Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version:06-09-2015 01 Exécuté par Florian (administrateur) sur FLORIAN-PC (07-09-2015 11:00:28) Exécuté depuis C:\Users\Florian\Desktop Profils chargés: Florian (Profils disponibles: Florian) Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: IE) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (AMD) C:\Windows\System32\atiesrxx.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\PLFSetI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2014-07-19] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.) HKU\S-1-5-21-17782594-3461096844-1310264421-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC) HKU\S-1-5-21-17782594-3461096844-1310264421-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-09] (AVAST Software) BootExecute: autocheck autochk * bootdelete ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{191EFE09-86E5-4F49-BF3A-6DE9192CE97D}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{644CE09C-6F33-4C91-9247-186AEFFAC7DB}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{65642534-110F-4550-AA16-EB84DDBC938B}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7FEFF547-5EF7-4EC3-8A96-AB194B69D1C5}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-17782594-3461096844-1310264421-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.fr/ HKU\S-1-5-21-17782594-3461096844-1310264421-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-17782594-3461096844-1310264421-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-17782594-3461096844-1310264421-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-17782594-3461096844-1310264421-1000 -> {F774890B-52D7-40C6-84DD-30D258860DD0} URL = hxxps://www.google.com/search?q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-09] (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-20] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-09] (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-20] (Oracle Corporation) Toolbar: HKU\S-1-5-21-17782594-3461096844-1310264421-1000 -> Pas de nom - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Pas de fichier Toolbar: HKU\S-1-5-21-17782594-3461096844-1310264421-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll [2014-07-19] () FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-19] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-19] Chrome: ======= CHR Plugin: (Google Store "permissions": [ "webstorePrivate", "management" ], "version": "0.2" }, "page_ordinal": "n", "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\36.0.1985.125\\resources\\web_store") - "name": "Google Store", "permissions": [ "webstorePrivate", "management" ], "version": "0.2" }, "page_ordinal": "n", C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\resources\web_store Pas de fichier CHR Plugin: (Google Docs "offline_enabled": true, "update_url": "https://clients2.google.com/service/update2/crx", "version": "0.7" }, "page_ordinal": "n", "path": "aohghmighlieiainnegkcijnfilokake\\0.7_0") - "name": "Google Docs", "offline_enabled": true, "update_url": "https://clients2.google.com/service/update2/crx", "version": "0.7" }, "page_ordinal": "n", aohghmighlieiainnegkcijnfilokake\0.7_0 Pas de fichier CHR Plugin: (Google Drive "offline_enabled": true, "options_page": "https://drive.google.com/settings", "permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ], "update_url": "http://clients2.google.com/service/update2/crx", "version": "6.3" }, "page_ordinal": "n", "path": "apdfllckaahabafndbhieahigkjlhalf\\6.3_0") - "name": "Google Drive", "offline_enabled": true, "options_page": "https://drive.google.com/settings", "permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ], "update_url": "http://clients2.google.com/service/update2/crx", "version": "6.3" }, "page_ordinal": "n", apdfllckaahabafndbhieahigkjlhalf\6.3_0 Pas de fichier CHR Plugin: (YouTube "permissions": [ "appNotifications" ], "update_url": "http://clients2.google.com/service/update2/crx", "version": "4.2.6" }, "page_ordinal": "n", "path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0") - "name": "YouTube", "permissions": [ "appNotifications" ], "update_url": "http://clients2.google.com/service/update2/crx", "version": "4.2.6" }, "page_ordinal": "n", blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 Pas de fichier CHR Plugin: (Recherche Google "permissions": [ ], "update_url": "http://clients2.google.com/service/update2/crx", "version": "0.0.0.20" }, "page_ordinal": "n", "path": "coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0") - "name": "Recherche Google", "permissions": [ ], "update_url": "http://clients2.google.com/service/update2/crx", "version": "0.0.0.20" }, "page_ordinal": "n", coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 Pas de fichier CHR Plugin: () - "name": "Bookmark Manager", "permissions": [ "bookmarks", "bookmarkManagerPrivate", "metricsPrivate", "systemPrivate", "tabs", "chrome://favicon/", "chrome://resources/" ], "version": "0.1" }, C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\resources\bookmark_manager, "preferences": { }, "regular_only_preferences": { }, "was_installed_by_default": false, "was_installed_by_oem": false }, "ennkphjdgehloodpbhlhldgbnhmacadg": { "active_permissions": { "api": [ ], "explicit_host": [ "chrome://settings-frame/*" ], "manifest_permissions": [ ] }, "commands": { }, "content_settings": [ ], "creation_flags": 1, "events": [ "app.runtime.onLaunched" ], "from_bookmark": false, "from_webstore": false, "incognito_content_settings": [ ], "incognito_preferences": { }, "initial_keybindings_set": true, "install_time": "13050277386452210", "location": 5, "manifest": { "app": { "background": { "scripts": [ "settings_app.js" ] } }, "description": "Settings", "display_in_launcher": false, "icons": { "128": "settings_app_icon_128.png", "16": "settings_app_icon_16.png", "32": "settings_app_icon_32.png", "48": "settings_app_icon_48.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB", "manifest_version": 2, "name": "Settings", "permissions": [ "chrome://settings-frame/" ], "version": "0.2" }, C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\resources\settings_app, "preferences": { }, "regular_only_preferences": { }, "running": true, "was_installed_by_default": false, "was_installed_by_oem": false }, "gfdkimpbcpahaombhbimeihdjnejgicl": { "active_permissions": { "api": [ "feedbackPrivate" ], "explicit_host": [ "chrome://resources/*" ], "manifest_permissions": [ ] }, "commands": { }, "content_settings": [ ], "creation_flags": 1, "events": [ "feedbackPrivate.onFeedbackRequested", "runtime.onMessageExternal" ], "from_bookmark": false, "from_webstore": false, "incognito_content_settings": [ ], "incognito_preferences": { }, "initial_keybindings_set": true, "install_time": "13050277386452210", "location": 5, "manifest": { "app": { "background": { "scripts": [ "js/event_handler.js" ] }, "content_security_policy": "default-src 'none'; script-src 'self' chrome://resources; style-src 'unsafe-inline' *; img-src *; media-src 'self'" }, "description": "User feedback extension", "display_in_launcher": false, "display_in_new_tab_page": false, "icons": { "32": "images/icon32.png", "64": "images/icon64.png" }, "incognito": "split", "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMZElzFX2J1g1nRQ/8S3rg/1CjFyDltWOxQg+9M8aVgNVxbutEWFQz+oQzIP9BB67mJifULgiv12ToFKsae4NpEUR8sPZjiKDIHumc6pUdixOm8SJ5Rs16SMR6+VYxFUjlVW+5CA3IILptmNBxgpfyqoK0qRpBDIhGk1KDEZ4zqQIDAQAB", "manifest_version": 2, "name": "Feedback", "permissions": [ "feedbackPrivate", "chrome://resources/" ], "version": "1.0" }, C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\resources\feedback, "preferences": { }, "regular_only_preferences": { }, "running": true, "was_installed_by_default": false, "was_installed_by_oem": false }, "gomekmidlodglbbmalcneegieacbdmki": { "ack_prompt_count": 2, "active_permissions": { "api": [ "clipboardWrite", "cookies", "tabs", "webNavigation", "webRequest", "webRequestBlocking" ], "explicit_host": [ "*://*.avast.com/*", "http://*/*", "https://*/*" ], "manifest_permissions": [ ] }, "content_settings": [ ], "creation_flags": 1, "events": [ ], "extension_can_script_all_urls": true, "from_bookmark": false, "from_webstore": false, "incognito_content_settings": [ ], "incognito_preferences": { }, "initial_keybindings_set": true, "install_time": "13050277540970112", "lastpingday": "13050226821446298", "location": 3, "manifest": { "background": { "scripts": [ "common/libs/protobuf.js", "common/libs/wrc_gpb.js", "common/libs/lodash.js", "common/libs/jquery-1.5.2.js", "common/libs/query.js", "common/libs/avastwrc.js", "scripts/aos.js", "common/scripts/bal.js", "scripts/background.js" ] }, "browser_action": { "default_icon": "common/skin/img/icn_extensiontop.png", "default_title": "avast! Online Security" }, "current_locale": "fr", "default_locale": "en", "description": "Avast Browser Security and Web Reputation Plugin.", "icons": { "128": "common/skin/img/icon128.png", "256": "common/skin/img/icon256.png", "48": "common/skin/img/icon48.png", "64": "common/skin/img/icon64.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWStseB5KE8Vqukt6RkFc3NirSBRmBTKvNolNhsOo5Q/kUlJs1pajaMckUR5rJXlpzvxfvesfNlASR/QnHKdlGBxPlyi5dxN+nohCclJYf5dXVq2ndj2ykgd++rs1qD35tw3R2v5BaeTmLgP2G/Jd53BaJXDNTGIusbkGEhvZ2rQIDAQAB", "manifest_version": 2, "name": "avast! Online Security", "options_page": "options.html", "permissions": [ "cookies", "*://*.avast.com/*", "http://*/*", "https://*/*", "tabs", "webNavigation", "webRequest", "webRequestBlocking", "clipboardWrite" ], "update_url": "https://clients2.google.com/service/update2/crx", "version": "9.0.2021.112", "web_accessible_resources": [ "common/skin/*", "common/skin/img/*", "common/skin/css/*", "common/mocks/*" ] }, gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_0, "preferences": { }, "regular_only_preferences": { }, "state": 2, "was_installed_by_default": false, "was_installed_by_oem": false }, "kmendfapggjehodndflmmgagdbamhnfd": { "active_permissions": { "api": [ "cryptotokenPrivate", "externally_connectable.all_urls", "hid", "tabs", "u2fDevices", "usb", { "usbDevices": [ { "interfaceId": -1, "productId": 529, "vendorId": 4176 } ] }, "webConnectable" ], "explicit_host": [ "http://*/*", "https://*/*", "https://www.gstatic.com/*" ], "manifest_permissions": [ ] }, "commands": { }, "content_settings": [ ], "creation_flags": 1, "events": [ "runtime.onConnectExternal", "runtime.onMessageExternal" ], "from_bookmark": false, "from_webstore": false, "incognito_content_settings": [ ], "incognito_preferences": { }, "initial_keybindings_set": true, "install_time": "13075308806976482", "location": 5, "manifest": { "background": { "persistent": false, "scripts": [ "util.js", "b64.js", "sha256.js", "countdown.js", "countdowntimer.js", "devicestatuscodes.js", "approvedorigins.js", "errorcodes.js", "gnubbycodetypes.js", "webrequest.js", "gnubbymsgtypes.js", "messagetypes.js", "factoryregistry.js", "closeable.js", "requesthelper.js", "webrequestsender.js", "enroller.js", "requestqueue.js", "signer.js", "origincheck.js", "textfetcher.js", "appid.js", "watchdog.js", "cryptotokenorigincheck.js", "cryptotokenapprovedorigins.js", "gnubbydevice.js", "hidgnubbydevice.js", "usbgnubbydevice.js", "gnubbies.js", "gnubby.js", "gnubby-u2f.js", "gnubbyfactory.js", "singlesigner.js", "multiplesigner.js", "generichelper.js", "inherits.js", "individualattest.js", "devicefactoryregistry.js", "usbhelper.js", "usbenrollhandler.js", "usbsignhandler.js", "usbgnubbyfactory.js", "googlecorpindividualattest.js", "cryptotokenbackground.js" ] }, "description": "CryptoToken Component Extension", "externally_connectable": { "accepts_tls_channel_id": true, "ids": [ "fjajfjhkeibgmiggdfehjplbhmfkialk" ], "matches": [ "\u003Call_urls>" ] }, "incognito": "split", "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7zRobvA+AVlvNqkHSSVhh1sEWsHSqz4oR/XptkDe/Cz3+gW9ZGumZ20NCHjaac8j1iiesdigp8B1LJsd/2WWv2Dbnto4f8GrQ5MVphKyQ9WJHwejEHN2K4vzrTcwaXqv5BSTXwxlxS/mXCmXskTfryKTLuYrcHEWK8fCHb+0gvr8b/kvsi75A1aMmb6nUnFJvETmCkOCPNX5CHTdy634Ts/x0fLhRuPlahk63rdf7agxQv5viVjQFk+tbgv6aa9kdSd11Js/RZ9yZjrFgHOBWgP4jTBqud4+HUglrzu8qynFipyNRLCZsaxhm+NItTyNgesxLdxZcwOz56KD1Q4IQIDAQAB", "manifest_version": 2, "name": "CryptoTokenExtension", "permissions": [ "hid", "usb", "cryptotokenPrivate", "externally_connectable.all_urls", "tabs", "u2fDevices", "https://*/*", "http://*/*", { "usbDevices": [ { "productId": 529, "vendorId": 4176 } ] } ], "version": "0.9.20" }, C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\resources\cryptotoken, "preferences": { }, "regular_only_preferences": { }, "state": 1, "was_installed_by_default": false, "was_installed_by_oem": false }, "mfehgcgbbipciphmccgaenjidiccnmng": { "active_permissions": { "api": [ "cloudPrintPrivate" ], "manifest_permissions": [ ] }, "commands": { }, "content_settings": [ ], "creation_flags": 1, "events": [ ], "from_bookmark": false, "from_webstore": false, "incognito_content_settings": [ ], "incognito_preferences": { }, "install_time": "13050277386442210", "location": 5, "manifest": { "app": { "launch": { "web_url": "https://www.google.com/cloudprint" }, "urls": [ "https://www.google.com/cloudprint/enable_chrome_connector" ] }, "description": "Cloud Print", "display_in_launcher": false, "icons": { }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB", "name": "Cloud Print", "permissions": [ "cloudPrintPrivate" ], "version": "0.1" }, C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\resources\cloud_print, "preferences": { }, "regular_only_preferences": { }, "was_installed_by_default": false, "was_installed_by_oem": false }, "mgndgikekgjfcpckkfioiadnlibdjbkf": { "active_permissions": { "api": [ ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "n", "commands": { }, "content_settings": [ ], "creation_flags": 1, "events": [ ], "from_bookmark": false, "from_webstore": false, "incognito_content_settings": [ ], "incognito_preferences": { }, "install_time": "13050277386442210", "location": 5, "manifest": { "app": { "launch": { "web_url": "http://THIS-WILL-BE-REPLACED" } }, "description": "Chrome as an app", "display_in_launcher": true, "display_in_new_tab_page": false, "icons": { "128": "product_logo_128.png", "16": "product_logo_16.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB", "name": "Chrome", "version": "0.1" }, "page_ordinal": "n", C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\resources\chrome_app Pas de fichier CHR Plugin: () - "name": "Chrome PDF Viewer", "offline_enabled": true, "permissions": [ "\u003Call_urls>" ], "version": "1", "web_accessible_resources": [ "index.html", "index.html" ] }, C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\resources\pdf, "preferences": { }, "regular_only_preferences": { }, "state": 1, "was_installed_by_default": false, "was_installed_by_oem": false }, "neajdppkdcdipfabeoofebfddakdcjhd": { "active_permissions": { "api": [ "systemPrivate", "ttsEngine" ], "explicit_host": [ "https://www.google.com/*" ], "manifest_permissions": [ ] }, "commands": { }, "content_settings": [ ], "creation_flags": 1, "events": [ "ttsEngine.onPause", "ttsEngine.onResume", "ttsEngine.onSpeak", "ttsEngine.onStop" ], "from_bookmark": false, "from_webstore": false, "incognito_content_settings": [ ], "incognito_preferences": { }, "initial_keybindings_set": true, "install_time": "13050277386452210", "location": 5, "manifest": { "background": { "persistent": false, "scripts": [ "tts_extension.js" ] }, "description": "Component extension providing speech via the Google network text-to-speech service.", "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GSbNUMGygqQTNDMFGIjZNcwXsHLzkNkHjWbuY37PbNdSDZ4VqlVjzbWqODSe+MjELdv5Keb51IdytnoGYXBMyqKmWpUrg+RnKvQ5ibWr4MW9pyIceOIdp9GrzC1WZGgTmZismYR3AjaIpufZ7xDdQQv+XrghPWCkdVqLN+qZDA1HU+DURznkMICiDDSH2sU0egm9UbWfS218bZqzKeQDiC3OnTPlaxcbJtKUuupIm5knjze3Wo9Ae9poTDMzKgchg0VlFCv3uqox+wlD8sjXBoyBCCK9HpImdVAF1a7jpdgiUHpPeV/26oYzM9/grltwNR3bzECQgSpyXp0eyoegwIDAQAB", "manifest_version": 2, "name": "Google Network Speech", "permissions": [ "systemPrivate", "ttsEngine", "https://www.google.com/" ], "tts_engine": { "voices": [ { "event_types": [ "start", "end", "error" ], "gender": "female", "lang": "en-US", "remote": true, "voice_name": "Google US English" }, { "event_types": [ "start", "end", "error" ], "gender": "male", "lang": "en-GB", "remote": true, "voice_name": "Google UK English Male" }, { "event_types": [ "start", "end", "error" ], "gender": "female", "lang": "en-GB", "remote": true, "voice_name": "Google UK English Female" }, { "event_types": [ "start", "end", "error" ], "gender": "female", "lang": "es-ES", "remote": true, "voice_name": "Google Español" }, { "event_types": [ "start", "end", "error" ], "gender": "female", "lang": "fr-FR", "remote": true, "voice_name": "Google Français" }, { "event_types": [ "start", "end", "error" ], "gender": "female", "lang": "it-IT", "remote": true, "voice_name": "Google Italiano" }, { "event_types": [ "start", "end", "error" ], "gender": "female", "lang": "de-DE", "remote": true, "voice_name": "Google Deutsch" }, { "event_types": [ "start", "end", "error" ], "gender": "female", "lang": "ja-JP", "remote": true, "voice_name": "Google 日本人" }, { "event_types": [ "start", "end", "error" ], "gender": "female", "lang": "ko-KR", "remote": true, "voice_name": "Google 한국의" }, { "event_types": [ "start", "end", "error" ], "gender": "female", "lang": "zh-CN", "remote": true, "voice_name": "Google 中国的" } ] }, "version": "1.0" }, C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\resources\network_speech_synthesis, "preferences": { }, "regular_only_preferences": { }, "was_installed_by_default": false, "was_installed_by_oem": false }, "nkeimhogjdpnpccoofpliimaahmaaome": { "active_permissions": { "api": [ "alarms", "desktopCapture", "processes", "webConnectable", "webrtcAudioPrivate", "webrtcLoggingPrivate", "system.cpu" ], "manifest_permissions": [ ] }, "commands": { }, "content_settings": [ ], "creation_flags": 1, "events": [ "runtime.onConnectExternal", "runtime.onMessageExternal" ], "from_bookmark": false, "from_webstore": false, "incognito_content_settings": [ ], "incognito_preferences": { }, "initial_keybindings_set": true, "install_time": "13050277386452210", "location": 5, "manifest": { "background": { "page": "background.html", "persistent": false }, "externally_connectable": { "matches": [ "https://*.google.com/hangouts*", "*://localhost/*" ] }, "incognito": "split", "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB", "manifest_version": 2, "name": "Google+ Hangouts", "permissions": [ "alarms", "desktopCapture", "processes", "system.cpu", "webrtcAudioPrivate", "webrtcLoggingPrivate" ], "version": "1.0" }, C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\resources\hangout_services, "preferences": { }, "regular_only_preferences": { }, "was_installed_by_default": false, "was_installed_by_oem": false }, "nmmhkkegccagdldgiimedpiccmgmieda": { "ack_external": true, "active_permissions": { "api": [ "identity", "webview" ], "explicit_host": [ "https://checkout.google.com/*", "https://sandbox.google.com/*", "https://www.google.com/*", "https://www.googleapis.com/*" ], "manifest_permissions": [ ] }, "content_settings": [ ], "creation_flags": 137, "events": [ "app.runtime.onLaunched", "runtime.onConnectExternal" ], "from_bookmark": false, "from_webstore": true, "granted_permissions": { "api": [ "identity", "webview" ], "explicit_host": [ "https://checkout.google.com/*", "https://sandbox.google.com/*", "https://www.google.com/*", "https://www.googleapis.com/*" ], "manifest_permissions": [ ] }, "incognito_content_settings": [ ], "incognito_preferences": { }, "initial_keybindings_set": true, "install_time": "13050277549751112", "lastpingday": "13050226822968112", "location": 10, "manifest": { "app": { "background": { "scripts": [ "craw_background.js" ] } }, "current_locale": "fr", "default_locale": "en", "description": "Google Wallet pour le contenu numérique", "display_in_launcher": false, "display_in_new_tab_page": false, "icons": { "128": "images/icon_128.png", "16": "images/icon_16.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB", "manifest_version": 2, "minimum_chrome_version": "29", "name": "Google Wallet", "oauth2": { "auto_approve": true, "client_id": "203784468217.apps.googleusercontent.com", "scopes": [ "https://www.googleapis.com/auth/sierra", "https://www.googleapis.com/auth/sierrasandbox", "https://www.googleapis.com/auth/chromewebstore", "https://www.googleapis.com/auth/chromewebstore.readonly" ] }, "permissions": [ "identity", "webview", "https://checkout.google.com/", "https://sandbox.google.com/checkout/", "https://www.google.com/", "https://www.googleapis.com/*" ], "update_url": "https://clients2.google.com/service/update2/crx", "version": "0.0.6.1" }, nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, "preferences": { }, "regular_only_preferences": { }, "running": true, "state": 1, "was_installed_by_default": true, "was_installed_by_oem": false }, "pjkljhegncpnkpknbcohdijeoejaedia": { "ack_external": true, "active_permissions": { "api": [ "notifications" ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "x", "content_settings": [ ], "creation_flags": 137, "events": [ ], "from_bookmark": false, "from_webstore": true, "granted_permissions": { "api": [ "notifications" ], "manifest_permissions": [ ] }, "incognito_content_settings": [ ], "incognito_preferences": { }, "install_time": "13050277402698827", "lastpingday": "13050226822968112", "location": 1, "manifest": { "app": { "launch": { "container": "tab", "web_url": "https://mail.google.com/mail/ca" }, "urls": [ "*://mail.google.com/mail/ca" ] }, "current_locale": "fr", "default_locale": "en", "description": "Profitez d'une messagerie rapide, avec moins de spam et dotée d'une fonction de recherche.", "icons": { "128": "128.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB", "name": "Gmail", "options_page": "https://mail.google.com/mail/ca/#settings", "permissions": [ "notifications" ], "update_url": "http://clients2.google.com/service/update2/crx", "version": "7" }, "page_ordinal": "n", pjkljhegncpnkpknbcohdijeoejaedia\7_0 Pas de fichier CHR Profile: C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-19] CHR Extension: (Google Drive) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-19] CHR Extension: (YouTube) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-19] CHR Extension: (Google Search) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-19] CHR Extension: (Google Wallet) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-19] CHR Extension: (Gmail) - C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-19] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-17] ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-09] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-09] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-09] (AVAST Software) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-09] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-07] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC) S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2015-09-07 11:00 - 2015-09-07 11:00 - 00043219 _____ C:\Users\Florian\Desktop\FRST.txt 2015-09-07 11:00 - 2015-09-07 11:00 - 00000000 ____D C:\FRST 2015-09-07 10:59 - 2015-09-07 10:59 - 02190336 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe 2015-09-07 10:41 - 2015-09-07 10:41 - 00070674 _____ C:\Users\Florian\Desktop\ZHPDiag.txt 2015-09-07 10:38 - 2015-09-07 10:38 - 00000824 _____ C:\Users\Florian\Desktop\ZHPDiag.lnk 2015-09-07 10:33 - 2015-09-07 10:33 - 00001715 _____ C:\Users\Florian\Desktop\ZHPFixReport.txt 2015-09-07 10:31 - 2015-09-07 10:31 - 00001849 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2015-09-07 10:31 - 2015-09-07 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2015-09-07 10:31 - 2015-09-07 10:31 - 00000000 ____D C:\Program Files (x86)\ZHPFix 2015-09-06 20:56 - 2015-09-07 10:38 - 00000000 ____D C:\Users\Florian\AppData\Roaming\ZHP 2015-08-31 00:11 - 2015-08-31 00:12 - 00000000 ____D C:\Users\Florian\Desktop\Pole Emploi 2015-08-28 19:00 - 2015-08-28 19:00 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk 2015-08-28 19:00 - 2015-08-28 19:00 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-08-28 19:00 - 2015-08-28 19:00 - 00000000 ____D C:\Users\Florian\Tracing 2015-08-28 19:00 - 2015-08-28 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-24 21:13 - 2015-08-24 21:13 - 00140584 ____H C:\Windows\system32\mlfcache.dat 2015-08-23 16:56 - 2015-08-23 16:56 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5EBF7B6E.sys 2015-08-20 16:59 - 2015-09-03 16:38 - 00000000 ____D C:\Users\Florian\Desktop\GRETA 2015-08-18 21:43 - 2015-08-18 21:43 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-08-18 21:43 - 2015-08-18 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-08-18 21:42 - 2015-08-18 21:43 - 00000000 ____D C:\Program Files\iTunes 2015-08-18 21:42 - 2015-08-18 21:42 - 00000000 ____D C:\Program Files\iPod 2015-08-18 21:42 - 2015-08-18 21:42 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-08-18 21:33 - 2015-08-18 21:33 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2015-08-18 21:33 - 2015-08-18 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-08-18 21:32 - 2015-08-18 21:33 - 00000000 ____D C:\Program Files (x86)\QuickTime 2015-08-18 21:25 - 2015-08-18 21:25 - 00000000 ____D C:\Users\Florian\AppData\Local\Apple Computer 2015-08-18 09:37 - 2015-09-06 18:11 - 00000000 ____D C:\Users\Florian\Desktop\photo gigi 2015-08-16 21:38 - 2015-08-16 21:38 - 00000000 ____D C:\Users\Florian\AppData\Local\Apple 2015-08-14 17:17 - 2015-08-14 23:02 - 00000000 ____D C:\Users\Florian\Desktop\Photos Siam 2015-08-13 17:24 - 2015-08-13 16:53 - 00000922 _____ C:\Users\Florian\Desktop\Lien Navigateur Internet Sandboxé 2015-08-13 17:17 - 2015-08-13 17:17 - 00000000 ___RD C:\Sandbox 2015-08-13 16:55 - 2015-09-05 21:16 - 00001616 _____ C:\Windows\Sandboxie.ini 2015-08-13 16:53 - 2015-08-13 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2015-08-13 16:53 - 2015-08-13 16:53 - 00000000 ____D C:\Program Files\Sandboxie 2015-08-13 16:37 - 2015-08-13 17:18 - 00000000 ____D C:\AdwCleaner 2015-08-09 18:11 - 2015-08-09 18:11 - 00000000 ____D C:\Users\Florian\AppData\Local\Adobe 2015-08-09 17:09 - 2015-08-09 17:09 - 00000000 ____D C:\Users\Florian\AppData\Roaming\www.shadowexplorer.com 2015-08-09 17:00 - 2015-08-09 17:00 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2015-08-09 16:58 - 2015-08-09 16:58 - 00031672 _____ C:\Windows\system32\.crusader 2015-08-09 16:48 - 2015-08-09 16:59 - 00000000 ____D C:\ProgramData\HitmanPro 2015-08-09 11:59 - 2015-09-07 10:40 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-09 11:59 - 2015-08-09 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-09 11:59 - 2015-08-09 11:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-09 11:59 - 2015-08-09 11:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-09 11:59 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-09 11:59 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-09 11:59 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-09 10:22 - 2015-08-09 10:23 - 00000085 _____ C:\Windows\wininit.ini 2015-08-09 10:15 - 2015-08-09 10:15 - 00000000 _____ C:\autoexec.bat 2015-08-09 10:05 - 2015-08-09 10:05 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-09 10:05 - 2015-08-09 10:05 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-08-09 08:10 - 2015-08-09 08:10 - 00009100 _____ C:\Users\HELP_DECRYPT.HTML 2015-08-09 08:10 - 2015-08-09 08:10 - 00009100 _____ C:\HELP_DECRYPT.HTML 2015-08-09 08:10 - 2015-08-09 08:10 - 00004738 _____ C:\Users\HELP_DECRYPT.TXT 2015-08-09 08:10 - 2015-08-09 08:10 - 00004738 _____ C:\HELP_DECRYPT.TXT 2015-08-09 08:10 - 2015-08-09 08:10 - 00000296 _____ C:\Users\HELP_DECRYPT.URL 2015-08-09 08:10 - 2015-08-09 08:10 - 00000296 _____ C:\HELP_DECRYPT.URL 2015-08-09 01:00 - 2015-09-07 10:45 - 00002093 _____ C:\Windows\setupact.log 2015-08-09 01:00 - 2015-08-09 01:00 - 00000000 _____ C:\Windows\setuperr.log 2015-08-08 19:22 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150808-192201.backup 2015-08-08 18:06 - 2015-08-08 18:06 - 00000000 ____D C:\searchplugins 2015-08-08 18:01 - 2015-08-13 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-08-08 17:59 - 2015-08-09 12:59 - 00002896 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2015-08-08 17:59 - 2015-08-09 12:59 - 00002896 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-08-08 17:59 - 2015-08-08 17:58 - 00422400 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-08-08 17:58 - 2015-08-08 17:58 - 00342016 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-08-08 15:04 - 2015-09-05 21:35 - 00000000 ____D C:\Users\Florian\Desktop\Films new ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2015-09-07 10:59 - 2009-07-14 17:24 - 01301782 _____ C:\Windows\system32\perfh00C.dat 2015-09-07 10:59 - 2009-07-14 17:24 - 00336532 _____ C:\Windows\system32\perfc00C.dat 2015-09-07 10:59 - 2009-07-14 07:13 - 00006468 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-07 10:51 - 2009-07-14 06:45 - 00022656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-07 10:51 - 2009-07-14 06:45 - 00022656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-07 10:45 - 2014-07-19 20:24 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Skype 2015-09-07 10:45 - 2014-07-19 18:10 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-07 10:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-07 10:38 - 2014-07-19 18:10 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-07 10:05 - 2015-04-17 23:25 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-09-03 20:21 - 2014-07-20 04:43 - 00000000 ____D C:\Users\Florian\AppData\Roaming\vlc 2015-09-03 20:13 - 2014-07-19 20:18 - 00175578 _____ C:\Windows\PFRO.log 2015-09-03 20:12 - 2014-08-11 00:08 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Azureus 2015-09-03 20:12 - 2014-08-11 00:08 - 00000000 ____D C:\Program Files (x86)\Vuze 2015-08-29 14:33 - 2014-07-19 18:10 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-29 14:33 - 2014-07-19 18:10 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-28 19:00 - 2014-07-19 18:12 - 00000000 ____D C:\ProgramData\Skype 2015-08-28 19:00 - 2014-07-19 18:01 - 00000000 ____D C:\Users\Florian 2015-08-25 00:02 - 2014-07-19 11:49 - 01769730 _____ C:\Windows\WindowsUpdate.log 2015-08-19 00:35 - 2014-09-04 22:09 - 00000000 ____D C:\Users\Florian\Desktop\Photos + Vidéos 2015-08-18 21:42 - 2015-06-27 17:14 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-08-18 21:42 - 2014-07-19 18:16 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-08-18 21:29 - 2015-04-06 15:59 - 00000000 ____D C:\Users\Florian\Desktop\LM Flo 2015-08-14 23:01 - 2014-07-19 18:19 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-08-14 17:18 - 2008-03-21 22:11 - 00000000 ___RD C:\Users\Florian\Desktop\Christina Aguilera 2015-08-13 21:37 - 2014-07-20 05:07 - 00000000 ____D C:\Users\Florian\Desktop\Films 2015-08-13 17:49 - 2014-07-19 21:01 - 00001066 _____ C:\Users\Florian\Desktop\John PERKINS.txt 2015-08-13 17:10 - 2014-07-20 22:36 - 00000000 ____D C:\ProgramData\Lavasoft 2015-08-12 00:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-08-09 18:03 - 2014-09-04 21:26 - 00000000 ____D C:\Users\Florian\Desktop\Clopinette 2015-08-09 16:58 - 2014-08-26 03:28 - 00000000 ____D C:\Users\Florian\AppData\Local\Microsoft Games 2015-08-09 16:58 - 2014-07-19 22:58 - 00000000 ____D C:\Users\Florian\AppData\Roaming\Adobe 2015-08-09 16:58 - 2014-07-19 20:24 - 00000000 ____D C:\Users\Florian\AppData\Local\Skype 2015-08-09 16:58 - 2014-07-19 18:10 - 00000000 ____D C:\Users\Florian\AppData\Local\Google 2015-08-09 12:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Globalization 2015-08-09 10:05 - 2014-07-19 18:19 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-09 10:05 - 2014-07-19 18:19 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-09 10:05 - 2014-07-19 18:19 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-08-09 10:05 - 2014-07-19 18:19 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-08-09 10:05 - 2014-07-19 18:19 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-09 10:05 - 2014-07-19 18:19 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-08-09 10:05 - 2014-07-19 18:19 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-09 08:09 - 2015-01-09 14:22 - 00000000 ____D C:\Users\Florian\Desktop\SHEILA 2015-08-09 08:09 - 2014-09-04 22:28 - 00000000 ____D C:\Users\Florian\Desktop\Sécu 2015-08-09 08:09 - 2013-10-21 16:45 - 00000000 ____D C:\Users\Florian\Desktop\Siam + CAF 2015-08-08 19:44 - 2014-07-28 15:13 - 00000000 ____D C:\Users\Florian\Desktop\Flyers 2015-08-08 16:24 - 2009-07-14 07:08 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2015-09-06 18:41 ==================== Fin de FRST.txt ============================