Solved Repeated unfriendly message telling me hard drive will be wiped

needhelp51

Posts: 368   +0
When I open Firefox, it randomly loads some bogus website with a voice-over message saying my hard drive will be wiped if I don't call like right now. I killed the task in task manager. For some reason, I can't download Farbar, I keep getting "link expired" message either for 32-bit or 64-bit. Sorry I cannot post requested logs. Any help appreciated.
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

It could be because of Firefox infection.
Try different browser.
If that doesn't work let me know what Windows version you have 32 or 64-bit.
I'll download FRST for you.
 
FRST log part 1:

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Exécuté par USER (administrateur) sur TOSHIBA (31-03-2017 21:36:23)
Exécuté depuis C:\Users\USER\Desktop
Profils chargés: USER (Profils disponibles: USER)
Platform: Windows 8.1 (Update) (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool:

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
( ) C:\Windows\System32\lxdxcoms.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3249384 2015-05-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [914648 2014-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830104 2014-01-14] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-19] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-10-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2088832 2016-12-22] (Sony)
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\MountPoints2: {9cb0b1b1-ceda-11e6-82d8-a08869756669} - "D:\Startme.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-19] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2017-02-04]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2016-08-08]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B4C5874-80F0-4B7C-8486-17CDA628398E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4A0A451B-6198-4D5D-9FBF-AE2FBBC85052}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50DF5579-E176-48A2-9370-9422E9E0575C}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{D332F385-12BF-4B5C-A372-3D807ADE6D5E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba13.msn.com/?pc=TNJB
hxxp://www.toshiba.ca/welcome/?w=23
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-19] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-19] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-19] (Oracle Corporation)
Handler-x32: intu-ir2014 - {980B949F-E16E-4459-88E8-580392AEF9AE} - C:\Program Files (x86)\ImpotRapide 2014\ic2014pp.dll [2015-02-13] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-ir2015 - {6BEE4271-88EB-43B7-BEE1-54B77DC65F9C} - C:\Program Files (x86)\ImpotRapide 2015\ic2015pp.dll [2015-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-ir2016 - {1A650DE5-FC3E-4C0A-AF76-311BB850DDC2} - C:\Program Files (x86)\ImpotRapide 2016\ic2016pp.dll [2016-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 [2017-03-31]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 -> hxxps://www.google.ca
FF Extension: (Google Translator for Firefox) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509\Extensions\translator@zoli.bod.xpi [2017-02-11]
FF Extension: (WOT) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-19]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://ca.search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2017-03-31]
CHR Extension: (Google Slides) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Recherche Google) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-18]
CHR Extension: (Google Sheets) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (Google Docs hors connexion) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-18]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <non trouvé(e)>

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-19] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [Fichier non signé]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-19] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-21] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-05-19] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [Fichier non signé]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Fichier non signé]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [116368 2016-10-18] (Wondershare)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
FRST log part 2:

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-19] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-19] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-19] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-19] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-19] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-19] (AVAST Software)
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
S3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [13824 2008-04-03] (Atola) [Fichier non signé]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-03-31 21:36 - 2017-03-31 21:36 - 00024024 _____ C:\Users\USER\Desktop\FRST.txt
2017-03-31 21:35 - 2017-03-31 21:36 - 00000000 ____D C:\FRST
2017-03-31 21:33 - 2017-03-31 21:33 - 02424832 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2017-03-30 18:59 - 2017-03-30 18:59 - 00011776 _____ C:\Users\USER\Desktop\tableau.xls
2017-03-30 18:05 - 2017-03-30 18:05 - 00002540 _____ C:\Users\USER\Downloads\20170325 (1).pdf
2017-03-19 08:54 - 2017-03-19 08:53 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-19 08:43 - 2017-03-19 08:43 - 00738880 _____ (Oracle Corporation) C:\Users\USER\Downloads\jxpiinstall(2).exe
2017-03-19 08:39 - 2017-03-19 08:39 - 00245624 _____ C:\Users\USER\Downloads\Firefox Setup Stub 52.0.1.exe
2017-03-19 08:20 - 2017-03-19 08:20 - 00026184 _____ C:\Users\USER\Desktop\Sondage Herole.odt
2017-03-16 18:16 - 2017-03-30 18:57 - 00010436 _____ C:\Users\USER\Desktop\rappafaire2.txt
2017-03-14 22:06 - 2017-03-04 03:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-14 22:06 - 2017-03-04 00:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-14 22:06 - 2017-03-02 14:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-14 22:06 - 2017-03-02 13:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-14 22:06 - 2017-03-02 13:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-14 22:06 - 2017-03-02 12:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-14 22:06 - 2017-02-11 01:12 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-03-14 22:06 - 2017-02-10 01:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-14 22:06 - 2017-02-10 01:09 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-03-14 22:06 - 2017-02-10 01:00 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-14 22:05 - 2017-03-04 04:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-14 22:05 - 2017-03-04 03:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-14 22:05 - 2017-03-04 03:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-14 22:05 - 2017-03-04 03:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-14 22:05 - 2017-03-04 03:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-14 22:05 - 2017-03-04 03:05 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-14 22:05 - 2017-03-04 02:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-14 22:05 - 2017-03-04 02:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-14 22:05 - 2017-03-04 02:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-14 22:05 - 2017-03-04 02:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-14 22:05 - 2017-03-04 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-14 22:05 - 2017-03-02 13:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-14 22:05 - 2017-03-02 13:25 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-14 22:05 - 2017-03-02 13:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-14 22:05 - 2017-03-02 13:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-14 22:05 - 2017-03-02 12:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-14 22:05 - 2017-03-02 12:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-14 22:05 - 2017-02-11 15:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-14 22:05 - 2017-02-11 01:12 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-14 22:05 - 2017-02-11 01:00 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-14 22:05 - 2017-02-11 00:58 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-14 22:05 - 2017-02-11 00:56 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-14 22:05 - 2017-02-10 15:09 - 04169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-14 22:05 - 2017-02-10 01:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-14 22:05 - 2017-02-10 01:08 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-14 22:05 - 2017-02-10 01:01 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-14 22:05 - 2017-02-10 00:59 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-14 22:05 - 2017-02-09 21:31 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-03-14 22:05 - 2017-02-09 20:12 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-14 22:05 - 2017-02-09 11:28 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 22:05 - 2017-02-09 11:19 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 22:05 - 2017-02-09 11:16 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 22:05 - 2017-02-09 11:16 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-14 22:05 - 2017-02-09 10:59 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-03-14 22:05 - 2017-02-09 10:58 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-03-14 22:05 - 2017-02-09 10:58 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-03-14 22:05 - 2017-02-04 16:32 - 07444832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-14 22:05 - 2017-02-04 16:30 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-14 22:05 - 2017-02-04 16:30 - 01523216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-03-14 22:05 - 2017-02-04 16:30 - 01490128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-14 22:05 - 2017-02-04 16:30 - 01358960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-03-14 22:05 - 2017-02-04 15:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2017-03-14 22:05 - 2017-02-04 15:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-14 22:05 - 2017-02-04 14:14 - 01001472 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 22:05 - 2017-02-04 13:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 22:05 - 2017-02-04 13:40 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-03-14 22:05 - 2017-02-04 13:32 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 22:05 - 2017-02-04 13:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 22:05 - 2017-02-04 13:10 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-03-14 22:05 - 2017-02-04 13:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 22:05 - 2017-01-21 17:37 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-03-14 22:05 - 2017-01-21 15:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-14 22:05 - 2017-01-21 15:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-14 22:05 - 2017-01-21 15:22 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-14 22:05 - 2017-01-21 15:20 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-14 22:05 - 2017-01-21 14:40 - 00756736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-14 22:05 - 2017-01-21 14:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-14 22:05 - 2017-01-21 14:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-14 22:05 - 2017-01-21 13:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-14 22:05 - 2017-01-21 13:48 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-14 22:05 - 2017-01-14 13:49 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-03-14 22:05 - 2017-01-11 15:37 - 02345984 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 22:05 - 2017-01-10 15:08 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 22:05 - 2017-01-05 14:20 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-14 22:05 - 2017-01-05 14:09 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-03-14 22:05 - 2017-01-05 13:36 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-14 22:05 - 2017-01-05 13:29 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-03-14 22:05 - 2017-01-05 13:13 - 07796224 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-03-14 22:05 - 2017-01-05 12:57 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-03-14 22:05 - 2016-11-09 15:22 - 00681472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-14 21:48 - 2017-02-23 10:50 - 00093360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-14 21:48 - 2017-02-22 10:35 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 01286144 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-14 21:48 - 2016-06-03 13:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-03-12 22:10 - 2017-03-12 22:10 - 00002103 _____ C:\Users\USER\AppData\Local\recently-used.xbel
2017-03-04 23:42 - 2017-03-04 23:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-04 23:42 - 2017-03-04 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-04 13:26 - 2017-03-04 13:26 - 00045674 _____ C:\Users\USER\Downloads\RptPrsNet3263_RecusInscL.pdf

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-03-31 21:35 - 2017-02-11 23:18 - 00003916 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458770513
2017-03-31 21:35 - 2016-03-23 18:02 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-03-31 21:34 - 2016-12-10 15:08 - 00000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
2017-03-31 21:34 - 2015-01-20 21:44 - 00003928 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E23F4E4B-10C1-4082-AB07-CBCEC93CA7B5}
2017-03-30 19:46 - 2014-10-28 20:15 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2253113614-2940369490-2009371491-1001
2017-03-30 19:05 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-30 19:04 - 2016-12-10 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-30 19:04 - 2015-01-20 23:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-30 19:00 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-03-30 18:57 - 2015-01-21 21:29 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
2017-03-29 18:17 - 2015-01-20 23:42 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-29 18:17 - 2015-01-20 23:42 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-28 19:58 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2017-03-28 19:57 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2017-03-28 18:39 - 2015-02-17 07:10 - 00000000 ____D C:\Users\USER\AppData\Local\CrashDumps
2017-03-24 22:29 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2017-03-21 20:55 - 2015-01-20 23:51 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-21 20:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2017-03-19 08:56 - 2015-01-27 20:22 - 00000000 ____D C:\Users\USER\AppData\Local\Adobe
2017-03-19 08:55 - 2017-02-08 08:33 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-19 08:55 - 2015-01-20 23:51 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-19 08:54 - 2015-01-27 20:23 - 00004460 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-19 08:54 - 2015-01-20 23:51 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148992812167106
2017-03-19 08:54 - 2015-01-20 23:51 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-19 08:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-19 08:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-19 08:53 - 2015-01-20 23:51 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148992812020304
2017-03-19 08:53 - 2015-01-20 23:51 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-19 08:53 - 2015-01-20 23:51 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-19 08:53 - 2015-01-20 23:51 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-19 08:53 - 2015-01-20 23:51 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-19 08:52 - 2016-03-23 18:01 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-19 08:52 - 2015-01-20 23:51 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-19 08:50 - 2017-02-08 08:33 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-03-19 08:50 - 2017-02-08 08:33 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-03-19 08:50 - 2017-02-08 08:33 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-03-19 08:50 - 2017-02-08 08:33 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-03-19 08:49 - 2015-06-05 22:06 - 00000000 ____D C:\ProgramData\Oracle
2017-03-19 08:47 - 2016-10-07 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-19 08:47 - 2015-06-05 22:06 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-19 08:45 - 2016-10-07 14:05 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-03-19 08:42 - 2015-01-20 23:45 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-19 08:42 - 2015-01-20 23:45 - 00001174 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-19 08:39 - 2014-04-10 22:11 - 01824010 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-19 08:39 - 2013-08-28 21:28 - 00812350 _____ C:\Windows\system32\perfh00C.dat
2017-03-19 08:39 - 2013-08-28 21:28 - 00159412 _____ C:\Windows\system32\perfc00C.dat
2017-03-19 08:39 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-19 08:32 - 2014-10-28 17:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-19 08:30 - 2013-08-22 10:44 - 00506896 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-19 08:23 - 2015-01-20 23:32 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 17:10 - 2015-01-21 21:28 - 00000000 ____D C:\ProgramData\Skype
2017-03-15 13:33 - 2015-01-20 22:44 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 13:30 - 2015-01-20 22:43 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 07:24 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-15 07:24 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2017-03-12 22:13 - 2016-07-24 10:36 - 00000000 ____D C:\Users\USER\.gimp-2.8
2017-03-10 23:32 - 2014-10-28 20:09 - 00000000 ____D C:\Users\USER\AppData\Local\Packages
2017-03-10 00:34 - 2016-12-17 20:50 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-10 00:34 - 2016-12-17 20:50 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-04 13:41 - 2015-08-11 19:10 - 00000000 ____D C:\ProgramData\lx_Cats
2017-03-02 18:39 - 2017-01-28 21:39 - 00000000 ____D C:\Program Files (x86)\ImpotRapide 2016

==================== Fichiers à la racine de certains dossiers =======

2017-03-12 22:10 - 2017-03-12 22:10 - 0002103 _____ () C:\Users\USER\AppData\Local\recently-used.xbel

Certains fichiers dans TEMP:
====================
2017-01-27 20:30 - 2017-01-27 20:30 - 0739904 _____ (Oracle Corporation) C:\Users\USER\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-08-16 03:48 - 2016-08-16 03:48 - 0488960 _____ () C:\Users\USER\AppData\Local\Temp\sqlite3.exe
2017-02-01 06:33 - 2017-02-01 06:33 - 44364392 _____ (Google Inc.) C:\Users\USER\AppData\Local\Temp\{92186B94-26C6-478F-B5A3-96057410383E}-56.0.2924.87_chrome_installer.exe

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2017-03-26 12:10

==================== Fin de FRST.txt ============================
 
Addition part 1:

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Exécuté par USER (31-03-2017 21:38:25)
Exécuté depuis C:\Users\USER\Desktop
Windows 8.1 (Update) (X64) (2014-10-29 00:08:45)
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================

Administrateur (S-1-5-21-2253113614-2940369490-2009371491-500 - Administrator - Disabled)
Invité (S-1-5-21-2253113614-2940369490-2009371491-501 - Limited - Disabled)
USER (S-1-5-21-2253113614-2940369490-2009371491-1001 - Administrator - Enabled) => C:\Users\USER

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{42EC3153-24B0-FCAD-0F16-0904BCBAB179}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32 bits) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.36.50 - Conexant)
Cute Video Cutter 1.6.0.1 (HKLM-x32\...\Cute Video Cutter_is1) (Version: - )
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1321 - CyberLink Corp.)
Disk Investigator 1.61 (HKLM-x32\...\Disk Investigator) (Version: 1.61 - Kevin Solway)
DTS Sound (HKLM-x32\...\{5B54DDC3-0ACC-4722-9C23-C3F07AF4825D}) (Version: 1.01.6700 - DTS, Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
ELAN Touchpad 11.8.43.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.43.1 - ELAN Microelectronic Corp.)
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
eMule (HKLM-x32\...\eMule) (Version: - )
Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HP Officejet Pro 8600 Aide (HKLM-x32\...\{20033B23-1270-4E9C-92DC-2E167A367C73}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImpôtRapide 2014 (HKLM-x32\...\{7366981E-1520-4A66-AD94-FBFC60A80E97}) (Version: 1.00.0000 - Intuit Canada)
ImpôtRapide 2015 (HKLM-x32\...\{9DF6FA30-3746-4D96-B5B7-C0B88CE0E149}) (Version: 1.00.0000 - Intuit Canada)
ImpôtRapide 2016 (HKLM-x32\...\{40D7EA6B-24C6-41EC-BF6E-5ECABAABCAF0}) (Version: 1.00.0000 - Intuit Canada)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Logiciel de base du périphérique HP Officejet Pro 8600 (HKLM\...\{E588CA1D-AD74-4E04-8C53-AD9735C4CA54}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 fix Version 1.0.0.1 (HKLM-x32\...\{C12304D8-48C3-46C9-A62F-82FFAFC04170}_is1) (Version: 1.0.0.1 - Wondershare, Inc.)
Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 fr)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1 - Mozilla)
MPTagThat (HKLM-x32\...\MPTagThat) (Version: 3.0.0 - Helmut Wahrmann)
OEM Application Profile (HKLM-x32\...\{8C7185EB-4165-040E-D581-EA62D922E8A2}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{121727D5-FDF3-4723-BA57-EB383440ED72}) (Version: 4.11.9775 - Apache Software Foundation)
Package de pilotes Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Package de pilotes Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
SafeZone Stable 3.55.2393.590 (x32 Version: 3.55.2393.590 - Avast Software) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Service Xperia Companion (Version: 1.4.7.0 - Sony) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Stamp ID3 Tag Editor (HKLM-x32\...\Stamp) (Version: 2.39 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
Tag&Rename 3.9.11 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.9.11 - Softpointer Inc)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.02.6402 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.3.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TRS32 Emulator 1.28 (HKLM-x32\...\TRS32 Emulator) (Version: 1.28 - Matthew Reed)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSDC Free Video Editor version 5.7.2.644 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.2.644 - Flash-Integro LLC)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
Wondershare MobileGo(Version 8.2.3) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 8.2.3 - Wondershare)
Xperia Companion (HKLM-x32\...\{efee6944-1231-492a-a157-93409130a098}) (Version: 1.4.7.0 - Sony)
Xperia Companion (x32 Version: 1.4.7.0 - Sony) Hidden

==================== Personnalisé CLSID (Avec liste blanche): ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

CustomCLSID: HKU\S-1-5-21-2253113614-2940369490-2009371491-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileCoAuthLib64.dll (Microsoft Corporation)

==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {145B61C7-F36B-4DD9-9541-15A752CAF0A2} - System32\Tasks\avastBCLRestartS-1-5-21-2253113614-2940369490-2009371491-1001 => Firefox.exe
Task: {15804648-D1A1-404E-91B5-6A4083EC3583} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)
Task: {3C9D0E7F-A80A-4017-824D-EEF0D7369ADC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4323FE07-5473-45BB-83B0-4C5214050DBC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {4C801ED6-A47A-45B6-A179-75F4CA7EEAE0} - System32\Tasks\SafeZone scheduled Autoupdate 1458770513 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-03] (Avast Software)
Task: {5D7CB2C6-0A00-455C-B69B-38ACC8CD06B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-19] (Adobe Systems Incorporated)
Task: {6A9333EA-7C66-4795-A55A-EA6403A8EA54} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {726D954D-C994-4CC6-9360-C7038850A9D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {81DE33C7-7318-4FF5-90E8-E663C935499F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {82D15A3F-C7E0-40EC-9C01-00518C9CCC65} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {9272625A-EC2F-48CA-A83F-845C72926F54} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-19] (AVAST Software)
Task: {92AD3BBB-3CE7-4DEC-BDDC-E1E304ECB15C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {976FB582-D56D-4910-AD5B-EFAF49305993} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {9BC9FFB6-7595-4D77-A54F-FFE3D4276072} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {D52AD4F0-85AB-4D11-9638-876D4BD0C518} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D832306E-9B81-433E-AC68-269F5480A4A2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)


==================== Raccourcis =============================

(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

Shortcut: C:\Users\USER\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Modules chargés (Avec liste blanche) ==============

2015-08-11 19:10 - 2009-10-16 18:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-21 17:09 - 2014-03-21 17:09 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-12-10 12:50 - 2016-10-21 12:41 - 00075776 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2016-11-08 19:14 - 2016-11-08 19:14 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-01-16 15:43 - 2017-01-16 15:43 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2017-03-19 08:52 - 2017-03-19 08:52 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-18 09:54 - 2016-09-18 09:54 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-19 08:50 - 2017-03-19 08:50 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-03-19 08:53 - 2017-03-19 08:53 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-10-28 16:56 - 2014-03-06 16:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)


==================== Mode sans échec (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)


==================== Association (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)


==================== Internet Explorer sites de confiance/sensibles ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)
 
Addition part 2:

==================== Hosts contenu: ===============================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Autres zones ============================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\TOSHIBA\TOSHIBA1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.

==================== MSCONFIG/TASK MANAGER éléments désactivés ==


==================== RèglesPare-feu (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AE271592-A0F7-42F3-9857-AFE057D7A3E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{75985013-E0BA-45CF-9E7C-30B84EC8FF86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FD091C7F-015C-4958-AA58-F5EB0C957645}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CA0545B2-379D-4B01-9343-30286FB4D6B9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C67E8DDE-E599-405B-A726-E95ED4DB9671}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EA9653E7-EDE7-49C2-AE97-0E4EA1F8AB36}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E07B0480-9C07-4853-AE30-D7D7398BF158}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{A19E8FD5-3D72-44F5-A48A-1C794B6CA601}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{818DF91C-AEAC-461A-84A5-E1E5AA2F516F}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{0B367D88-1C21-4654-9AE0-7A882A13C2A1}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [TCP Query User{E8E12FB7-3ED0-4A9F-BCC5-73B8C9A1CB25}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [UDP Query User{1407856B-FAE8-40AA-8463-101E9C44F036}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [{F6E31EE9-5AB8-4E87-BCDC-7FBE72C3BBD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FADEA5F1-BF72-4589-B631-482D28B24D07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BBE309C3-1170-4CE5-9E32-20176DDF5491}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{83E8DFB8-780E-40D8-A154-40C3BB51C471}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F8C244EE-17D8-4753-BC1D-268E354D7310}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7C68CB09-E90D-41A4-9F34-B165E90324DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F43D6A73-33FB-4008-A247-EB8F4E3D42FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A6D3548-E096-4B50-A92A-0E3D76203FF7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{AB9DEB72-CB8F-4D1F-9BCD-6D6D6080BA73}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{D33A049D-4E7B-4539-83E5-D269390FC44D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{42B73876-03CD-44A8-B6D9-BEC0292E0E06}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{60A43361-3852-4427-9508-819ABDCC5B30}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{07588C57-0889-4939-8548-CD205775F58E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{EDA0B863-E364-46ED-810E-E0DDFBFDAEE2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B54F2533-B967-4B95-91F1-FD1F026838C1}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{90EACD6A-C29B-4B7D-BC80-9477444BE32D}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{D4EEA59A-1970-4389-B3F9-DF114EDCD670}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{4CC60AA5-7C31-478A-9327-F123C96BE8F9}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{22A0CA93-DAE0-414A-A921-508AAA41CBD2}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{6E175DEC-0194-488E-A569-F34D2181337C}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{5FBDB5A3-B296-4C61-ADF2-3F1F3291229B}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [TCP Query User{41C7781F-0B7B-48C0-A639-800180E2C8B4}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [UDP Query User{F03E0234-4370-43D9-A74B-E0512DF93128}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{C2E634D3-48B2-4A80-8604-2895DF3DF699}] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{A4C6BE11-DD8C-48D1-AF90-3C02392D4FF3}] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{449AAE9A-B492-4FD2-A7D2-F6B8936B2836}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{719B555A-4378-4F95-AA78-05BB0D2E2DDD}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561_0\SZBrowser.exe
FirewallRules: [{37CA39C0-A631-4ACB-8ACC-641E8BAB3755}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe

==================== Points de restauration =========================

08-03-2017 22:17:24 Windows Update
15-03-2017 13:28:42 Windows Update
15-03-2017 17:07:54 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
26-03-2017 11:59:06 Point de contrôle planifié

==================== Éléments en erreur du Gestionnaire de périphériques =============

Name: Intel(R) Dual Band Wireless-AC 3160
Description: Intel(R) Dual Band Wireless-AC 3160
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNb64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Erreurs du Journal des événements: =========================

Erreurs Application:
==================
Error: (03/31/2017 09:29:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problème a empêché l’envoi des données du Programme d’amélioration de l’expérience utilisateur à Microsoft (erreur 80070005).

Error: (03/31/2017 09:29:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 52192703

Error: (03/31/2017 09:29:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 52192703

Error: (03/31/2017 09:29:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/31/2017 06:59:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1266

Error: (03/31/2017 06:59:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1266

Error: (03/31/2017 06:59:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2017 08:25:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (03/30/2017 08:25:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (03/30/2017 08:25:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Erreurs système:
=============
Error: (03/30/2017 07:04:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN n’a pas pu démarrer.

Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll
Code d’erreur : 126

Error: (03/30/2017 07:00:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service ClickToRunSvc.

Error: (03/30/2017 06:59:00 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: Le serveur {4545DEA0-2DFC-4906-A728-6D986BA399A9} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (03/30/2017 06:58:58 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: Le serveur {4545DEA0-2DFC-4906-A728-6D986BA399A9} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (03/30/2017 06:58:52 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: Le serveur {4545DEA0-2DFC-4906-A728-6D986BA399A9} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (03/30/2017 06:58:52 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: Le serveur {4545DEA0-2DFC-4906-A728-6D986BA399A9} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (03/30/2017 06:13:46 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: Le serveur {1B1F472E-3221-4826-97DB-2C2324D389AE} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (03/30/2017 06:13:16 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: Le serveur {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (03/29/2017 07:04:43 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: Le serveur {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (03/29/2017 07:04:13 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: Le serveur {1B1F472E-3221-4826-97DB-2C2324D389AE} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.


CodeIntegrity:
===================================
Date: 2017-03-19 08:26:00.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:26:00.331
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:26:00.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:59.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:59.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:59.221
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:58.956
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:55.393
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:55.127
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:54.877
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


==================== Infos Mémoire ===========================

Processeur: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Pourcentage de mémoire utilisée: 28%
Mémoire physique - RAM - totale: 8112.14 MB
Mémoire physique - RAM - disponible: 5828.15 MB
Mémoire virtuelle totale: 12080.14 MB
Mémoire virtuelle disponible: 9680.28 MB

==================== Lecteurs ================================

Drive c: (TI80167500B) (Fixed) (Total:685.87 GB) (Free:339.04 GB) NTFS

==================== MBR & Table des partitions ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Fin de Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller log:

RogueKiller V12.10.2.0 (x64) [Mar 27 2017] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : https://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9600) 64 bits version
Démarré en : Mode normal
Utilisateur : USER [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Suppression -- Date : 03/31/2017 22:17:50 (Durée : 01:06:49)

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 5 ¤¤¤
[PUP.Conduit|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Supprimé(e)
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Conduit -> Supprimé(e)
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Conduit -> Supprimé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TNJB -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TNJB -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.SearchEngine][Firefox:Config] b3rwmyxm.default-1444782379509 : user_pref("browser.search.selectedEngine", "Yahoo!"); -> Supprimé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
--- User ---
[MBR] 5f867255775d74c04f0022b73e2b3b41
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 100 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2304000 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2566144 | Size: 702327 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1440931840 | Size: 11824 MB
User = LL1 ... OK
User = LL2 ... OK

Malwarebyte log:

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 31/03/2017
Heure de l'analyse: 23:31
Fichier journal: malware.txt
Administrateur: Oui

-Informations du logiciel-
Version: 3.0.6.1469
Version de composants: 1.0.96
Version de pack de mise à jour: 1.0.1639
Licence: Essai

-Informations système-
Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: TOSHIBA\USER

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 404201
Temps écoulé: 7 min, 13 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 0
(Aucun élément malveillant détecté)

Valeur du registre: 0
(Aucun élément malveillant détecté)

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 0
(Aucun élément malveillant détecté)

Fichier: 0
(Aucun élément malveillant détecté)

Secteur physique: 0
(Aucun élément malveillant détecté)


(end)
 
AdwCleaner (SCAN log):

# AdwCleaner v6.045 - Rapport créé le 31/03/2017 à 23:44:11
# Mis à jour le 28/03/2017 par Malwarebytes
# Base de données : 2017-03-31.1 [Serveur]
# Système d'exploitation : Windows 8.1 (X64)
# Nom d'utilisateur : USER - TOSHIBA
# Exécuté depuis : C:\Users\USER\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Aucun service malveillant trouvé.


***** [ Dossiers ] *****

Dossier trouvé: C:\ProgramData\Auslogics
Dossier trouvé: C:\ProgramData\Application Data\Auslogics
Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Dossier trouvé: C:\Program Files (x86)\Auslogics
Dossier trouvé: C:\Program Files (x86)\Common Files\freemake shared


***** [ Fichiers ] *****

Aucun fichier malveillant trouvé.


***** [ DLL ] *****

Aucune DLL patchée trouvée.


***** [ WMI ] *****

Aucune clé malveillante trouvée.


***** [ Raccourcis ] *****

Aucun raccourci infecté trouvé.


***** [ Tâches planifiées ] *****

Aucune tâche malveillante trouvée.


***** [ Registre ] *****

Clé trouvée: HKLM\SOFTWARE\Auslogics


***** [ Navigateurs web ] *****

Aucune préférence Firefox malveillante trouvée.
Aucune préférence Chromium malveillante trouvée.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1363 octets] - [31/03/2017 23:44:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1437 octets] ##########

Adwcleaner (Clean log):

# AdwCleaner v6.045 - Rapport créé le 31/03/2017 à 23:46:31
# Mis à jour le 28/03/2017 par Malwarebytes
# Base de données : 2017-03-31.1 [Serveur]
# Système d'exploitation : Windows 8.1 (X64)
# Nom d'utilisateur : USER - TOSHIBA
# Exécuté depuis : C:\Users\USER\Desktop\AdwCleaner.exe
# Mode: Nettoyage
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Dossiers ] *****

[-] Dossier supprimé: C:\ProgramData\Auslogics
[#] Dossier supprimé au redémarrage: C:\ProgramData\Application Data\Auslogics
[-] Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[-] Dossier supprimé: C:\Program Files (x86)\Auslogics
[-] Dossier supprimé: C:\Program Files (x86)\Common Files\freemake shared


***** [ Fichiers ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Raccourcis ] *****



***** [ Tâches planifiées ] *****



***** [ Registre ] *****

[-] Clé supprimée: HKLM\SOFTWARE\Auslogics


***** [ Navigateurs ] *****



*************************

:: Clés "Tracing" supprimées
:: Paramètres Winsock réinitialisés

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1198 octets] - [31/03/2017 23:46:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [1517 octets] - [31/03/2017 23:44:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1346 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 8.1 x64
Ran by USER (Administrator) on 2017-03-31 at 23:52:51,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017-03-31 at 23:57:09,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
FRST log part 1:

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Exécuté par USER (administrateur) sur TOSHIBA (01-04-2017 20:42:00)
Exécuté depuis C:\Users\USER\Desktop
Profils chargés: USER (Profils disponibles: USER)
Platform: Windows 8.1 (Update) (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool:

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
( ) C:\Windows\System32\lxdxcoms.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe
(Cheat Engine) C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-x86_64.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_127.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe

==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3249384 2015-05-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [914648 2014-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830104 2014-01-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-19] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2088832 2016-12-22] (Sony)
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\MountPoints2: {9cb0b1b1-ceda-11e6-82d8-a08869756669} - "D:\Startme.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-19] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2017-02-04]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2016-08-08]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B4C5874-80F0-4B7C-8486-17CDA628398E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4A0A451B-6198-4D5D-9FBF-AE2FBBC85052}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50DF5579-E176-48A2-9370-9422E9E0575C}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{D332F385-12BF-4B5C-A372-3D807ADE6D5E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba13.msn.com/?pc=TNJB
hxxp://www.toshiba.ca/welcome/?w=23
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-19] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-19] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-19] (Oracle Corporation)
Handler-x32: intu-ir2014 - {980B949F-E16E-4459-88E8-580392AEF9AE} - C:\Program Files (x86)\ImpotRapide 2014\ic2014pp.dll [2015-02-13] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-ir2015 - {6BEE4271-88EB-43B7-BEE1-54B77DC65F9C} - C:\Program Files (x86)\ImpotRapide 2015\ic2015pp.dll [2015-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-ir2016 - {1A650DE5-FC3E-4C0A-AF76-311BB850DDC2} - C:\Program Files (x86)\ImpotRapide 2016\ic2016pp.dll [2016-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 [2017-04-01]
FF Homepage: Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 -> hxxps://www.google.ca
FF Extension: (Google Translator for Firefox) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509\Extensions\translator@zoli.bod.xpi [2017-02-11]
FF Extension: (WOT) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-19]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://ca.search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2017-04-01]
CHR Extension: (Google Slides) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Recherche Google) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-18]
CHR Extension: (Google Sheets) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (Google Docs hors connexion) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-18]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <non trouvé(e)>

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-19] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [Fichier non signé]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-19] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-21] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-05-19] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [Fichier non signé]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Fichier non signé]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [116368 2016-10-18] (Wondershare)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-19] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-19] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-19] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-19] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-19] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-19] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-19] (AVAST Software)
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-31] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-31] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-31] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-03-31] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-04-01] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
S3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [13824 2008-04-03] (Atola) [Fichier non signé]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
FRST log part 2:

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-04-01 11:25 - 2017-04-01 11:26 - 00079218 _____ C:\Users\USER\Desktop\33285240049-613909031-billet.pdf
2017-04-01 09:18 - 2017-04-01 09:18 - 00001917 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2017-04-01 09:18 - 2017-04-01 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-03-31 23:57 - 2017-03-31 23:57 - 00000542 _____ C:\Users\USER\Desktop\JRT.txt
2017-03-31 23:51 - 2017-03-31 23:51 - 00001429 _____ C:\Users\USER\Desktop\AdwCleaner[C0].txt
2017-03-31 23:50 - 2017-03-31 23:50 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-31 23:45 - 2017-03-31 23:45 - 00001520 _____ C:\Users\USER\Desktop\AdwCleaner[S0].txt
2017-03-31 23:39 - 2017-03-31 23:46 - 00000000 ____D C:\AdwCleaner
2017-03-31 23:39 - 2017-03-31 23:39 - 00001355 _____ C:\Users\USER\Desktop\malware.txt
2017-03-31 23:29 - 2017-04-01 19:06 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-31 23:29 - 2017-03-31 23:50 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-31 23:29 - 2017-03-31 23:50 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-31 23:29 - 2017-03-31 23:50 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-31 23:29 - 2017-03-31 23:29 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-31 23:29 - 2017-03-31 23:29 - 00001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-31 23:29 - 2017-03-31 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-31 23:29 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-31 23:28 - 2017-03-31 23:28 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-31 23:27 - 2017-03-31 23:27 - 00004736 _____ C:\Users\USER\Desktop\rk_1D29.tmp.txt
2017-03-31 22:17 - 2017-03-31 22:17 - 00000881 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-31 22:17 - 2017-03-31 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-31 22:17 - 2017-03-31 22:17 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-31 22:14 - 2017-04-01 18:53 - 00003960 _____ C:\Users\USER\Desktop\clean.txt
2017-03-31 22:13 - 2017-03-31 22:13 - 04089296 _____ C:\Users\USER\Desktop\AdwCleaner.exe
2017-03-31 22:13 - 2017-03-31 22:13 - 01663904 _____ (Malwarebytes) C:\Users\USER\Desktop\JRT.exe
2017-03-31 22:12 - 2017-03-31 22:15 - 59272008 _____ (Malwarebytes ) C:\Users\USER\Desktop\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-03-31 22:09 - 2017-03-31 22:12 - 35099168 _____ (Adlice Software ) C:\Users\USER\Desktop\setup.exe
2017-03-31 21:38 - 2017-03-31 21:40 - 00035460 _____ C:\Users\USER\Desktop\Addition.txt
2017-03-31 21:36 - 2017-04-01 20:43 - 00026461 _____ C:\Users\USER\Desktop\FRST.txt
2017-03-31 21:35 - 2017-04-01 20:42 - 00000000 ____D C:\FRST
2017-03-31 21:33 - 2017-03-31 21:33 - 02424832 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2017-03-30 18:59 - 2017-03-30 18:59 - 00011776 _____ C:\Users\USER\Desktop\tableau.xls
2017-03-30 18:05 - 2017-03-30 18:05 - 00002540 _____ C:\Users\USER\Downloads\20170325 (1).pdf
2017-03-19 08:54 - 2017-03-19 08:53 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-19 08:43 - 2017-03-19 08:43 - 00738880 _____ (Oracle Corporation) C:\Users\USER\Downloads\jxpiinstall(2).exe
2017-03-19 08:39 - 2017-03-19 08:39 - 00245624 _____ C:\Users\USER\Downloads\Firefox Setup Stub 52.0.1.exe
2017-03-19 08:20 - 2017-03-19 08:20 - 00026184 _____ C:\Users\USER\Desktop\Sondage Herole.odt
2017-03-16 18:16 - 2017-03-30 18:57 - 00010436 _____ C:\Users\USER\Desktop\rappafaire2.txt
2017-03-14 22:06 - 2017-03-04 03:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-14 22:06 - 2017-03-04 00:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-14 22:06 - 2017-03-02 14:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-14 22:06 - 2017-03-02 13:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-14 22:06 - 2017-03-02 13:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-14 22:06 - 2017-03-02 12:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-14 22:06 - 2017-02-11 01:12 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-03-14 22:06 - 2017-02-10 01:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-14 22:06 - 2017-02-10 01:09 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-03-14 22:06 - 2017-02-10 01:00 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-14 22:05 - 2017-03-04 04:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-14 22:05 - 2017-03-04 03:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-14 22:05 - 2017-03-04 03:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-14 22:05 - 2017-03-04 03:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-14 22:05 - 2017-03-04 03:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-14 22:05 - 2017-03-04 03:05 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-14 22:05 - 2017-03-04 02:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-14 22:05 - 2017-03-04 02:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-14 22:05 - 2017-03-04 02:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-14 22:05 - 2017-03-04 02:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-14 22:05 - 2017-03-04 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-14 22:05 - 2017-03-02 13:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-14 22:05 - 2017-03-02 13:25 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-14 22:05 - 2017-03-02 13:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-14 22:05 - 2017-03-02 13:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-14 22:05 - 2017-03-02 12:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-14 22:05 - 2017-03-02 12:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-14 22:05 - 2017-02-11 15:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-14 22:05 - 2017-02-11 01:12 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-14 22:05 - 2017-02-11 01:00 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-14 22:05 - 2017-02-11 00:58 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-14 22:05 - 2017-02-11 00:56 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-14 22:05 - 2017-02-10 15:09 - 04169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-14 22:05 - 2017-02-10 01:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-14 22:05 - 2017-02-10 01:08 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-14 22:05 - 2017-02-10 01:01 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-14 22:05 - 2017-02-10 00:59 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-14 22:05 - 2017-02-09 21:31 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-03-14 22:05 - 2017-02-09 20:12 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-14 22:05 - 2017-02-09 11:28 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 22:05 - 2017-02-09 11:19 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 22:05 - 2017-02-09 11:16 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 22:05 - 2017-02-09 11:16 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-14 22:05 - 2017-02-09 10:59 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-03-14 22:05 - 2017-02-09 10:58 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-03-14 22:05 - 2017-02-09 10:58 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-03-14 22:05 - 2017-02-04 16:32 - 07444832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-14 22:05 - 2017-02-04 16:30 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-14 22:05 - 2017-02-04 16:30 - 01523216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-03-14 22:05 - 2017-02-04 16:30 - 01490128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-14 22:05 - 2017-02-04 16:30 - 01358960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-03-14 22:05 - 2017-02-04 15:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2017-03-14 22:05 - 2017-02-04 15:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-14 22:05 - 2017-02-04 14:14 - 01001472 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 22:05 - 2017-02-04 13:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 22:05 - 2017-02-04 13:40 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-03-14 22:05 - 2017-02-04 13:32 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 22:05 - 2017-02-04 13:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 22:05 - 2017-02-04 13:10 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-03-14 22:05 - 2017-02-04 13:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 22:05 - 2017-01-21 17:37 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-03-14 22:05 - 2017-01-21 15:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-14 22:05 - 2017-01-21 15:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-14 22:05 - 2017-01-21 15:22 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-14 22:05 - 2017-01-21 15:20 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-14 22:05 - 2017-01-21 14:40 - 00756736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-14 22:05 - 2017-01-21 14:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-14 22:05 - 2017-01-21 14:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-14 22:05 - 2017-01-21 13:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-14 22:05 - 2017-01-21 13:48 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-14 22:05 - 2017-01-14 13:49 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-03-14 22:05 - 2017-01-11 15:37 - 02345984 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 22:05 - 2017-01-10 15:08 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 22:05 - 2017-01-05 14:20 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-14 22:05 - 2017-01-05 14:09 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-03-14 22:05 - 2017-01-05 13:36 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-14 22:05 - 2017-01-05 13:29 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-03-14 22:05 - 2017-01-05 13:13 - 07796224 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-03-14 22:05 - 2017-01-05 12:57 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-03-14 22:05 - 2016-11-09 15:22 - 00681472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-14 21:48 - 2017-02-23 10:50 - 00093360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-14 21:48 - 2017-02-22 10:35 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 01286144 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-14 21:48 - 2017-02-22 10:35 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-14 21:48 - 2016-06-03 13:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-03-12 22:10 - 2017-03-12 22:10 - 00002103 _____ C:\Users\USER\AppData\Local\recently-used.xbel
2017-03-04 23:42 - 2017-03-04 23:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-04 23:42 - 2017-03-04 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-04 13:26 - 2017-03-04 13:26 - 00045674 _____ C:\Users\USER\Downloads\RptPrsNet3263_RecusInscL.pdf

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-04-01 20:41 - 2015-01-21 21:29 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
2017-04-01 16:00 - 2014-10-28 20:15 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2253113614-2940369490-2009371491-1001
2017-04-01 15:21 - 2015-01-20 21:44 - 00003928 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E23F4E4B-10C1-4082-AB07-CBCEC93CA7B5}
2017-04-01 09:55 - 2016-12-10 15:08 - 00000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
2017-04-01 09:20 - 2014-10-28 16:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-01 09:19 - 2016-07-21 10:52 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-04-01 09:18 - 2016-07-21 10:55 - 00000000 ____D C:\ProgramData\Garmin
2017-04-01 09:18 - 2016-07-21 10:52 - 00003556 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-03-31 23:48 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-31 23:47 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-03-31 23:28 - 2015-03-10 18:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-31 22:17 - 2015-11-01 18:35 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-31 21:35 - 2017-02-11 23:18 - 00003916 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458770513
2017-03-31 21:35 - 2016-03-23 18:02 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-03-30 19:04 - 2016-12-10 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-30 19:04 - 2015-01-20 23:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-29 18:17 - 2015-01-20 23:42 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-29 18:17 - 2015-01-20 23:42 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-28 19:58 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2017-03-28 19:57 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2017-03-28 18:39 - 2015-02-17 07:10 - 00000000 ____D C:\Users\USER\AppData\Local\CrashDumps
2017-03-24 22:29 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2017-03-21 20:55 - 2015-01-20 23:51 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-21 20:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2017-03-19 08:56 - 2015-01-27 20:22 - 00000000 ____D C:\Users\USER\AppData\Local\Adobe
2017-03-19 08:55 - 2017-02-08 08:33 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-19 08:55 - 2015-01-20 23:51 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-19 08:54 - 2015-01-27 20:23 - 00004460 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-19 08:54 - 2015-01-20 23:51 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148992812167106
2017-03-19 08:54 - 2015-01-20 23:51 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-19 08:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-19 08:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-19 08:53 - 2015-01-20 23:51 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148992812020304
2017-03-19 08:53 - 2015-01-20 23:51 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-19 08:53 - 2015-01-20 23:51 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-19 08:53 - 2015-01-20 23:51 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-19 08:53 - 2015-01-20 23:51 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-19 08:52 - 2016-03-23 18:01 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-19 08:52 - 2015-01-20 23:51 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-19 08:50 - 2017-02-08 08:33 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-03-19 08:50 - 2017-02-08 08:33 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-03-19 08:50 - 2017-02-08 08:33 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-03-19 08:50 - 2017-02-08 08:33 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-03-19 08:49 - 2015-06-05 22:06 - 00000000 ____D C:\ProgramData\Oracle
2017-03-19 08:47 - 2016-10-07 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-19 08:47 - 2015-06-05 22:06 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-19 08:45 - 2016-10-07 14:05 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-03-19 08:42 - 2015-01-20 23:45 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-19 08:42 - 2015-01-20 23:45 - 00001174 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-19 08:39 - 2014-04-10 22:11 - 01824010 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-19 08:39 - 2013-08-28 21:28 - 00812350 _____ C:\Windows\system32\perfh00C.dat
2017-03-19 08:39 - 2013-08-28 21:28 - 00159412 _____ C:\Windows\system32\perfc00C.dat
2017-03-19 08:39 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-19 08:32 - 2014-10-28 17:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-19 08:30 - 2013-08-22 10:44 - 00506896 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-19 08:23 - 2015-01-20 23:32 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 17:10 - 2015-01-21 21:28 - 00000000 ____D C:\ProgramData\Skype
2017-03-15 13:33 - 2015-01-20 22:44 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 13:30 - 2015-01-20 22:43 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 07:24 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-15 07:24 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2017-03-12 22:13 - 2016-07-24 10:36 - 00000000 ____D C:\Users\USER\.gimp-2.8
2017-03-10 23:32 - 2014-10-28 20:09 - 00000000 ____D C:\Users\USER\AppData\Local\Packages
2017-03-10 00:34 - 2016-12-17 20:50 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-10 00:34 - 2016-12-17 20:50 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-04 13:41 - 2015-08-11 19:10 - 00000000 ____D C:\ProgramData\lx_Cats
2017-03-02 18:39 - 2017-01-28 21:39 - 00000000 ____D C:\Program Files (x86)\ImpotRapide 2016

==================== Fichiers à la racine de certains dossiers =======

2017-03-12 22:10 - 2017-03-12 22:10 - 0002103 _____ () C:\Users\USER\AppData\Local\recently-used.xbel

Certains fichiers dans TEMP:
====================
2017-03-31 22:17 - 2016-08-13 03:40 - 1737080 _____ (Microsoft Corporation) C:\Users\USER\AppData\Local\Temp\dllnt_dump.dll
2017-01-27 20:30 - 2017-01-27 20:30 - 0739904 _____ (Oracle Corporation) C:\Users\USER\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-08-16 03:48 - 2016-08-16 03:48 - 0488960 _____ () C:\Users\USER\AppData\Local\Temp\sqlite3.exe
2017-02-01 06:33 - 2017-02-01 06:33 - 44364392 _____ (Google Inc.) C:\Users\USER\AppData\Local\Temp\{92186B94-26C6-478F-B5A3-96057410383E}-56.0.2924.87_chrome_installer.exe

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2017-03-26 12:10

==================== Fin de FRST.txt ============================
 
Addition:

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Exécuté par USER (01-04-2017 20:44:37)
Exécuté depuis C:\Users\USER\Desktop
Windows 8.1 (Update) (X64) (2014-10-29 00:08:45)
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================

Administrateur (S-1-5-21-2253113614-2940369490-2009371491-500 - Administrator - Disabled)
Invité (S-1-5-21-2253113614-2940369490-2009371491-501 - Limited - Disabled)
USER (S-1-5-21-2253113614-2940369490-2009371491-1001 - Administrator - Enabled) => C:\Users\USER

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{42EC3153-24B0-FCAD-0F16-0904BCBAB179}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32 bits) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.36.50 - Conexant)
Cute Video Cutter 1.6.0.1 (HKLM-x32\...\Cute Video Cutter_is1) (Version: - )
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1321 - CyberLink Corp.)
Disk Investigator 1.61 (HKLM-x32\...\Disk Investigator) (Version: 1.61 - Kevin Solway)
DTS Sound (HKLM-x32\...\{5B54DDC3-0ACC-4722-9C23-C3F07AF4825D}) (Version: 1.01.6700 - DTS, Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
ELAN Touchpad 11.8.43.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.43.1 - ELAN Microelectronic Corp.)
Elevated Installer (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
eMule (HKLM-x32\...\eMule) (Version: - )
Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HP Officejet Pro 8600 Aide (HKLM-x32\...\{20033B23-1270-4E9C-92DC-2E167A367C73}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImpôtRapide 2014 (HKLM-x32\...\{7366981E-1520-4A66-AD94-FBFC60A80E97}) (Version: 1.00.0000 - Intuit Canada)
ImpôtRapide 2015 (HKLM-x32\...\{9DF6FA30-3746-4D96-B5B7-C0B88CE0E149}) (Version: 1.00.0000 - Intuit Canada)
ImpôtRapide 2016 (HKLM-x32\...\{40D7EA6B-24C6-41EC-BF6E-5ECABAABCAF0}) (Version: 1.00.0000 - Intuit Canada)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Logiciel de base du périphérique HP Officejet Pro 8600 (HKLM\...\{E588CA1D-AD74-4E04-8C53-AD9735C4CA54}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 2.0 fix Version 1.0.0.1 (HKLM-x32\...\{C12304D8-48C3-46C9-A62F-82FFAFC04170}_is1) (Version: 1.0.0.1 - Wondershare, Inc.)
Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 fr)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1 - Mozilla)
MPTagThat (HKLM-x32\...\MPTagThat) (Version: 3.0.0 - Helmut Wahrmann)
OEM Application Profile (HKLM-x32\...\{8C7185EB-4165-040E-D581-EA62D922E8A2}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{121727D5-FDF3-4723-BA57-EB383440ED72}) (Version: 4.11.9775 - Apache Software Foundation)
Package de pilotes Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Package de pilotes Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RogueKiller version 12.10.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.2.0 - Adlice Software)
SafeZone Stable 3.55.2393.590 (x32 Version: 3.55.2393.590 - Avast Software) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Service Xperia Companion (Version: 1.4.7.0 - Sony) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Stamp ID3 Tag Editor (HKLM-x32\...\Stamp) (Version: 2.39 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
Tag&Rename 3.9.11 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.9.11 - Softpointer Inc)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.02.6402 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.3.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TRS32 Emulator 1.28 (HKLM-x32\...\TRS32 Emulator) (Version: 1.28 - Matthew Reed)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSDC Free Video Editor version 5.7.2.644 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.2.644 - Flash-Integro LLC)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
Wondershare MobileGo(Version 8.2.3) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 8.2.3 - Wondershare)
Xperia Companion (HKLM-x32\...\{efee6944-1231-492a-a157-93409130a098}) (Version: 1.4.7.0 - Sony)
Xperia Companion (x32 Version: 1.4.7.0 - Sony) Hidden

==================== Personnalisé CLSID (Avec liste blanche): ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

CustomCLSID: HKU\S-1-5-21-2253113614-2940369490-2009371491-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileCoAuthLib64.dll (Microsoft Corporation)

==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {145B61C7-F36B-4DD9-9541-15A752CAF0A2} - System32\Tasks\avastBCLRestartS-1-5-21-2253113614-2940369490-2009371491-1001 => Firefox.exe
Task: {15804648-D1A1-404E-91B5-6A4083EC3583} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)
Task: {3C9D0E7F-A80A-4017-824D-EEF0D7369ADC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4323FE07-5473-45BB-83B0-4C5214050DBC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {4C801ED6-A47A-45B6-A179-75F4CA7EEAE0} - System32\Tasks\SafeZone scheduled Autoupdate 1458770513 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-03] (Avast Software)
Task: {5D7CB2C6-0A00-455C-B69B-38ACC8CD06B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-19] (Adobe Systems Incorporated)
Task: {6A9333EA-7C66-4795-A55A-EA6403A8EA54} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {726D954D-C994-4CC6-9360-C7038850A9D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {81DE33C7-7318-4FF5-90E8-E663C935499F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {9272625A-EC2F-48CA-A83F-845C72926F54} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-19] (AVAST Software)
Task: {92AD3BBB-3CE7-4DEC-BDDC-E1E304ECB15C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {976FB582-D56D-4910-AD5B-EFAF49305993} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {9B1CCFED-C2B7-4CAB-9470-ED50EF76AFEF} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {9BC9FFB6-7595-4D77-A54F-FFE3D4276072} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {D52AD4F0-85AB-4D11-9638-876D4BD0C518} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D832306E-9B81-433E-AC68-269F5480A4A2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)


==================== Raccourcis =============================

(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

Shortcut: C:\Users\USER\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Modules chargés (Avec liste blanche) ==============

2015-08-11 19:10 - 2009-10-16 18:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-21 17:09 - 2014-03-21 17:09 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2017-03-31 23:29 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-31 23:29 - 2017-03-24 04:10 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-02-12 22:45 - 2013-06-09 22:10 - 00348344 _____ () C:\Program Files (x86)\Cheat Engine 6.3\lua5.1-64.dll
2017-03-19 08:52 - 2017-03-19 08:52 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-18 09:54 - 2016-09-18 09:54 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-19 08:50 - 2017-03-19 08:50 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-03-19 08:53 - 2017-03-19 08:53 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-10-28 16:56 - 2014-03-06 16:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-08-13 10:27 - 2014-08-13 10:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2017-02-14 09:42 - 2017-02-14 09:42 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-03-28 15:32 - 2017-03-28 15:32 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2017-01-30 13:52 - 2017-01-30 13:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2015-02-12 22:45 - 2013-06-07 22:56 - 00181944 _____ () C:\Program Files (x86)\Cheat Engine 6.3\speedhack-i386.dll
2017-03-29 18:17 - 2017-03-28 22:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-03-29 18:17 - 2017-03-28 22:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll

==================== Alternate Data Streams (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)


==================== Mode sans échec (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)


==================== Internet Explorer sites de confiance/sensibles ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)


==================== Hosts contenu: ===============================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Autres zones ============================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\TOSHIBA\TOSHIBA1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.

==================== MSCONFIG/TASK MANAGER éléments désactivés ==


==================== RèglesPare-feu (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AE271592-A0F7-42F3-9857-AFE057D7A3E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{75985013-E0BA-45CF-9E7C-30B84EC8FF86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FD091C7F-015C-4958-AA58-F5EB0C957645}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CA0545B2-379D-4B01-9343-30286FB4D6B9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C67E8DDE-E599-405B-A726-E95ED4DB9671}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EA9653E7-EDE7-49C2-AE97-0E4EA1F8AB36}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E07B0480-9C07-4853-AE30-D7D7398BF158}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{A19E8FD5-3D72-44F5-A48A-1C794B6CA601}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{818DF91C-AEAC-461A-84A5-E1E5AA2F516F}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{0B367D88-1C21-4654-9AE0-7A882A13C2A1}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [TCP Query User{E8E12FB7-3ED0-4A9F-BCC5-73B8C9A1CB25}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [UDP Query User{1407856B-FAE8-40AA-8463-101E9C44F036}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [{F6E31EE9-5AB8-4E87-BCDC-7FBE72C3BBD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FADEA5F1-BF72-4589-B631-482D28B24D07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BBE309C3-1170-4CE5-9E32-20176DDF5491}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{83E8DFB8-780E-40D8-A154-40C3BB51C471}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F8C244EE-17D8-4753-BC1D-268E354D7310}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7C68CB09-E90D-41A4-9F34-B165E90324DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F43D6A73-33FB-4008-A247-EB8F4E3D42FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A6D3548-E096-4B50-A92A-0E3D76203FF7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{AB9DEB72-CB8F-4D1F-9BCD-6D6D6080BA73}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{D33A049D-4E7B-4539-83E5-D269390FC44D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{42B73876-03CD-44A8-B6D9-BEC0292E0E06}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{60A43361-3852-4427-9508-819ABDCC5B30}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{07588C57-0889-4939-8548-CD205775F58E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{EDA0B863-E364-46ED-810E-E0DDFBFDAEE2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B54F2533-B967-4B95-91F1-FD1F026838C1}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{90EACD6A-C29B-4B7D-BC80-9477444BE32D}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{D4EEA59A-1970-4389-B3F9-DF114EDCD670}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{4CC60AA5-7C31-478A-9327-F123C96BE8F9}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{22A0CA93-DAE0-414A-A921-508AAA41CBD2}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{6E175DEC-0194-488E-A569-F34D2181337C}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{5FBDB5A3-B296-4C61-ADF2-3F1F3291229B}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [TCP Query User{41C7781F-0B7B-48C0-A639-800180E2C8B4}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [UDP Query User{F03E0234-4370-43D9-A74B-E0512DF93128}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{C2E634D3-48B2-4A80-8604-2895DF3DF699}] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{A4C6BE11-DD8C-48D1-AF90-3C02392D4FF3}] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{449AAE9A-B492-4FD2-A7D2-F6B8936B2836}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{719B555A-4378-4F95-AA78-05BB0D2E2DDD}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561_0\SZBrowser.exe
FirewallRules: [{37CA39C0-A631-4ACB-8ACC-641E8BAB3755}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe

==================== Points de restauration =========================

15-03-2017 17:07:54 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
26-03-2017 11:59:06 Point de contrôle planifié
31-03-2017 23:52:57 JRT Pre-Junkware Removal
01-04-2017 09:16:50 Garmin Express

==================== Éléments en erreur du Gestionnaire de périphériques =============

Name: Intel(R) Dual Band Wireless-AC 3160
Description: Intel(R) Dual Band Wireless-AC 3160
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNb64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Erreurs du Journal des événements: =========================

Erreurs Application:
==================
Error: (04/01/2017 08:07:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSHIBA)
Description: Échec de l’activation de l’application SymantecCorporation.NortonStudio_v68kp9n051hdp!App avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (04/01/2017 12:13:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4016

Error: (04/01/2017 12:13:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4016

Error: (04/01/2017 12:13:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/01/2017 12:13:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2657

Error: (04/01/2017 12:13:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2657

Error: (04/01/2017 12:13:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/01/2017 12:13:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1313

Error: (04/01/2017 12:13:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1313

Error: (04/01/2017 12:13:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Erreurs système:
=============
Error: (04/01/2017 08:15:48 PM) (Source: DCOM) (EventID: 10001) (User: TOSHIBA)
Description: Impossible de démarrer un serveur DCOM : App.AppXqnry5k2463e1eva81cgfqeh461wt463a.mca en tant que Non disponible/Non disponible. L’erreur
« 31 »
s’est produite lors du démarrage de la commande :
"C:\Windows\syswow64\backgroundTaskHost.exe" -ServerName:App.AppXt014q6qzk9mjya2jb3xbkeaj9z6kaf4x.mca

Error: (04/01/2017 06:18:08 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: Le serveur {1B1F472E-3221-4826-97DB-2C2324D389AE} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (04/01/2017 09:17:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Garmin Device Interaction Service s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service.

Error: (03/31/2017 11:48:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN n’a pas pu démarrer.

Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll
Code d’erreur : 126

Error: (03/31/2017 11:47:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Garmin Device Interaction Service n’a pas pu démarrer en raison de l’erreur :
Le chemin d’accès spécifié est introuvable.

Error: (03/31/2017 11:47:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Apple Mobile Device Service n’a pas pu démarrer en raison de l’erreur :
Le canal de communication a été fermé.

Error: (03/31/2017 11:46:57 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: Le serveur {9BA05972-F6A8-11CF-A442-00A0C90A8F39} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (03/31/2017 11:46:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Windows Search, mais cette action a échoué en raison de l’erreur suivante :
Une instance du service s’exécute déjà.

Error: (03/31/2017 11:46:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (03/31/2017 11:46:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service TMachInfo s’est terminé de façon inattendue pour la 1ème fois.


CodeIntegrity:
===================================
Date: 2017-03-19 08:26:00.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:26:00.331
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:26:00.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:59.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:59.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:59.221
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:58.956
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:55.393
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:55.127
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 08:25:54.877
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


==================== Infos Mémoire ===========================

Processeur: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Pourcentage de mémoire utilisée: 79%
Mémoire physique - RAM - totale: 8112.14 MB
Mémoire physique - RAM - disponible: 1632.12 MB
Mémoire virtuelle totale: 12080.14 MB
Mémoire virtuelle disponible: 4666.4 MB

==================== Lecteurs ================================

Drive c: (TI80167500B) (Fixed) (Total:685.87 GB) (Free:339.86 GB) NTFS

==================== MBR & Table des partitions ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Fin de Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    937 bytes · Views: 1
Fixlog:

Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Exécuté par USER (01-04-2017 21:08:43) Run:1
Exécuté depuis C:\Users\USER\Desktop
Profils chargés: USER (Profils disponibles: USER)
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************
HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\MountPoints2: {9cb0b1b1-ceda-11e6-82d8-a08869756669} - "D:\Startme.exe"
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
2017-03-12 22:10 - 2017-03-12 22:10 - 0002103 _____ () C:\Users\USER\AppData\Local\recently-used.xbel
2017-03-31 22:17 - 2016-08-13 03:40 - 1737080 _____ (Microsoft Corporation) C:\Users\USER\AppData\Local\Temp\dllnt_dump.dll
2017-01-27 20:30 - 2017-01-27 20:30 - 0739904 _____ (Oracle Corporation) C:\Users\USER\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-08-16 03:48 - 2016-08-16 03:48 - 0488960 _____ () C:\Users\USER\AppData\Local\Temp\sqlite3.exe
2017-02-01 06:33 - 2017-02-01 06:33 - 44364392 _____ (Google Inc.) C:\Users\USER\AppData\Local\Temp\{92186B94-26C6-478F-B5A3-96057410383E}-56.0.2924.87_chrome_installer.exe

*****************

HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cb0b1b1-ceda-11e6-82d8-a08869756669} => clé supprimé(es) avec succès
HKCR\CLSID\{9cb0b1b1-ceda-11e6-82d8-a08869756669} => clé non trouvé(e).
HKLM\System\CurrentControlSet\Services\AvastVBoxSvc => clé impossible à supprimer, clé était peut-être protégé(e)
HKLM\System\CurrentControlSet\Services\VBoxAswDrv => clé impossible à supprimer, clé était peut-être protégé(e)
C:\Users\USER\AppData\Local\recently-used.xbel => déplacé(es) avec succès
C:\Users\USER\AppData\Local\Temp\dllnt_dump.dll => déplacé(es) avec succès
C:\Users\USER\AppData\Local\Temp\jre-8u121-windows-au.exe => déplacé(es) avec succès
C:\Users\USER\AppData\Local\Temp\sqlite3.exe => déplacé(es) avec succès
C:\Users\USER\AppData\Local\Temp\{92186B94-26C6-478F-B5A3-96057410383E}-56.0.2924.87_chrome_installer.exe => déplacé(es) avec succès

Résultats du déplacement planifié des fichiers (Mode d'amorçage: Normal) (Date&Heure: 01-04-2017 21:12:20)


Résultats de la suppression planifiée des clés après redémarrage:

HKLM\System\CurrentControlSet\Services\AvastVBoxSvc => clé impossible à supprimer, clé était peut-être protégé(e)
HKLM\System\CurrentControlSet\Services\VBoxAswDrv => clé impossible à supprimer, clé était peut-être protégé(e)

==== Fin de Fixlog 21:12:20 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Checkup log:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avast Antivirus
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 121
Java version 32-bit out of Date!
Adobe Flash Player 25.0.0.127
Adobe Reader XI
Mozilla Firefox (52.0.1)
Google Chrome (57.0.2987.133)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Oracle Java javapath AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016
Ran by USER (administrator) on 01-04-2017 at 23:49:09
Running from "C:\Users\USER\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.
 
Thanks works much better now :)! You are a genius!

I'm quite sure I got infected by some unwanted pop-ups on a website. I'm thinking of installing Poper blocker for Chrome or Adguard Adblocker for Chrome to prevent new instances of browsers from popping up all around, is one of these any good?
 
Back