Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01 Exécuté par cora (administrateur) sur DESKTOP-2U1TP2M (13-06-2018 18:17:19) Exécuté depuis C:\Users\cora\Downloads Profils chargés: cora (Profils disponibles: cora) Platform: Windows 10 Home Version 1803 17134.112 (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\RAMDisk\MSI_RAMDisk_Service.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Initialize.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe (MSI) C:\Windows\SysWOW64\muachost.exe (AVAST Software) C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Users\cora\AUWFEyeucqa.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe () C:\Windows\SysWOW64\SelfFolder.idc (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.1_none_eedfeda03074e04e\TiWorker.exe () C:\Users\cora\AppData\Local\Microsoft Websites\msiexec64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9270208 2018-04-02] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-16] (AVAST Software) HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835768 2018-04-12] (MSI) HKLM-x32\...\Run: [MSI Gaming Lan Manager] => C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe [4568224 2018-04-16] (Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1028280 2017-11-10] (MSI) HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26129592 2018-05-18] (Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [X_Boost] => C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe [4261024 2018-04-17] (Micro-Star INT'L CO., LTD.) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-1133026859-3786083032-2722230936-1001\...\Run: [Steam] => D:\Steam\steam.exe [3201312 2018-06-09] (Valve Corporation) HKU\S-1-5-21-1133026859-3786083032-2722230936-1001\...\Run: [ultracopier] => C:\Program Files (x86)\Supercopier\supercopier.exe [1146368 2016-01-02] (ultracopier.first-world.info) HKU\S-1-5-21-1133026859-3786083032-2722230936-1001\...\Run: [Chromium] => "c:\users\cora\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session HKU\S-1-5-21-1133026859-3786083032-2722230936-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2018-06-04] (Glarysoft Ltd) HKU\S-1-5-21-1133026859-3786083032-2722230936-1001\...\Run: [Discord] => C:\Users\cora\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.) HKU\S-1-5-21-1133026859-3786083032-2722230936-1001\...\RunOnce: [Application Restart #2] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MSI) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{084e48e9-714d-44ce-8729-0cedb0c87823}: [DhcpNameServer] 192.168.0.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\S-1-5-21-1133026859-3786083032-2722230936-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_18_20_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtC0D0E0AtA0F0EtB0FyDtN0D0Tzu0StBtAtByBtN1L2XzuyEtFtByEtFtDtFzyyDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByBzzzy0C0A0AtCtGtDzy0EtAtG0AtBtD0EtGtA0B0C0DtGtB0A0C0DtAyByB0F0C0CtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCyD1Q1S1P1OtAtG1Tzy1RtBtGyEtC1P1RtGzy1P1TtCtG1RyEyCyEzzyDyB1PzyyD1QtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtByCyEzztAzyyDyE%26cr%3D1606885288%26a%3Dwbf_secureddownload_18_20_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: u6apwx7h.default-1528899991101 FF ProfilePath: C:\Users\cora\AppData\Roaming\Mozilla\Firefox\Profiles\u6apwx7h.default-1528899991101 [2018-06-13] FF Extension: (Avast SafePrice) - C:\Users\cora\AppData\Roaming\Mozilla\Firefox\Profiles\u6apwx7h.default-1528899991101\Extensions\sp@avast.com.xpi [2018-05-16] FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\cora\AppData\Roaming\Mozilla\Firefox\Profiles\u6apwx7h.default-1528899991101\features\{17d72dfd-4fb4-4178-be48-f9da39af3931}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-13] [Legacy] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-01] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-01] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-13] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> D:\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> D:\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> hxxps://www.google.com/ CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=6&UP=SP8F6613B0-A8E5-4147-BF87-33CC823FCD99&SSPV=&TID=3271","hxxps://www.google.com/","hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP37883725-5293-423F-8F60-4E957109D8BF","hxxp://search.conduit.com/?gd=&ctid=CT3312375&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SP37883725-5293-423F-8F60-4E957109D8BF&SSPV=","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-eea30dc3","hxxp://www.google.com","hxxp://www.mystartsearch.com/?type=hp&ts=1445465691&z=157d70d8eef1ce14019c77fgczfz3waz7q0w1z9zdb&from=ima&uid=ST1000DM003-1SB10C_W9A00EZNXXXXW9A00EZN" CHR DefaultSearchURL: Profile 1 -> hxxp://srchbar.com/?q={searchTerms} CHR DefaultSearchKeyword: Profile 1 -> Default Search CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Users\cora\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-05-15] CHR Profile: C:\Users\cora\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-06-13] CHR Extension: (Google Drive) - C:\Users\cora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-15] CHR Extension: (YouTube) - C:\Users\cora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-15] CHR Extension: (Adblock Plus) - C:\Users\cora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16] CHR Extension: (AdBlock) - C:\Users\cora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-24] CHR Extension: (Morpheon Dark) - C:\Users\cora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-05-23] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\cora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-15] CHR Extension: (Gmail) - C:\Users\cora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-15] CHR Extension: (Chrome Media Router) - C:\Users\cora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-02] CHR Profile: C:\Users\cora\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-15] CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1133026859-3786083032-2722230936-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx