Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Exécuté par Ludo (administrateur) sur LUDO-PC (29-03-2016 23:55:06) Exécuté depuis C:\Users\Ludo\Desktop Profils chargés: UpdatusUser & Ludo (Profils disponibles: UpdatusUser & Ludo) Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: IE) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (ASUS) C:\Windows\AsScrPro.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\Program Files (x86)\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe () C:\ExpressGateUtil\VAWinService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] () HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] () HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-25] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.) HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-02-25] (Windows (R) Win 7 DDK provider) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft) HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\Avanquest\Expert PDF 7 Professional\vspdfprsrv.exe [4566016 2011-08-26] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) Winlogon\Notify\avldr: avldr64.dll [X] Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3130750385-2192580418-1621175004-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation) HKU\S-1-5-21-3130750385-2192580418-1621175004-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-12] (Google Inc.) HKU\S-1-5-21-3130750385-2192580418-1621175004-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd) HKU\S-1-5-21-3130750385-2192580418-1621175004-1002\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3130750385-2192580418-1621175004-1002\$b7e7e0c1bef8e3aa087c2d8d72c94354\n. ATTENTION AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-03-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-03-08] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-01-12] ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-12-08] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_1E748E391.html [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_1E748E391.png [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_2E748E391.html [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_2E748E391.png [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_3E748E391.html [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_3E748E391.png [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_4E748E391.html [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_4E748E391.png [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_5E748E391.html [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_5E748E391.png [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_6E748E391.html [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_6E748E391.png [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_7E748E391.html [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_7E748E391.png [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_8E748E391.html [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_8E748E391.png [2016-03-02] () Startup: C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2011-05-31] ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 89.2.0.10 Tcpip\..\Interfaces\{6098202F-C05F-4EF9-8A96-97D66558D6B6}: [DhcpNameServer] 89.2.0.10 Tcpip\..\Interfaces\{FDECCE07-B3E4-4B7D-924C-3E56D7B0282A}: [DhcpNameServer] 89.2.0.10 Internet Explorer: ================== HKU\S-1-5-21-3130750385-2192580418-1621175004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com HKU\S-1-5-21-3130750385-2192580418-1621175004-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-3130750385-2192580418-1621175004-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dailymotion.com/video/x2omsw_vercoutre-lyon-lille_fun#.Uexvd71OJDN HKU\S-1-5-21-3130750385-2192580418-1621175004-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com SearchScopes: HKLM -> DefaultScope la valeur est absente SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\S-1-5-21-3130750385-2192580418-1621175004-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\S-1-5-21-3130750385-2192580418-1621175004-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3130750385-2192580418-1621175004-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3130750385-2192580418-1621175004-1002 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=CA31E63413EEB3D4FB2E065165C4B314&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-08] (Google Inc.) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab) BHO-x32: Ad-Aware Security Add-on -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\adawaretb\adawareDx.dll [2013-02-11] () BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-07] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-08] (Google Inc.) BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab) BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll => Pas de fichier BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-07] (Oracle Corporation) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-08] (Google Inc.) Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll [2013-02-11] () Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-08] (Google Inc.) Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Pas de fichier] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-27] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-07] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation) FF Plugin HKU\S-1-5-21-3130750385-2192580418-1621175004-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ludo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2012-10-12] (Skype Limited) FF Plugin HKU\S-1-5-21-3130750385-2192580418-1621175004-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ludo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-03-06] Chrome: ======= CHR StartupUrls: Default -> "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=CA31E63413EEB3D4FB2E065165C4B314","hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => Pas de fichier CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => Pas de fichier CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => Pas de fichier CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => Pas de fichier CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => Pas de fichier CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => Pas de fichier CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => Pas de fichier CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Pas de fichier CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Pas de fichier CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Ludo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => Pas de fichier CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => Pas de fichier CHR Profile: C:\Users\Ludo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SecureSearch) - C:\Users\Ludo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik [2016-03-05] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Ludo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-05] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [2013-02-04] ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [Fichier non signé] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [Fichier non signé] R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO) R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1114608 2015-04-29] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [Fichier non signé] R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] () R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] () [Fichier non signé] S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81920 2011-02-25] (Fresco Logic) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-12] (GFI Software) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-03-06] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-12-08] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934808 2016-03-06] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.) U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-03-29 23:55 - 2016-03-29 23:56 - 00029816 _____ C:\Users\Ludo\Desktop\FRST.txt 2016-03-29 23:54 - 2016-03-29 23:55 - 00000000 ____D C:\FRST 2016-03-29 23:54 - 2016-03-29 23:54 - 02374144 _____ (Farbar) C:\Users\Ludo\Desktop\FRST64.exe 2016-03-29 23:38 - 2016-03-29 23:38 - 00000000 ____D C:\Users\Ludo\AppData\Local\adawarebp 2016-03-29 23:34 - 2016-03-29 23:34 - 00002744 _____ C:\Users\Ludo\Desktop\ZHPFixReport.txt 2016-03-29 23:34 - 2016-03-29 23:34 - 00002744 _____ C:\Users\Ludo\Desktop\Rapport ZHPFix[R1].txt 2016-03-29 23:32 - 2016-03-29 23:32 - 00001855 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2016-03-29 23:32 - 2016-03-29 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2016-03-29 23:32 - 2016-03-29 23:32 - 00000000 ____D C:\Program Files (x86)\ZHPFix 2016-03-29 23:30 - 2016-03-29 23:30 - 03521617 _____ (Nicolas Coolman ) C:\Users\Ludo\Desktop\ZHPFix.exe 2016-03-29 23:10 - 2016-03-29 23:10 - 00071048 _____ C:\Users\Ludo\AppData\Local\GDIPFONTCACHEV1.DAT 2016-03-29 23:08 - 2016-03-29 23:08 - 00313696 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-28 22:12 - 2016-03-29 23:53 - 00125335 _____ C:\Users\Ludo\Desktop\ZHPDiag Rapport.txt 2016-03-28 22:05 - 2016-03-29 23:51 - 00125332 _____ C:\Users\Ludo\Desktop\ZHPDiag.txt 2016-03-28 21:55 - 2016-03-29 23:53 - 00000822 _____ C:\Users\Ludo\Desktop\ZHPDiag.lnk 2016-03-28 21:55 - 2016-03-29 23:53 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\ZHP 2016-03-28 21:54 - 2016-03-28 21:54 - 02166272 _____ C:\Users\Ludo\Desktop\ZHPDiag3.exe 2016-03-19 02:08 - 2016-03-19 02:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\7ACD1D0A.sys 2016-03-19 02:07 - 2016-03-19 02:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\39361CAB.sys 2016-03-19 01:36 - 2016-03-19 01:36 - 00133060 _____ C:\Users\Ludo\Desktop\venice_map.pdf 2016-03-16 01:53 - 2016-03-16 01:57 - 46983153 _____ C:\Users\Ludo\Desktop\Documents\YouPorn - Evelina asks her old trainer to please her horny pussy.mp4 2016-03-16 01:27 - 2016-03-16 01:44 - 212561546 _____ C:\Users\Ludo\Desktop\Documents\YouPorn - 45.mp4 2016-03-11 02:07 - 2016-03-16 00:00 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\47E82BA8.sys 2016-03-11 01:39 - 2016-03-28 22:39 - 19384512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-03-08 23:20 - 2016-03-08 23:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\03FC0FD1.sys 2016-03-08 23:18 - 2016-03-08 23:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\744D0DB6.sys 2016-03-08 22:11 - 2016-03-08 22:11 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-03-08 22:11 - 2016-03-08 22:11 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-03-08 22:11 - 2016-03-08 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-03-08 22:10 - 2016-03-08 22:11 - 00000000 ____D C:\Program Files\CCleaner 2016-03-08 22:09 - 2016-03-08 22:10 - 00000000 ____D C:\ProgramData\Google 2016-03-08 22:07 - 2016-03-08 22:07 - 06837784 _____ (Piriform Ltd) C:\Users\Ludo\Desktop\ccsetup515.exe 2016-03-06 23:25 - 2016-03-06 23:25 - 00002427 _____ C:\Users\Ludo\Desktop\Protection bancaire.lnk 2016-03-06 23:21 - 2016-03-06 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security 2016-03-06 23:21 - 2016-03-06 23:20 - 00002119 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk 2016-03-06 23:19 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2016-03-06 23:18 - 2016-03-06 23:18 - 00000000 ____D C:\Windows\ELAMBKUP 2016-03-06 23:15 - 2016-03-29 23:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-03-06 23:15 - 2016-03-06 23:15 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2016-03-06 23:13 - 2016-03-06 23:43 - 00934808 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-03-06 23:13 - 2015-12-08 02:24 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-03-06 23:13 - 2015-12-08 02:24 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2016-03-06 21:50 - 2016-03-06 22:02 - 174517968 _____ (Kaspersky Lab) C:\Users\Ludo\Desktop\kts16.0.0.614fr-fr.exe 2016-03-06 21:07 - 2016-03-06 21:07 - 00000000 _____ C:\Windows\SysWOW64\sho1E81.tmp 2016-03-06 18:46 - 2016-03-06 18:46 - 00000000 ____D C:\Vega5maj 2016-03-06 13:25 - 2016-03-06 13:27 - 00012288 ___SH C:\Users\Ludo\Thumbs.db 2016-03-04 02:44 - 2016-03-04 02:44 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\Nouveau dossier 2016-03-04 01:38 - 2015-05-05 12:02 - 00000000 ____D C:\Users\Ludo\Desktop\Sia - 1000 Forms Of Fear (Deluxe Version) - 2015 2016-03-02 02:50 - 2016-03-29 23:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-02 02:49 - 2016-03-02 02:49 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-03-02 02:49 - 2016-03-02 02:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-03-02 02:49 - 2016-03-02 02:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-03-02 02:49 - 2015-10-05 10:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-03-02 02:49 - 2015-10-05 10:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-03-02 02:49 - 2015-10-05 10:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-03-02 02:45 - 2016-03-02 02:45 - 22908888 _____ (Malwarebytes ) C:\Users\Ludo\Desktop\mbam-setup-2.2.0.1024.exe 2016-03-02 02:35 - 2016-03-16 00:35 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-02 00:13 - 2016-03-02 00:13 - 00204966 _____ C:\Users\Ludo\Desktop\BoardingPass.pdf ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-03-29 23:39 - 2012-11-01 18:25 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-29 23:29 - 2011-01-12 17:50 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-29 23:23 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-29 23:23 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-29 23:17 - 2009-08-04 12:03 - 00759774 _____ C:\Windows\system32\perfh00C.dat 2016-03-29 23:17 - 2009-08-04 12:03 - 00154348 _____ C:\Windows\system32\perfc00C.dat 2016-03-29 23:17 - 2009-07-14 07:13 - 01701968 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-29 23:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-03-29 23:10 - 2013-04-10 22:00 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection 2016-03-29 23:10 - 2011-01-12 17:50 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-29 23:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-28 22:37 - 2013-03-29 14:32 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130750385-2192580418-1621175004-1002UA.job 2016-03-28 21:55 - 2012-05-05 10:34 - 00000000 ____D C:\Windows\Minidump 2016-03-28 21:55 - 2011-09-18 15:12 - 00000000 ____D C:\Users\Ludo\AppData\Local\CrashDumps 2016-03-28 20:40 - 2011-10-25 22:46 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-16 00:35 - 2011-01-12 17:50 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-11 01:12 - 2011-05-31 06:20 - 00002608 _____ C:\Windows\system32\AutoRunFilter.ini 2016-03-08 22:36 - 2013-01-21 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament G.O.T.Y. Edition 2016-03-08 22:36 - 2012-02-12 16:06 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeMaster++ 2016-03-08 22:35 - 2009-07-29 08:03 - 00000000 ____D C:\Windows\Panther 2016-03-08 22:10 - 2011-01-12 17:49 - 00000000 ____D C:\Program Files\Google 2016-03-08 22:09 - 2011-01-12 17:49 - 00000000 ____D C:\Program Files (x86)\Google 2016-03-08 21:46 - 2012-11-01 18:26 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-03-08 21:46 - 2012-11-01 18:25 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-07 08:58 - 2011-05-31 06:20 - 00001587 _____ C:\Windows\system32\ServiceFilter.ini 2016-03-06 23:43 - 2015-06-06 09:51 - 00077728 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldisk.sys 2016-03-06 23:11 - 2011-01-12 17:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-06 23:05 - 2012-07-01 15:11 - 00000000 ____D C:\Program Files (x86)\Panda Security 2016-03-06 23:03 - 2012-07-01 15:11 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Panda Security 2016-03-06 22:57 - 2011-05-31 06:08 - 00000000 ____D C:\Users\UpdatusUser 2016-03-06 22:53 - 2011-09-18 01:23 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2016-03-06 14:37 - 2013-03-29 14:32 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130750385-2192580418-1621175004-1002Core.job 2016-03-06 13:25 - 2011-09-18 01:23 - 00000000 ____D C:\Users\Ludo 2016-03-06 13:16 - 2011-10-09 19:00 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\WinRAR 2016-03-06 13:07 - 2015-06-08 17:37 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\Films 2016-03-06 13:05 - 2014-06-03 00:31 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\CP210x_VCP_Windows 2016-03-06 13:03 - 2012-12-05 22:13 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\all_training 2016-03-02 09:21 - 2011-09-18 01:26 - 00000000 ____D C:\Users\Ludo\Desktop\Documents\Bluetooth Folder 2016-03-02 09:10 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup 2016-03-02 02:49 - 2013-04-07 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-03-02 02:24 - 2011-01-12 17:50 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-03-02 02:24 - 2011-01-12 17:50 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-03-02 02:15 - 2013-04-10 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus 2016-03-02 02:15 - 2013-04-10 22:01 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2016-03-02 02:15 - 2011-05-31 06:22 - 00000000 ___HD C:\ExpressGateUtil 2016-03-02 02:15 - 2011-05-31 06:20 - 00000000 ____D C:\ProgramData\P4G 2016-03-02 02:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2016-03-02 00:21 - 2015-05-23 23:05 - 00000000 ____D C:\Users\Ludo\AppData\Roaming\Expert PDF 7 2016-02-28 12:26 - 2012-01-28 18:04 - 00000000 ____D C:\Users\Ludo\AppData\Local\Windows Live ==================== Fichiers à la racine de certains dossiers ======= 2016-02-24 03:50 - 2016-02-24 03:50 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_1E748E391.html 2016-02-24 03:50 - 2016-02-24 03:50 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_1E748E391.png 2016-02-24 03:50 - 2016-02-24 03:50 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_2E748E391.html 2016-02-24 03:50 - 2016-02-24 03:50 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_2E748E391.png 2016-02-24 03:50 - 2016-02-24 03:50 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_3E748E391.html 2016-02-24 03:50 - 2016-02-24 03:50 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_3E748E391.png 2016-02-24 03:50 - 2016-02-24 03:50 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_4E748E391.html 2016-02-24 03:50 - 2016-02-24 03:50 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_4E748E391.png 2016-02-24 03:50 - 2016-02-24 03:50 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_5E748E391.html 2016-02-24 03:50 - 2016-02-24 03:50 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_5E748E391.png 2016-02-24 03:50 - 2016-02-24 03:50 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_6E748E391.html 2016-02-24 03:50 - 2016-02-24 03:50 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_6E748E391.png 2016-02-24 03:50 - 2016-02-24 03:50 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_7E748E391.html 2016-02-24 03:50 - 2016-02-24 03:50 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_7E748E391.png 2016-02-24 03:50 - 2016-02-24 03:50 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_8E748E391.html 2016-02-24 03:50 - 2016-02-24 03:50 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\HELP_FILE_8E748E391.png 2013-03-27 01:25 - 2013-04-05 13:41 - 0000004 _____ () C:\Users\Ludo\AppData\Roaming\skype.ini 2016-02-24 03:49 - 2016-02-24 03:49 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_1E748E391.html 2016-02-24 03:49 - 2016-02-24 03:49 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_1E748E391.png 2016-02-24 03:49 - 2016-02-24 03:49 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_2E748E391.html 2016-02-24 03:49 - 2016-02-24 03:49 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_2E748E391.png 2016-02-24 03:49 - 2016-02-24 03:49 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_3E748E391.html 2016-02-24 03:49 - 2016-02-24 03:49 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_3E748E391.png 2016-02-24 03:49 - 2016-02-24 03:49 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_4E748E391.html 2016-02-24 03:49 - 2016-02-24 03:49 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_4E748E391.png 2016-02-24 03:49 - 2016-02-24 03:49 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_5E748E391.html 2016-02-24 03:49 - 2016-02-24 03:49 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_5E748E391.png 2016-02-24 03:49 - 2016-02-24 03:49 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_6E748E391.html 2016-02-24 03:49 - 2016-02-24 03:49 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_6E748E391.png 2016-02-24 03:49 - 2016-02-24 03:49 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_7E748E391.html 2016-02-24 03:49 - 2016-02-24 03:49 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_7E748E391.png 2016-02-24 03:49 - 2016-02-24 03:49 - 0003140 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_8E748E391.html 2016-02-24 03:49 - 2016-02-24 03:49 - 0125733 _____ () C:\Users\Ludo\AppData\Roaming\Microsoft\HELP_FILE_8E748E391.png 2016-02-24 03:37 - 2016-02-24 03:37 - 0003140 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_1E748E391.html 2016-02-24 03:37 - 2016-02-24 03:37 - 0125733 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_1E748E391.png 2016-02-24 03:37 - 2016-02-24 03:37 - 0003140 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_2E748E391.html 2016-02-24 03:37 - 2016-02-24 03:37 - 0125733 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_2E748E391.png 2016-02-24 03:37 - 2016-02-24 03:37 - 0003140 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_3E748E391.html 2016-02-24 03:37 - 2016-02-24 03:37 - 0125733 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_3E748E391.png 2016-02-24 03:37 - 2016-02-24 03:37 - 0003140 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_4E748E391.html 2016-02-24 03:37 - 2016-02-24 03:37 - 0125733 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_4E748E391.png 2016-02-24 03:37 - 2016-02-24 03:37 - 0003140 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_5E748E391.html 2016-02-24 03:37 - 2016-02-24 03:37 - 0125733 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_5E748E391.png 2016-02-24 03:37 - 2016-02-24 03:37 - 0003140 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_6E748E391.html 2016-02-24 03:37 - 2016-02-24 03:37 - 0125733 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_6E748E391.png 2016-02-24 03:37 - 2016-02-24 03:37 - 0003140 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_7E748E391.html 2016-02-24 03:37 - 2016-02-24 03:37 - 0125733 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_7E748E391.png 2016-02-24 03:37 - 2016-02-24 03:37 - 0003140 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_8E748E391.html 2016-02-24 03:37 - 2016-02-24 03:37 - 0125733 _____ () C:\Users\Ludo\AppData\Local\HELP_FILE_8E748E391.png 2013-09-15 23:27 - 2013-09-15 23:27 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-01-12 18:02 - 2010-07-07 02:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe 2016-02-24 03:31 - 2016-02-24 03:31 - 0003140 _____ () C:\ProgramData\HELP_FILE_1E748E391.html 2016-02-24 03:31 - 2016-02-24 03:31 - 0125733 _____ () C:\ProgramData\HELP_FILE_1E748E391.png 2016-02-24 03:31 - 2016-02-24 03:31 - 0003140 _____ () C:\ProgramData\HELP_FILE_2E748E391.html 2016-02-24 03:31 - 2016-02-24 03:31 - 0125733 _____ () C:\ProgramData\HELP_FILE_2E748E391.png 2016-02-24 03:31 - 2016-02-24 03:31 - 0003140 _____ () C:\ProgramData\HELP_FILE_3E748E391.html 2016-02-24 03:31 - 2016-02-24 03:31 - 0125733 _____ () C:\ProgramData\HELP_FILE_3E748E391.png 2016-02-24 03:31 - 2016-02-24 03:31 - 0003140 _____ () C:\ProgramData\HELP_FILE_4E748E391.html 2016-02-24 03:31 - 2016-02-24 03:31 - 0125733 _____ () C:\ProgramData\HELP_FILE_4E748E391.png 2016-02-24 03:31 - 2016-02-24 03:31 - 0003140 _____ () C:\ProgramData\HELP_FILE_5E748E391.html 2016-02-24 03:31 - 2016-02-24 03:31 - 0125733 _____ () C:\ProgramData\HELP_FILE_5E748E391.png 2016-02-24 03:31 - 2016-02-24 03:31 - 0003140 _____ () C:\ProgramData\HELP_FILE_6E748E391.html 2016-02-24 03:31 - 2016-02-24 03:31 - 0125733 _____ () C:\ProgramData\HELP_FILE_6E748E391.png 2016-02-24 03:31 - 2016-02-24 03:31 - 0003140 _____ () C:\ProgramData\HELP_FILE_7E748E391.html 2016-02-24 03:31 - 2016-02-24 03:31 - 0125733 _____ () C:\ProgramData\HELP_FILE_7E748E391.png 2016-02-24 03:31 - 2016-02-24 03:31 - 0003140 _____ () C:\ProgramData\HELP_FILE_8E748E391.html 2016-02-24 03:31 - 2016-02-24 03:31 - 0125733 _____ () C:\ProgramData\HELP_FILE_8E748E391.png 2011-05-31 06:33 - 2011-05-31 06:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-01-12 17:48 - 2011-01-12 17:49 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-01-12 17:48 - 2011-01-12 17:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2011-05-31 06:28 - 2011-05-31 06:32 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2011-05-31 06:32 - 2011-05-31 06:33 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log 2011-05-31 06:26 - 2011-05-31 06:27 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3130750385-2192580418-1621175004-1002\$b7e7e0c1bef8e3aa087c2d8d72c94354 Fichiers à déplacer ou supprimer: ==================== C:\Users\Ludo\AppData\Roaming\skype.ini ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2016-03-11 02:47 ==================== Fin de FRST.txt ============================