-08-21 18:08 - 2016-08-21 18:08 - 02396672 _____ (Farbar) C:\Users\léa\Desktop\FRST64.exe
2016-08-21 17:52 - 2016-08-21 18:08 - 00000000 ____D C:\FRST
2016-08-21 17:35 - 2016-08-21 17:47 - 00000000 ____D C:\Users\léa\AppData\Roaming\ZHP
2016-08-21 17:34 - 2016-08-21 17:34 - 02299392 _____ C:\Users\léa\Downloads\ZHPDiag3.exe
2016-08-19 18:34 - 2016-08-19 18:34 - 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-08-19 18:33 - 2016-08-19 18:34 - 00000000 ____D C:\Program Files\CCleaner
2016-08-19 18:33 - 2016-08-19 18:33 - 00000772 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-19 18:33 - 2016-08-19 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-19 18:22 - 2016-08-19 18:24 - 08136664 _____ (Piriform Ltd) C:\Users\léa\Downloads\ccleaner_5-20-5668_fr_14492.exe
2016-08-06 08:12 - 2016-08-06 08:12 - 03618856 _____ (Facebook Inc.) C:\Users\léa\Downloads\Fsecure_T634932963331083T_.exe
2016-08-05 18:57 - 2016-08-05 18:57 - 00064886 _____ C:\ProgramData\SMRResults501.dat
2016-08-05 18:05 - 2016-08-05 18:05 - 03618856 _____ (Facebook Inc.) C:\Users\léa\Downloads\Kaspersky_T634618676695845T_.exe
2016-07-22 17:21 - 2016-07-22 17:21 - 00019882 _____ C:\Users\léa\Documents\recettequiche.odt

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-08-21 18:09 - 2010-11-04 20:53 - 00000432 ____H C:\Windows\Tasks\User_Feed_Synchronization-{BF6777C7-7569-419B-BD24-E8715F7DA157}.job
2016-08-21 18:05 - 2016-07-06 11:22 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-08-21 17:55 - 2016-04-08 13:12 - 00000000 ____D C:\Users\léa\AppData\LocalLow\Adblock Plus for IE
2016-08-21 17:48 - 2014-10-25 18:18 - 00000000 ____D C:\Windows\system32\Drivers\NAVx64
2016-08-21 17:47 - 2010-08-10 08:31 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-21 17:46 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\tracing
2016-08-21 17:35 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-21 17:35 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-21 17:33 - 2013-06-21 19:49 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-21 17:25 - 2016-04-08 11:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-21 17:24 - 2010-11-10 21:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-08-21 17:23 - 2010-08-10 09:10 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-21 17:23 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-20 19:05 - 2006-11-02 17:42 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-20 19:03 - 2013-03-29 19:58 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3320388575-4113975711-526249532-1002UA.job
2016-08-20 19:03 - 2013-03-29 19:58 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3320388575-4113975711-526249532-1002Core.job
2016-08-19 21:14 - 2010-08-10 09:10 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-19 19:59 - 2012-10-31 20:54 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3320388575-4113975711-526249532-1003UA.job
2016-08-19 19:59 - 2012-10-31 20:54 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3320388575-4113975711-526249532-1003Core.job
2016-08-16 10:09 - 2013-08-15 08:39 - 00000000 ____D C:\Windows\system32\MRT
2016-08-16 09:39 - 2016-04-08 11:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-16 09:22 - 2006-11-02 14:35 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-08-13 21:13 - 2013-03-24 13:05 - 00000000 ____D C:\Users\léa\AppData\Roaming\SoftGrid Client
2016-08-13 19:06 - 2010-11-17 15:36 - 00000000 ____D C:\Users\léa\AppData\LocalLow\Temp
2016-08-06 15:21 - 2016-04-08 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-06 15:21 - 2014-03-11 15:57 - 00000943 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-05 18:57 - 2016-04-05 13:14 - 00000000 ____D C:\Users\léa\AppData\Local\NPE
2016-08-01 18:31 - 2009-10-06 08:12 - 00000456 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2016-07-29 10:09 - 2010-08-10 09:10 - 00004064 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 10:09 - 2010-08-10 09:10 - 00003812 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-26 14:24 - 2010-03-22 20:57 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Fichiers à la racine de certains dossiers =======

2009-10-11 16:52 - 2016-04-11 20:37 - 0007100 _____ () C:\Users\léa\AppData\Roaming\wklnhst.dat
2010-10-02 19:38 - 2010-10-02 19:38 - 0000552 _____ () C:\Users\léa\AppData\Local\d3d8caps.dat
2010-03-20 14:39 - 2014-02-17 08:47 - 0006836 _____ () C:\Users\léa\AppData\Local\d3d9caps.dat
2009-10-11 16:44 - 2016-06-17 17:20 - 0098304 _____ () C:\Users\léa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-16 15:34 - 2010-06-16 15:34 - 0356092 _____ () C:\Users\léa\AppData\Local\dd_vcredistMSI2C34.txt
2013-07-05 11:16 - 2013-07-05 11:17 - 0384348 _____ () C:\Users\léa\AppData\Local\dd_vcredistMSI3588.txt
2010-06-16 15:34 - 2010-06-16 15:34 - 0011238 _____ () C:\Users\léa\AppData\Local\dd_vcredistUI2C34.txt
2013-07-05 11:16 - 2013-07-05 11:17 - 0012100 _____ () C:\Users\léa\AppData\Local\dd_vcredistUI3588.txt
2013-05-24 18:18 - 2013-05-24 18:18 - 0002130 _____ () C:\Users\léa\AppData\Local\recently-used.xbel
2016-04-08 10:28 - 2015-10-19 17:23 - 0016800 _____ () C:\Users\léa\AppData\Local\Z@!-45128e2d-840f-442f-bcdd-9c535b493163.tmp
2016-04-08 10:28 - 2015-10-19 17:23 - 0016800 _____ () C:\Users\léa\AppData\Local\Z@!-870d9eb8-183c-4953-93e9-988f34fc2ce6.tmp
2016-04-08 10:28 - 2016-04-08 10:28 - 0031648 _____ (Bomgar) C:\Users\léa\AppData\Local\Z@H!-14099204882286070673-32.tmp
2016-04-08 10:28 - 2016-04-08 10:28 - 0036768 _____ (Bomgar) C:\Users\léa\AppData\Local\Z@H!-14099204882286070673-64.tmp
2016-04-08 10:28 - 2015-10-19 17:23 - 0015776 _____ () C:\Users\léa\AppData\Local\Z@S!-31ef1e9f-8df6-4082-aa7e-c84bbcc37072.tmp
2009-10-05 22:19 - 2011-01-09 15:07 - 0001966 _____ () C:\ProgramData\hpzinstall.log
2016-08-05 18:57 - 2016-08-05 18:57 - 0064886 _____ () C:\ProgramData\SMRResults501.dat

Fichiers à déplacer ou supprimer:
====================
C:\ProgramData\SMRResults501.dat
C:\Users\Public\AlexaNSISPlugin.4556.dll


Certains fichiers dans TEMP:
====================
C:\Users\véro\AppData\Local\Temp\_is92EC.exe
C:\Users\véro\AppData\Local\Temp\_is977E.exe


==================== Bamital & volsnap =================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


LastRegBack: 2016-08-21 17:34

==================== Fin de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité