Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 29-11-2017 Exécuté par CESAR (administrateur) sur CESAR-PC (30-11-2017 11:23:21) Exécuté depuis C:\Users\CESAR\Desktop Profils chargés: CESAR (Profils disponibles: CESAR) Platform: Windows 7 Home Premium (X64) Langue: Français (France) Internet Explorer Version 8 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIXE.EXE (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIXE.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-15] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-03] (Sun Microsystems, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-29] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-11-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-17] (Easybits) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd) HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.) HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\...\MountPoints2: {295db3cf-9c2f-11e7-ac0f-00269eaf893a} - E:\startme.exe HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\...\MountPoints2: {87e8c26f-d404-11e5-aecd-00269eaf893a} - E:\Startme.exe Startup: C:\Users\CESAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk [2014-12-13] ShortcutTarget: OneNote 2007 - Capture d'écran et lancement.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{666720BE-2682-471D-AEA7-D01C4DA90EE7}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EC5CBAED-26CD-4508-8E6D-715F174ABEF9}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/3 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/3 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/3 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/3 HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/3 HKU\S-1-5-21-2487816045-2445655357-3524887313-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/3 SearchScopes: HKLM -> DefaultScope {A0629974-B2FC-4727-A56D-EB94AECC46B2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {A0629974-B2FC-4727-A56D-EB94AECC46B2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {A0629974-B2FC-4727-A56D-EB94AECC46B2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {A0629974-B2FC-4727-A56D-EB94AECC46B2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2487816045-2445655357-3524887313-1001 -> DefaultScope {A0629974-B2FC-4727-A56D-EB94AECC46B2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2487816045-2445655357-3524887313-1001 -> {A0629974-B2FC-4727-A56D-EB94AECC46B2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-29] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-03] (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: Pas de nom -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Pas de fichier BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-29] (AVAST Software) BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-03] (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.) Toolbar: HKU\S-1-5-21-2487816045-2445655357-3524887313-1001 -> Pas de nom - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Pas de fichier Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: uhhl32vq.default FF ProfilePath: C:\Users\CESAR\AppData\Roaming\Mozilla\Firefox\Profiles\uhhl32vq.default [2017-11-30] FF Extension: (cacaoweb) - C:\Users\CESAR\AppData\Roaming\Mozilla\Firefox\Profiles\uhhl32vq.default\Extensions\cacaoweb@cacaoweb.org [2015-12-08] [Lagacy] [non signé] FF Extension: (Avast SafePrice) - C:\Users\CESAR\AppData\Roaming\Mozilla\Firefox\Profiles\uhhl32vq.default\Extensions\sp@avast.com.xpi [2017-11-29] FF Extension: (Avast Online Security) - C:\Users\CESAR\AppData\Roaming\Mozilla\Firefox\Profiles\uhhl32vq.default\Extensions\wrc@avast.com.xpi [2017-11-29] FF Extension: (Adblock Plus) - C:\Users\CESAR\AppData\Roaming\Mozilla\Firefox\Profiles\uhhl32vq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-29] FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Lagacy] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2009-03-19] (Adobe Systems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-29] (Google Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR NewTab: Default -> Active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/product.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/dynamicNewTab.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html", Not-active:"chrome-extension://hacjbommojkfpopnhpabmnmkpjfljfji/stubby.html", Not-active:"chrome-extension://jmceggkgkmkgobfnngildcomcidnmedl/stubby.html" CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC CHR DefaultSearchKeyword: Default -> askwebsearch CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms} CHR Profile: C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default [2017-11-30] CHR Extension: (Slides) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24] CHR Extension: (Ask Web Search) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\afeplgpaegadminidkmfjdjeagjgjjem [2017-10-24] CHR Extension: (Docs) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24] CHR Extension: (Google Drive) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Recherche Google) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Avast SafePrice) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-11-30] CHR Extension: (Sheets) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24] CHR Extension: (Google Docs hors connexion) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (OnlineMapFinder) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacjbommojkfpopnhpabmnmkpjfljfji [2017-11-23] CHR Extension: (Itineraire - Offres shopping) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlincbpgbkpbjepghokdnhnnpphmegig [2016-09-17] CHR Extension: (OnlineMapFinder) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmceggkgkmkgobfnngildcomcidnmedl [2016-09-08] CHR Extension: (Skype) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-31] CHR Extension: (FromDocToPDF) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-11-23] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Extension: (Chrome Media Router) - C:\Users\CESAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-30] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-29] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-29] (AVAST Software) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation) R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [Fichier non signé] R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [Fichier non signé] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [Fichier non signé] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe [240640 2009-08-13] (IDT, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-29] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-29] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-29] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-29] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-29] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-29] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-16] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-29] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-29] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-29] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-29] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-30] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-29] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-29] (AVAST Software) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-11-30 11:23 - 2017-11-30 11:24 - 000023023 _____ C:\Users\CESAR\Desktop\FRST.txt 2017-11-30 11:23 - 2017-11-30 11:23 - 000000000 ____D C:\FRST 2017-11-30 11:20 - 2017-11-30 11:20 - 002391552 _____ (Farbar) C:\Users\CESAR\Desktop\FRST64.exe 2017-11-30 07:41 - 2017-11-30 07:41 - 000147415 _____ C:\Users\CESAR\Desktop\ZHPDiag.txt 2017-11-30 07:35 - 2017-11-30 07:39 - 000000000 ____D C:\Users\CESAR\AppData\Roaming\ZHP 2017-11-30 07:35 - 2017-11-30 07:38 - 000000000 ____D C:\Users\CESAR\AppData\Local\ZHP 2017-11-30 07:35 - 2017-11-30 07:35 - 000000820 _____ C:\Users\CESAR\Desktop\ZHPDiag.lnk 2017-11-30 07:34 - 2017-11-30 07:34 - 002937728 _____ C:\Users\CESAR\Downloads\ZHPDiag3.exe 2017-11-30 07:01 - 2017-11-30 07:01 - 000000000 ____D C:\ProgramData\SWCUTemp 2017-11-29 21:08 - 2017-11-29 21:01 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2017-11-29 21:01 - 2017-11-29 21:01 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-11-09 22:52 - 2017-11-09 22:52 - 000080483 _____ C:\Users\CESAR\Desktop\Gérez vos réservations - Booking.pdf 2017-11-09 22:31 - 2017-11-09 22:31 - 000162505 _____ C:\Users\CESAR\Desktop\Booking.pdf 2017-11-05 23:23 - 2017-11-30 07:28 - 000000000 ____D C:\Users\CESAR\Documents\facture pure deco camargue novembre 2017 ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-11-30 11:16 - 2016-12-03 12:09 - 000000000 ____D C:\Users\CESAR\AppData\LocalLow\Mozilla 2017-11-30 07:15 - 2015-01-21 19:10 - 000000000 ____D C:\Users\CESAR\AppData\Roaming\Skype 2017-11-30 07:12 - 2015-01-21 19:10 - 000000000 ____D C:\ProgramData\Skype 2017-11-30 07:11 - 2014-12-10 09:02 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-30 07:09 - 2014-12-10 09:01 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-11-30 07:09 - 2009-07-14 05:45 - 000023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-30 07:09 - 2009-07-14 05:45 - 000023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-30 07:02 - 2014-12-10 08:24 - 000000184 _____ C:\ProgramData\HPWALog.txt 2017-11-30 07:01 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-29 22:14 - 2017-05-16 22:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-11-29 22:14 - 2014-12-10 08:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-11-29 21:45 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF 2017-11-29 21:43 - 2017-04-06 13:20 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-11-29 21:15 - 2015-09-22 13:53 - 000000000 ____D C:\Windows\Minidump 2017-11-29 21:02 - 2014-12-10 09:01 - 000003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-29 21:02 - 2014-12-10 09:01 - 000003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-29 21:01 - 2014-12-10 09:01 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151202215487304 2017-11-29 21:01 - 2014-12-10 09:01 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2017-11-29 21:01 - 2014-12-10 09:01 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-11-29 21:01 - 2014-12-10 09:01 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-11-29 21:01 - 2014-12-10 09:01 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-11-29 21:01 - 2014-12-10 09:01 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-11-29 21:01 - 2014-12-10 09:01 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-11-29 21:00 - 2017-04-06 13:20 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-11-29 21:00 - 2017-04-06 13:20 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-11-29 21:00 - 2017-04-06 13:20 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-11-29 21:00 - 2017-04-06 13:20 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-11-29 21:00 - 2014-12-10 09:01 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-11-29 20:49 - 2014-12-10 08:17 - 000000000 ____D C:\Users\CESAR 2017-11-17 12:38 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\LiveKernelReports 2017-11-15 15:00 - 2009-11-03 23:46 - 000704480 _____ C:\Windows\system32\perfh00C.dat 2017-11-15 15:00 - 2009-11-03 23:46 - 000130754 _____ C:\Windows\system32\perfc00C.dat 2017-11-15 15:00 - 2009-07-14 06:13 - 001549700 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-15 15:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf ==================== Fichiers à la racine de certains dossiers ======= 2014-12-10 08:24 - 2014-12-10 08:24 - 000000000 _____ () C:\Users\CESAR\AppData\Local\AtStart.txt 2014-12-10 08:24 - 2014-12-10 08:24 - 000000000 _____ () C:\Users\CESAR\AppData\Local\DSwitch.txt 2014-12-10 08:24 - 2014-12-10 08:24 - 000000000 _____ () C:\Users\CESAR\AppData\Local\QSwitch.txt 2017-08-31 21:08 - 2017-08-31 21:08 - 000000017 _____ () C:\Users\CESAR\AppData\Local\resmon.resmoncfg 2015-02-04 18:51 - 2015-02-04 18:51 - 001082356 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0851 (1).0 2015-02-04 18:51 - 2015-02-04 18:51 - 000370045 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0851 (1).1 2015-02-04 18:52 - 2015-02-04 18:51 - 000365537 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0851 (1).2 2015-02-04 18:51 - 2015-02-04 18:52 - 000369978 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0851 (1).JPG 2015-02-04 18:50 - 2015-02-04 18:50 - 001082356 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0851.0 2015-02-04 18:50 - 2015-02-04 18:50 - 000370043 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0851.JPG 2015-02-04 18:52 - 2015-02-04 18:52 - 001377420 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0852 (1).0 2015-02-04 18:52 - 2015-02-04 18:52 - 000527955 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0852 (1).1 2015-02-04 18:52 - 2015-02-04 18:52 - 000527516 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0852 (1).JPG 2015-02-04 18:53 - 2015-02-04 18:53 - 001016233 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0855.0 2015-02-04 18:53 - 2015-02-04 18:53 - 000362917 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0855.1 2015-02-04 18:53 - 2015-02-04 18:53 - 000361805 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0855.JPG 2015-02-20 21:30 - 2015-02-20 21:30 - 001416639 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0882.0 2015-02-20 21:30 - 2015-02-20 21:30 - 000516407 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0882.1 2015-02-20 21:30 - 2015-02-20 21:30 - 000511250 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0882.JPG 2015-02-20 21:30 - 2015-02-20 21:30 - 001325706 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0885.0 2015-02-20 21:31 - 2015-02-20 21:30 - 000476997 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0885.1 2015-02-20 21:30 - 2015-02-20 21:31 - 000473486 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0885.JPG 2015-04-02 21:26 - 2015-04-02 21:26 - 002285773 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0922.0 2015-04-02 21:26 - 2015-04-02 21:26 - 000947902 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0922.1 2015-04-02 21:26 - 2015-04-02 21:26 - 000949358 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0922.JPG 2015-04-07 14:36 - 2015-04-07 14:36 - 001071039 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0928.0 2015-04-07 14:36 - 2015-04-07 14:36 - 000401030 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0928.1 2015-04-07 14:36 - 2015-04-07 14:36 - 000398206 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0928.JPG 2015-04-07 14:36 - 2015-04-07 14:36 - 000109821 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0996.0 2015-04-07 14:36 - 2015-04-07 14:36 - 000052380 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0996.1 2015-04-07 14:36 - 2015-04-07 14:36 - 000052431 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_0996.JPG 2015-02-05 14:14 - 2015-02-05 14:14 - 002531156 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_8776.0 2015-02-05 14:14 - 2015-02-05 14:14 - 001153084 _____ () C:\Users\CESAR\AppData\Local\tmpIMG_8776.JPG ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-09-29 16:15 ==================== Fin de FRST.txt ============================