TechSpot

Weird overall computer behavior since I was fooled by bundleware

By needhelp51
Oct 19, 2016
  1. Hi. I recently installed some software that seemed useful (but of course wasn't) and it came with lots of hidden bundleware. My computer has been going downhill since that event and is very slow. My wifi card (suddenly very, very low signal) and audio card (sound only in one side of headphones, suddenly) have been acting funny too ever since, not sure it's related, but it started at that exact time. I have tried updating my drivers to no avail. I have tried a restore to a previous date but it doesn't seem to work. I want to clear the malware possiblity before having my computer checked for hardware problems by a technician. Oh yeah, and my internal clock has reset two times following that a few days ago, too.


    Here is the FRST log:

    Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
    Exécuté par USER (administrateur) sur TOSHIBA (19-10-2016 11:33:16)
    Exécuté depuis C:\Users\USER\Desktop
    Profils chargés: USER (Profils disponibles: USER)
    Platform: Windows 8.1 (Update) (X64) Langue: Français (France)
    Internet Explorer Version 11 (Navigateur par défaut: FF)
    Mode d'amorçage: Normal
    Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processus (Avec liste blanche) =================

    (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    ( ) C:\Windows\System32\lxdxcoms.exe
    (Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    (Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    (TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Cheat Engine) C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-x86_64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
    (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
    (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
    (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\nacl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\nacl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe


    ==================== Registre (Avec liste blanche) ====================

    (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3249384 2015-05-19] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [914648 2014-03-05] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830104 2014-01-14] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-13] (AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2062208 2016-05-26] (Sony)
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\MountPoints2: {4022c6e4-ccec-11e5-82ac-a08869756669} - "D:\LaunchU3.exe"
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\MountPoints2: {e740946d-dd81-11e5-82b2-a08869756669} - "D:\Startme.exe"
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-18] (AVAST Software)
    Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2016-08-08]
    ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Avec liste blanche) ====================

    (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0B4C5874-80F0-4B7C-8486-17CDA628398E}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{4A0A451B-6198-4D5D-9FBF-AE2FBBC85052}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{50DF5579-E176-48A2-9370-9422E9E0575C}: [DhcpNameServer] 192.168.44.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba13.msn.com/?pc=TNJB
    hxxp://www.toshiba.ca/welcome/?w=23
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshiba.ca/welcome/?w=23
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-13] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-18] (AVAST Software)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-13] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-07] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-18] (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-07] (Oracle Corporation)
    Handler-x32: intu-ir2014 - {980B949F-E16E-4459-88E8-580392AEF9AE} - C:\Program Files (x86)\ImpotRapide 2014\ic2014pp.dll [2015-02-13] (Intuit Canada, a general partnership/une société en nom collectif.)
    Handler-x32: intu-ir2015 - {6BEE4271-88EB-43B7-BEE1-54B77DC65F9C} - C:\Program Files (x86)\ImpotRapide 2015\ic2015pp.dll [2015-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-13] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-13] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-13] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-13] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 [2016-10-19]
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 -> Yahoo!
    FF Homepage: Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 -> hxxps://www.google.ca
    FF Extension: (Google Translator for Firefox) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509\Extensions\translator@zoli.bod.xpi [2016-04-28]
    FF Extension: (WOT) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
    FF SearchPlugin: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509\searchplugins\yahoo! powered.xml [2016-10-11]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-13]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-13]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-13] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-13] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-07] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-13] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://ca.search.yahoo.com/?type=926458&fr=yo-yhp-ch
    CHR StartupUrls: Default -> "hxxp://www.google.ca/"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> yahoo.com search
    CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2016-10-19]
    CHR Extension: (Google Slides) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
    CHR Extension: (Google Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
    CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
    CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Recherche Google) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Avast SafePrice) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-18]
    CHR Extension: (Google Sheets) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
    CHR Extension: (Google Docs hors connexion) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Avast Online Security) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-16]
    CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
    CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-27]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <non trouvé(e)>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <non trouvé(e)>

    ==================== Services (Avec liste blanche) ====================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [Fichier non signé]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-18] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3190976 2016-09-05] (Microsoft Corporation)
    R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-21] ()
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-05-19] (ELAN Microelectronics Corp.)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [Fichier non signé]
    S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Fichier non signé]
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Fichier non signé]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
    R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
    S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Pilotes (Avec liste blanche) ======================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-18] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-18] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-18] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-18] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-18] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-18] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-18] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
    S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
    R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
    S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [13824 2008-04-03] (Atola) [Fichier non signé]
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows (R) Win 7 DDK provider)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-01] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Avec liste blanche) ===================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


    ==================== Un mois - Créés - fichiers et dossiers ========

    (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

    2016-10-19 11:33 - 2016-10-19 11:35 - 00026009 _____ C:\Users\USER\Desktop\FRST.txt
    2016-10-19 11:33 - 2016-10-19 11:33 - 00000000 ____D C:\FRST
    2016-10-19 11:32 - 2016-10-19 11:32 - 02407424 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
    2016-10-19 11:30 - 2016-10-19 11:31 - 00000000 ____D C:\Users\USER\Desktop\TRIER
    2016-10-19 09:58 - 2016-10-19 10:12 - 00000090 ____H C:\Users\USER\Desktop\.~lock.Stat CC1(2a).ods#
    2016-10-19 09:04 - 2016-10-19 09:04 - 00000162 _____ C:\Users\USER\Desktop\NDLH.txt
    2016-10-18 22:41 - 2016-10-18 22:41 - 00015349 _____ C:\Users\USER\Downloads\lettre-de-présentation-..odt
    2016-10-18 21:57 - 2016-10-18 21:57 - 00018567 _____ C:\Users\USER\Downloads\Roxane-Sarrazin-.CV. (1).odt
    2016-10-18 21:53 - 2016-10-18 21:53 - 00018621 _____ C:\Users\USER\Downloads\Roxane-Sarrazin-.CV..odt
    2016-10-18 21:42 - 2016-10-18 21:42 - 00018698 _____ C:\Users\USER\Downloads\Roxane-Sarrazin-CV..odt
    2016-10-18 08:09 - 2016-10-18 08:09 - 00205311 _____ C:\Users\USER\Downloads\c-20101-2.pdf
    2016-10-15 10:43 - 2016-10-15 10:43 - 00022106 _____ C:\Users\USER\AppData\Local\recently-used.xbel
    2016-10-14 08:46 - 2016-10-14 08:46 - 00000000 ____D C:\Windows\LastGood.Tmp
    2016-10-14 08:26 - 2016-09-30 20:15 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-10-14 08:26 - 2016-09-30 20:15 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-10-14 06:55 - 2016-10-14 06:55 - 00081539 _____ C:\Users\USER\Downloads\IMG_28281.jpg.part
    2016-10-14 00:26 - 2016-10-14 00:26 - 01883777 _____ C:\Users\USER\Downloads\AncetreDataLogSeptembre.csv
    2016-10-13 17:47 - 2016-10-13 17:47 - 00142778 _____ C:\Users\USER\Downloads\18600REC0380076732.pdf
    2016-10-13 14:39 - 2016-10-13 14:39 - 00008272 _____ C:\Windows\SAII_LOG.TXT
    2016-10-13 14:39 - 2016-10-13 14:39 - 00001937 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
    2016-10-13 14:38 - 2016-10-13 14:38 - 00000000 ____D C:\Users\Public\Documents\Conexant
    2016-10-13 14:38 - 2012-12-12 15:38 - 00205560 _____ (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
    2016-10-13 14:34 - 2016-10-13 14:36 - 69079984 _____ C:\Users\USER\Downloads\tc70184400k.exe
    2016-10-13 14:18 - 2016-09-30 20:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-10-13 14:18 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-10-13 14:18 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-10-13 14:18 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-10-13 14:18 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-10-13 14:18 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-10-13 14:18 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-10-13 14:18 - 2016-09-30 01:41 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-10-13 14:18 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-10-13 14:18 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-10-13 14:18 - 2016-09-30 01:33 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-10-13 14:18 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-10-13 14:18 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-10-13 14:18 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-10-13 14:18 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-10-13 14:18 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-10-13 14:18 - 2016-09-30 01:11 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-10-13 14:18 - 2016-09-30 01:06 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-10-13 14:18 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-10-13 14:18 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-10-13 14:18 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-10-13 14:18 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-10-13 14:18 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-10-13 14:18 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-10-13 14:18 - 2016-09-17 14:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
    2016-10-13 14:18 - 2016-09-17 13:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-10-13 14:18 - 2016-09-17 13:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
    2016-10-13 14:18 - 2016-09-17 13:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-10-13 14:18 - 2016-09-17 13:02 - 01446400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-10-13 14:18 - 2016-09-13 21:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-10-13 14:18 - 2016-09-13 21:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-10-13 14:18 - 2016-09-13 21:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-10-13 14:18 - 2016-09-13 21:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2016-10-13 14:18 - 2016-09-12 19:48 - 00085680 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-10-13 14:18 - 2016-09-12 18:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
    2016-10-13 14:18 - 2016-09-12 17:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
    2016-10-13 14:18 - 2016-09-09 10:17 - 04170752 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-10-13 14:18 - 2016-09-09 09:38 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-10-13 14:18 - 2016-09-08 16:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
    2016-10-13 14:18 - 2016-09-08 10:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-10-13 14:18 - 2016-09-08 10:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2016-10-13 14:18 - 2016-09-07 18:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2016-10-13 14:18 - 2016-09-07 17:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
    2016-10-13 14:18 - 2016-09-07 17:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2016-10-13 14:18 - 2016-09-07 17:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2016-10-13 14:18 - 2016-09-07 17:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2016-10-13 14:18 - 2016-08-31 13:22 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2016-10-13 14:18 - 2016-08-31 12:33 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2016-10-13 14:18 - 2016-08-25 16:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
    2016-10-13 14:18 - 2016-08-25 15:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
    2016-10-13 14:18 - 2016-08-12 20:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2016-10-13 14:18 - 2016-08-12 20:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
    2016-10-13 14:18 - 2016-08-12 20:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
    2016-10-13 14:18 - 2016-08-12 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
    2016-10-13 14:18 - 2016-08-12 18:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
    2016-10-13 14:18 - 2016-08-12 18:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2016-10-13 14:18 - 2016-08-12 17:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2016-10-13 14:18 - 2016-08-12 17:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
    2016-10-13 14:18 - 2016-08-12 16:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2016-10-13 14:18 - 2016-08-11 21:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2016-10-13 14:18 - 2016-08-11 21:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2016-10-13 14:18 - 2016-08-11 14:33 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
    2016-10-13 14:18 - 2016-08-11 14:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
    2016-10-13 14:18 - 2016-08-11 14:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
    2016-10-13 14:18 - 2016-08-11 13:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
    2016-10-13 14:18 - 2016-08-11 09:39 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml
    2016-10-13 14:18 - 2016-08-11 01:46 - 00420184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
    2016-10-13 14:18 - 2016-08-03 11:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
    2016-10-13 14:18 - 2016-08-03 11:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
    2016-10-13 14:18 - 2016-08-03 11:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
    2016-10-13 14:18 - 2016-08-03 11:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
    2016-10-13 14:18 - 2016-07-30 13:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
    2016-10-13 14:18 - 2016-07-30 12:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
    2016-10-13 14:18 - 2016-07-23 14:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
    2016-10-13 14:18 - 2016-07-23 14:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
    2016-10-13 14:17 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-10-13 14:17 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-10-13 14:17 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-10-13 14:17 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-10-13 14:17 - 2016-08-27 15:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-10-13 14:17 - 2016-08-27 15:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-10-13 14:17 - 2016-08-27 15:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
    2016-10-13 14:17 - 2016-08-27 14:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-10-13 14:17 - 2016-08-27 14:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-10-13 14:17 - 2016-08-27 14:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
    2016-10-13 14:17 - 2016-08-27 12:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2016-10-13 14:17 - 2016-08-27 12:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2016-10-13 14:17 - 2016-08-27 12:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2016-10-13 14:17 - 2016-08-27 11:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2016-10-13 14:17 - 2016-08-20 18:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-10-13 14:17 - 2016-08-20 18:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
     
  2. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    FRST continued:

    2016-10-13 14:17 - 2016-07-26 09:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
    2016-10-13 14:17 - 2016-07-26 09:40 - 00162850 _____ C:\Windows\system32\C_932.NLS
    2016-10-13 14:08 - 2016-10-13 14:08 - 00000000 ____D C:\Users\USER\AppData\Local\AudioSwitcher
    2016-10-13 14:06 - 2016-10-13 14:07 - 00293485 _____ C:\Users\USER\Downloads\AudioSwitcher.zip
    2016-10-13 13:22 - 2016-09-18 09:54 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-10-11 00:40 - 2016-10-11 00:41 - 00000000 ____D C:\Users\USER\AppData\Local\chromium
    2016-10-11 00:38 - 2016-10-11 00:38 - 00000000 ____D C:\ProgramData\{FCD139B2-7693-B374-F055-2D366A17A6F8}
    2016-10-11 00:37 - 2016-10-11 11:19 - 00000000 ____D C:\Program Files\ByteFence
    2016-10-10 11:38 - 2016-10-10 11:38 - 00000000 ____D C:\Users\USER\AppData\Roaming\WinBatch
    2016-10-10 09:17 - 2016-10-10 09:17 - 00025908 _____ C:\Users\USER\Downloads\usbdeview-x64.zip
    2016-10-10 09:14 - 2016-10-10 09:14 - 00000022 _____ C:\Users\USER\Downloads\usbdeview.zip
    2016-10-07 14:36 - 2016-10-07 14:36 - 00000000 ____D C:\Program Files\Sony
    2016-10-07 14:12 - 2016-10-07 14:12 - 00000542 _____ C:\Users\USER\Desktop\JRT.txt
    2016-10-07 14:05 - 2016-10-07 14:05 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2016-10-07 14:05 - 2016-10-07 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-10-07 13:59 - 2016-10-07 13:59 - 00739904 _____ (Oracle Corporation) C:\Users\USER\Downloads\jxpiinstall(1).exe
    2016-10-07 13:57 - 2016-10-07 13:57 - 00243712 _____ C:\Users\USER\Downloads\Firefox Setup Stub 49.0.1.exe
    2016-10-07 13:55 - 2016-10-07 13:55 - 03874368 _____ C:\Users\USER\Desktop\adwcleaner_6.021.exe
    2016-10-04 15:54 - 2016-10-04 15:54 - 00000579 _____ C:\Users\USER\Downloads\Texte(1).txt
    2016-10-04 15:53 - 2016-10-04 15:54 - 00096291 _____ C:\Users\USER\Downloads\Fwd_ TR_ Production quotidienne fromage.eml
    2016-10-04 10:22 - 2016-10-04 10:22 - 00040086 _____ C:\Users\USER\Downloads\Production Aston rapport pour Env 2016-10-04.xlsx
    2016-09-22 21:51 - 2016-09-22 21:51 - 00046493 _____ C:\Users\USER\Downloads\Distribution(1).pdf
    2016-09-21 22:29 - 2016-09-21 22:29 - 00053679 _____ C:\Users\USER\Downloads\Horaire Pondeurs.pdf
    2016-09-21 22:29 - 2016-09-21 22:29 - 00051986 _____ C:\Users\USER\Downloads\Horaire Clowns.pdf
    2016-09-21 22:29 - 2016-09-21 22:29 - 00039462 _____ C:\Users\USER\Downloads\Personnages fixes.pdf
    2016-09-21 22:28 - 2016-09-21 22:28 - 00050368 _____ C:\Users\USER\Downloads\Horaire Traqueurs.pdf
    2016-09-21 22:23 - 2016-09-21 22:23 - 00050802 _____ C:\Users\USER\Downloads\Horaire Mutants.pdf
    2016-09-21 18:47 - 2016-09-21 18:47 - 00064954 _____ C:\Users\USER\Downloads\Descriptions.pdf
    2016-09-21 18:47 - 2016-09-21 18:47 - 00053315 _____ C:\Users\USER\Downloads\Distribution.pdf
    2016-09-21 18:47 - 2016-09-21 18:47 - 00038258 _____ C:\Users\USER\Downloads\Horaire.pdf
    2016-09-21 09:56 - 2016-09-21 09:56 - 00069500 _____ C:\Users\USER\Downloads\M113104.pdf
    2016-09-21 08:14 - 2016-09-21 08:14 - 00179948 _____ C:\Users\USER\Downloads\c-19810-3(1).pdf

    ==================== Un mois - Modifiés - fichiers et dossiers ========

    (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

    2016-10-19 11:20 - 2015-01-20 23:40 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-19 11:16 - 2015-01-27 20:23 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-19 10:12 - 2015-11-07 10:10 - 00100780 _____ C:\Users\USER\Desktop\Stat CC1(2a).ods
    2016-10-19 09:16 - 2015-01-20 23:51 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-10-19 09:08 - 2015-01-20 23:40 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-10-19 09:06 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-19 09:03 - 2016-05-15 22:43 - 00064740 _____ C:\Users\USER\Desktop\Rapports a faire.txt
    2016-10-19 09:03 - 2015-07-09 20:54 - 00000000 ____D C:\Users\USER\Desktop\Phe
    2016-10-19 09:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
    2016-10-19 08:46 - 2015-01-21 21:29 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
    2016-10-19 08:31 - 2015-01-20 21:44 - 00003928 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E23F4E4B-10C1-4082-AB07-CBCEC93CA7B5}
    2016-10-18 15:28 - 2015-02-17 07:10 - 00000000 ____D C:\Users\USER\AppData\Local\CrashDumps
    2016-10-18 15:28 - 2014-10-28 20:09 - 00000000 ____D C:\Users\USER\AppData\Local\Packages
    2016-10-18 15:04 - 2014-04-10 22:11 - 01824010 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-10-18 15:04 - 2013-08-28 21:28 - 00812350 _____ C:\Windows\system32\perfh00C.dat
    2016-10-18 15:04 - 2013-08-28 21:28 - 00159412 _____ C:\Windows\system32\perfc00C.dat
    2016-10-18 15:04 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
    2016-10-17 20:29 - 2015-07-03 22:23 - 00055808 _____ C:\Users\USER\Desktop\poid.xls
    2016-10-17 14:47 - 2015-01-21 21:28 - 00000000 ____D C:\ProgramData\Skype
    2016-10-17 14:46 - 2015-01-21 21:28 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-10-15 10:43 - 2016-07-24 10:45 - 00000000 ____D C:\Users\USER\AppData\Local\gtk-2.0
    2016-10-15 10:43 - 2016-07-24 10:36 - 00000000 ____D C:\Users\USER\.gimp-2.8
    2016-10-14 16:06 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
    2016-10-14 12:15 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-10-14 08:24 - 2013-08-22 10:44 - 00506896 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-10-14 08:16 - 2015-01-20 23:32 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-10-14 08:16 - 2015-01-20 23:32 - 00000000 ____D C:\Windows\system32\appraiser
    2016-10-14 08:16 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
    2016-10-14 07:42 - 2016-05-16 23:33 - 00000000 ____D C:\Users\USER\Desktop\Biochem
    2016-10-14 06:51 - 2015-08-11 19:10 - 00000000 ____D C:\ProgramData\lx_Cats
    2016-10-13 16:12 - 2014-10-28 20:15 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2253113614-2940369490-2009371491-1001
    2016-10-13 15:31 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-10-13 15:29 - 2015-01-20 22:44 - 00000000 ____D C:\Windows\system32\MRT
    2016-10-13 15:24 - 2015-01-20 22:43 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-10-13 14:59 - 2014-10-28 17:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-10-13 14:38 - 2014-10-28 17:01 - 00000000 ____D C:\Windows\system32\SRSLabs
    2016-10-13 14:38 - 2014-10-28 17:01 - 00000000 ____D C:\Program Files\CONEXANT
    2016-10-13 14:31 - 2016-08-17 15:01 - 00000000 ____D C:\Users\USER\AppData\Local\ElevatedDiagnostics
    2016-10-13 14:00 - 2016-03-23 18:02 - 00003914 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458770513
    2016-10-13 14:00 - 2016-03-23 18:02 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-10-13 13:33 - 2016-05-07 13:56 - 00001949 _____ C:\Users\Public\Desktop\Avast Antivirus Gratuit.lnk
    2016-10-13 13:30 - 2015-01-20 23:51 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2016-10-13 13:19 - 2015-01-27 20:23 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-10-13 13:18 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-10-13 13:18 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
    2016-10-13 13:01 - 2015-12-03 18:26 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-10-13 13:01 - 2014-10-28 17:10 - 00000000 ____D C:\Windows\System32\Tasks\TOSHIBA
    2016-10-13 13:01 - 2013-08-22 11:36 - 00000000 __RSD C:\Windows\Media
    2016-10-13 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
    2016-10-13 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
    2016-10-13 13:01 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Sysprep
    2016-10-13 13:00 - 2016-08-27 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    2016-10-13 13:00 - 2015-01-20 23:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-10-13 13:00 - 2014-10-28 16:54 - 00000000 ____D C:\ProgramData\Package Cache
    2016-10-13 12:59 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2016-10-13 12:59 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2016-10-13 12:54 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-10-13 12:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
    2016-10-13 12:40 - 2015-06-05 22:06 - 00000000 ____D C:\ProgramData\Oracle
    2016-10-13 12:37 - 2016-08-27 09:18 - 00000000 ____D C:\Program Files (x86)\Sony
    2016-10-12 09:17 - 2016-03-01 13:47 - 00000000 ____D C:\Users\USER\Desktop\Photos Xperia
    2016-10-10 09:14 - 2016-07-05 12:52 - 00035574 _____ C:\Users\USER\Downloads\readme.txt
    2016-10-10 09:14 - 2016-07-05 12:52 - 00022886 _____ C:\Users\USER\Downloads\USBDeview.chm
    2016-10-07 14:07 - 2015-01-27 20:22 - 00000000 ____D C:\Users\USER\AppData\Local\Adobe
    2016-10-07 14:05 - 2015-06-05 22:06 - 00000000 ____D C:\Program Files (x86)\Java
    2016-10-07 13:59 - 2015-11-03 22:36 - 00000000 ____D C:\AdwCleaner
    2016-10-07 13:58 - 2016-09-18 09:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-10-07 13:58 - 2015-01-20 23:45 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-10-07 13:58 - 2015-01-20 23:45 - 00001174 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-10-03 18:22 - 2015-01-20 23:42 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-10-03 18:22 - 2015-01-20 23:42 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-09-30 14:39 - 2015-11-27 11:22 - 00000000 ___RD C:\Users\USER\Documents\Scanned Documents
    2016-09-22 09:58 - 2015-01-20 23:51 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2016-09-21 10:05 - 2015-01-21 22:00 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

    ==================== Fichiers à la racine de certains dossiers =======

    2016-10-15 10:43 - 2016-10-15 10:43 - 0022106 _____ () C:\Users\USER\AppData\Local\recently-used.xbel
    2016-08-18 14:04 - 2016-08-18 14:04 - 0000057 _____ () C:\ProgramData\Ament.ini

    ==================== Bamital & volsnap ======================

    (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

    C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
    C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
    C:\Windows\explorer.exe => Le fichier est signé numériquement
    C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
    C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
    C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
    C:\Windows\system32\services.exe => Le fichier est signé numériquement
    C:\Windows\system32\User32.dll => Le fichier est signé numériquement
    C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
    C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
    C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
    C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
    C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
    C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
    C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


    LastRegBack: 2016-10-15 12:12

    ==================== Fin de FRST.txt ============================
     
  3. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    Addition log:

    Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 17-10-2016
    Exécuté par USER (19-10-2016 11:35:47)
    Exécuté depuis C:\Users\USER\Desktop
    Windows 8.1 (Update) (X64) (2014-10-29 00:08:45)
    Mode d'amorçage: Normal
    ==========================================================


    ==================== Comptes: =============================

    Administrateur (S-1-5-21-2253113614-2940369490-2009371491-500 - Administrator - Disabled)
    Invité (S-1-5-21-2253113614-2940369490-2009371491-501 - Limited - Disabled)
    USER (S-1-5-21-2253113614-2940369490-2009371491-1001 - Administrator - Enabled) => C:\Users\USER

    ==================== Centre de sécurité ========================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

    AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Programmes installés ======================

    (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.17) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{42EC3153-24B0-FCAD-0F16-0904BCBAB179}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32 bits) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
    Apple Application Support (64 bits) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.1.2.0 - Auslogics Labs Pty Ltd)
    Avast Antivirus Gratuit (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
    Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.36.50 - Conexant)
    CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1321 - CyberLink Corp.)
    Disk Investigator 1.61 (HKLM-x32\...\Disk Investigator) (Version: 1.61 - Kevin Solway)
    DTS Sound (HKLM-x32\...\{5B54DDC3-0ACC-4722-9C23-C3F07AF4825D}) (Version: 1.01.6700 - DTS, Inc.)
    EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
    ELAN Touchpad 11.8.43.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.43.1 - ELAN Microelectronic Corp.)
    Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    eMule (HKLM-x32\...\eMule) (Version: - )
    Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)
    Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
    HP Officejet Pro 8600 Aide (HKLM-x32\...\{20033B23-1270-4E9C-92DC-2E167A367C73}) (Version: 28.0.0 - Hewlett Packard)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    ImpôtRapide 2014 (HKLM-x32\...\{7366981E-1520-4A66-AD94-FBFC60A80E97}) (Version: 1.00.0000 - Intuit Canada)
    ImpôtRapide 2015 (HKLM-x32\...\{9DF6FA30-3746-4D96-B5B7-C0B88CE0E149}) (Version: 1.00.0000 - Intuit Canada)
    Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
    iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
    Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Logiciel de base du périphérique HP Officejet Pro 8600 (HKLM\...\{E588CA1D-AD74-4E04-8C53-AD9735C4CA54}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.7167.2060 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mozilla Firefox 49.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 fr)) (Version: 49.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
    OEM Application Profile (HKLM-x32\...\{8C7185EB-4165-040E-D581-EA62D922E8A2}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
    OpenOffice 4.1.1 (HKLM-x32\...\{121727D5-FDF3-4723-BA57-EB383440ED72}) (Version: 4.11.9775 - Apache Software Foundation)
    Package de pilotes Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Package de pilotes Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
    SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
    Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.101 - Skype Technologies S.A.)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
    TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.02.6402 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.3.0 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
    TRS32 Emulator 1.28 (HKLM-x32\...\TRS32 Emulator) (Version: 1.28 - Matthew Reed)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
    Xperia Companion (HKLM-x32\...\{8f4f39fa-087f-4e5c-84f3-1433ac7389e9}) (Version: 1.2.8.0 - Sony)
    Xperia Companion (x32 Version: 1.2.8.0 - Sony) Hidden

    ==================== Personnalisé CLSID (Avec liste blanche): ==========================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    CustomCLSID: HKU\S-1-5-21-2253113614-2940369490-2009371491-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
    CustomCLSID: HKU\S-1-5-21-2253113614-2940369490-2009371491-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

    ==================== Tâches planifiées (Avec liste blanche) =============

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {145B61C7-F36B-4DD9-9541-15A752CAF0A2} - System32\Tasks\avastBCLRestartS-1-5-21-2253113614-2940369490-2009371491-1001 => Firefox.exe
    Task: {15804648-D1A1-404E-91B5-6A4083EC3583} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-13] (Microsoft Corporation)
    Task: {1C32A20B-2578-4B92-8365-DC0F8CFE7C61} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
    Task: {351BACA6-9351-45B3-B0EE-99C225048CAB} - System32\Tasks\SafeZone scheduled Autoupdate 1458770513 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
    Task: {3C9D0E7F-A80A-4017-824D-EEF0D7369ADC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {4323FE07-5473-45BB-83B0-4C5214050DBC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
    Task: {4853226D-0428-4186-8110-D1C2EE755F66} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
    Task: {5D7CB2C6-0A00-455C-B69B-38ACC8CD06B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-13] (Adobe Systems Incorporated)
    Task: {6A9333EA-7C66-4795-A55A-EA6403A8EA54} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
    Task: {726D954D-C994-4CC6-9360-C7038850A9D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
    Task: {81DE33C7-7318-4FF5-90E8-E663C935499F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
    Task: {87CB9FB1-219B-4567-BEEA-B00435D70A28} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
    Task: {976FB582-D56D-4910-AD5B-EFAF49305993} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
    Task: {9BC9FFB6-7595-4D77-A54F-FFE3D4276072} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
    Task: {9C0136FA-9913-40DB-A1FA-91C370131A24} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2253113614-2940369490-2009371491-1001 => C:\Users\USER\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-23] (Microsoft Corporation)
    Task: {D52AD4F0-85AB-4D11-9638-876D4BD0C518} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {E253F052-16A9-4EEC-8B0E-85B00A6265C5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
    Task: {F9B77B3A-958C-4132-95C3-60EE40CA7D29} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-18] (AVAST Software)

    (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Raccourcis =============================

    (Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

    ==================== Modules chargés (Avec liste blanche) ==============

    2016-08-23 07:15 - 2016-08-23 07:15 - 01864384 _____ () C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
    2015-08-11 19:10 - 2009-10-16 18:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-03-21 17:09 - 2014-03-21 17:09 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2015-02-12 22:45 - 2013-06-09 22:10 - 00348344 _____ () C:\Program Files (x86)\Cheat Engine 6.3\lua5.1-64.dll
    2015-08-11 19:10 - 2009-10-16 18:12 - 00273408 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdxdr.dll
    2015-08-11 19:10 - 2009-10-16 18:09 - 01401856 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdxptpc.dll
    2015-08-11 19:10 - 2009-10-16 18:12 - 00196096 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdxdrui.dll
    2016-09-18 09:53 - 2016-09-18 09:53 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-10-18 11:31 - 2016-10-18 11:31 - 03121496 _____ () C:\Program Files\AVAST Software\Avast\defs\16101801\algo.dll
    2016-09-18 09:53 - 2016-09-18 09:53 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-09-18 09:54 - 2016-09-18 09:54 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-10-28 16:56 - 2014-03-06 16:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2016-10-03 18:22 - 2016-09-24 23:47 - 01805416 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
    2016-10-03 18:22 - 2016-09-24 23:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
    2016-05-30 08:10 - 2016-10-13 13:34 - 03598536 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
    2014-08-13 10:27 - 2014-08-13 10:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
    2014-07-29 14:34 - 2014-07-29 14:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
    2014-07-29 14:34 - 2014-07-29 14:34 - 00136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
    2014-07-29 14:34 - 2014-07-29 14:34 - 00303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
    2015-02-12 22:45 - 2013-06-07 22:56 - 00181944 _____ () C:\Program Files (x86)\Cheat Engine 6.3\speedhack-i386.dll

    ==================== Alternate Data Streams (Avec liste blanche) =========

    (Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)

    AlternateDataStreams: C:\Users\USER\Desktop\scan1.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\scan1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan2.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan3.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan4.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan5.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan6.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan7.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan7.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

    ==================== Mode sans échec (Avec liste blanche) ===================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)


    ==================== Association (Avec liste blanche) ===============

    (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)


    ==================== Internet Explorer sites de confiance/sensibles ===============

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)


    ==================== Hosts contenu: ===============================

    (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Autres zones ============================

    (Actuellement, il n'y a pas de correction automatique pour cette section.)

    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\TOSHIBA\TOSHIBA1.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Le Pare-feu est activé.

    ==================== MSCONFIG/TASK MANAGER éléments désactivés ==


    ==================== RèglesPare-feu (Avec liste blanche) ===============

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{AE271592-A0F7-42F3-9857-AFE057D7A3E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{75985013-E0BA-45CF-9E7C-30B84EC8FF86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{FD091C7F-015C-4958-AA58-F5EB0C957645}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{CA0545B2-379D-4B01-9343-30286FB4D6B9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{C67E8DDE-E599-405B-A726-E95ED4DB9671}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{EA9653E7-EDE7-49C2-AE97-0E4EA1F8AB36}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{E07B0480-9C07-4853-AE30-D7D7398BF158}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
    FirewallRules: [UDP Query User{A19E8FD5-3D72-44F5-A48A-1C794B6CA601}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
    FirewallRules: [{818DF91C-AEAC-461A-84A5-E1E5AA2F516F}] => (Allow) C:\Windows\System32\lxdxcoms.exe
    FirewallRules: [{0B367D88-1C21-4654-9AE0-7A882A13C2A1}] => (Allow) C:\Windows\System32\lxdxcoms.exe
    FirewallRules: [TCP Query User{E8E12FB7-3ED0-4A9F-BCC5-73B8C9A1CB25}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe
    FirewallRules: [UDP Query User{1407856B-FAE8-40AA-8463-101E9C44F036}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe
    FirewallRules: [{F6E31EE9-5AB8-4E87-BCDC-7FBE72C3BBD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{FADEA5F1-BF72-4589-B631-482D28B24D07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{BBE309C3-1170-4CE5-9E32-20176DDF5491}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{83E8DFB8-780E-40D8-A154-40C3BB51C471}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F8C244EE-17D8-4753-BC1D-268E354D7310}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{7C68CB09-E90D-41A4-9F34-B165E90324DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F43D6A73-33FB-4008-A247-EB8F4E3D42FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5A6D3548-E096-4B50-A92A-0E3D76203FF7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{AB9DEB72-CB8F-4D1F-9BCD-6D6D6080BA73}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{D33A049D-4E7B-4539-83E5-D269390FC44D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{42B73876-03CD-44A8-B6D9-BEC0292E0E06}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{60A43361-3852-4427-9508-819ABDCC5B30}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{07588C57-0889-4939-8548-CD205775F58E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{EDA0B863-E364-46ED-810E-E0DDFBFDAEE2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{6B977F7E-7D30-4E28-B2DF-B179FB08E672}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
    FirewallRules: [{E31E4980-D668-473E-B5B9-8176676043C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Points de restauration =========================

    23-09-2016 15:22:50 ASU_MSI_TRAN
    07-10-2016 14:08:14 JRT Pre-Junkware Removal
    12-10-2016 09:40:32 Windows Update
    13-10-2016 12:24:27 Opération de restauration
    17-10-2016 14:44:25 ASU_MSI_TRAN

    ==================== Éléments en erreur du Gestionnaire de périphériques =============


    ==================== Erreurs du Journal des événements: =========================

    Erreurs Application:
    ==================
    Error: (10/19/2016 09:04:06 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {FB85F804-7781-4ECE-96BA-6DA12CD84C6B}

    Error: (10/19/2016 09:04:06 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {FB85F804-7781-4ECE-96BA-6DA12CD84C6B}

    Error: (10/19/2016 08:28:18 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante AvastSvc.exe, version : 12.3.3154.0, horodatage : 0x57b5c39d
    Nom du module défaillant : ntdll.dll, version : 6.3.9600.18233, horodatage : 0x56bb4e1d
    Code d’exception : 0xc0000374
    Décalage d’erreur : 0x000e6054
    ID du processus défaillant : 0x47c
    Heure de début de l’application défaillante : 0x01d22615dcec996c
    Chemin d’accès de l’application défaillante : C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll
    ID de rapport : 835640c5-95f7-11e6-82ce-c454446baf95
    Nom complet du package défaillant :
    ID de l’application relative au package défaillant :

    Error: (10/19/2016 08:27:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 32363907

    Error: (10/19/2016 08:27:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 32363907

    Error: (10/19/2016 08:27:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/19/2016 01:29:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7241141

    Error: (10/19/2016 01:29:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7241141

    Error: (10/19/2016 01:29:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/19/2016 01:29:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7239907


    Erreurs système:
    =============
    Error: (10/19/2016 10:48:56 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
    Description: Le serveur {1B1F472E-3221-4826-97DB-2C2324D389AE} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

    Error: (10/19/2016 10:48:26 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
    Description: Le serveur {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

    Error: (10/19/2016 09:07:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Le service Garmin Device Interaction Service n’a pas pu démarrer en raison de l’erreur :
    Le service n’a pas répondu assez vite à la demande de lancement ou de contrôle.

    Error: (10/19/2016 09:07:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Garmin Device Interaction Service.

    Error: (10/19/2016 09:05:17 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
    Description: Le serveur {9BA05972-F6A8-11CF-A442-00A0C90A8F39} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

    Error: (10/19/2016 09:05:17 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
    Description: Le serveur {9BA05972-F6A8-11CF-A442-00A0C90A8F39} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

    Error: (10/19/2016 09:05:17 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
    Description: Le serveur {9BA05972-F6A8-11CF-A442-00A0C90A8F39} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

    Error: (10/19/2016 09:05:17 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
    Description: Le serveur {9BA05972-F6A8-11CF-A442-00A0C90A8F39} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

    Error: (10/19/2016 09:05:08 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
    Description: Le serveur {4545DEA0-2DFC-4906-A728-6D986BA399A9} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

    Error: (10/19/2016 09:05:08 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
    Description: Le serveur {4545DEA0-2DFC-4906-A728-6D986BA399A9} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.


    CodeIntegrity:
    ===================================
    Date: 2016-09-18 11:06:54.161
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-08 12:58:08.185
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-02-08 12:58:07.518
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-02-08 12:29:27.941
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-02-08 12:29:27.210
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-02-08 12:28:41.616
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-02-08 12:28:40.915
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Infos Mémoire ===========================

    Processeur: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
    Pourcentage de mémoire utilisée: 70%
    Mémoire physique - RAM - totale: 8112.14 MB
    Mémoire physique - RAM - disponible: 2418.36 MB
    Mémoire virtuelle totale: 12080.14 MB
    Mémoire virtuelle disponible: 5485.11 MB

    ==================== Lecteurs ================================

    Drive c: (TI80167500B) (Fixed) (Total:685.87 GB) (Free:362.58 GB) NTFS

    ==================== MBR & Table des partitions ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== Fin de Addition.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    Already installed:
    2.0 Threat Scan
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    Thanks.

    I'll just add that I have temporarily disabled my wifi card and am using a USB Wi-fi key. Otherwise, I just cannot get online.

    Here are the requested logs:

    RogueKiller:

    RogueKiller V12.7.3.0 (x64) [Oct 17 2016] (Gratuit) par Adlice Software
    email : http://www.adlice.com/contact/
    Remontées : http://forum.adlice.com
    Site web : http://www.adlice.com/fr/download/roguekiller/
    Blog : http://www.adlice.com

    Système d'exploitation : Windows 8.1 (6.3.9600) 64 bits version
    Démarré en : Mode normal
    Utilisateur : USER [Administrateur]
    Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Suppression -- Date : 10/20/2016 00:03:26 (Durée : 00:36:36)

    ¤¤¤ Processus : 0 ¤¤¤

    ¤¤¤ Registre : 4 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main | Start Page : -> Non sélectionné
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main | Start Page : -> Non sélectionné
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TNJB -> Non sélectionné
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TNJB -> Non sélectionné

    ¤¤¤ Tâches : 0 ¤¤¤

    ¤¤¤ Fichiers : 1 ¤¤¤
    [PUP][Répertoire] C:\Program Files\ByteFence -> Supprimé(e)
    [PUP][Fichier] C:\Program Files\ByteFence\SignaturesCEAList.dat -> Supprimé(e)
    [PUP][Fichier] C:\Program Files\ByteFence\SignaturesCEFList.dat -> Supprimé(e)
    [PUP][Fichier] C:\Program Files\ByteFence\SignaturesCEList.dat -> Supprimé(e)

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Fichier Hosts : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

    ¤¤¤ Navigateurs web : 1 ¤¤¤
    [PUM.SearchEngine][FIREFX:Config] b3rwmyxm.default-1444782379509 : user_pref("browser.search.selectedEngine", "Yahoo!"); -> Non sélectionné

    ¤¤¤ Vérification MBR : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
    --- User ---
    [MBR] 5f867255775d74c04f0022b73e2b3b41
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
    1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 100 MB
    2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2304000 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2566144 | Size: 702327 MB
    4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1440931840 | Size: 11824 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  6. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    MBAM log:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Date de l'analyse: 2016-10-20
    Heure de l'analyse: 08:33
    Fichier journal: MBAM.txt
    Administrateur: Oui

    Version: 2.2.1.1043
    Base de données de programmes malveillants: v2016.10.20.06
    Base de données de rootkits: v2016.09.26.02
    Licence: Gratuit
    Protection contre les programmes malveillants: Désactivé
    Protection contre les sites Web malveillants: Désactivé
    Autoprotection: Désactivé

    Système d'exploitation: Windows 8.1
    Processeur: x64
    Système de fichiers: NTFS
    Utilisateur: USER

    Type d'analyse: Analyse des menaces
    Résultat: Terminé
    Objets analysés: 340799
    Temps écoulé: 19 min, 10 s

    Mémoire: Activé
    Démarrage: Activé
    Système de fichiers: Activé
    Archives: Activé
    Rootkits: Désactivé
    Heuristique: Activé
    PUP: Activé
    PUM: Activé

    Processus: 0
    (Aucun élément malveillant détecté)

    Modules: 0
    (Aucun élément malveillant détecté)

    Clés du Registre: 0
    (Aucun élément malveillant détecté)

    Valeurs du Registre: 0
    (Aucun élément malveillant détecté)

    Données du Registre: 0
    (Aucun élément malveillant détecté)

    Dossiers: 11
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\content, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\css, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\external, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\fonts, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\_metadata, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],

    Fichiers: 53
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, En quarantaine, [3b3b95069dfdd85e9bdc3ac005fe13ed],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\manifest.json, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\content\background.html, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\content\newtab.html, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\css\newtab.css, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\css\search.css, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\css\search2.css, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\css\styles.css, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\css\white_bg.css, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\external\normalize.css, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\fonts\HelveticaNeue-Thin.otf, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\fonts\neue-bold.woff, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\fonts\neue.woff, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\128.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\16.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\48.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\close.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\01d.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\01n.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\02d.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\02n.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\03d.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\03n.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\04d.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\04n.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\09d.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\09n.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\10d.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\10n.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\11d.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\11n.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\13d.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\13n.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\50d.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\icons\weather\50n.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\bg.jpg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\bing.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\bluesky-bg.jpg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\brush.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\clock.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\cloud.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\cupcake-bg.jpg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\desk-bg.jpg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\doodle.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\down.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\google.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\just-the-box.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\mountain-bg.jpg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\sea-bg.jpg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\yahoo.png, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\skin\images\yahoo.svg, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.SearchManager, C:\Users\USER\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.9.1_0\_metadata\verified_contents.json, En quarantaine, [a9cdb6e5584281b5fbe213b4f70bb947],
    PUP.Optional.WinYahoo, C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509\searchplugins\yahoo! powered.xml, En quarantaine, [e294cdceb1e9c86efa4dbde08d7741bf],

    Secteurs physiques: 0
    (Aucun élément malveillant détecté)


    (end)
     
  7. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    ADWCLeaner Scan log:

    # AdwCleaner v6.030 - Rapport créé le 20/10/2016 à 08:58:39
    # Mis à jour le 19/10/2016 par Malwarebytes
    # Base de données : 2016-10-18.1 [Serveur]
    # Système d'exploitation : Windows 8.1 (X64)
    # Nom d'utilisateur : USER - TOSHIBA
    # Exécuté depuis : C:\Users\USER\Desktop\adwcleaner_6.030.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    Aucun service malveillant trouvé.


    ***** [ Dossiers ] *****

    Aucun dossier malveillant trouvé.


    ***** [ Fichiers ] *****

    Aucun fichier malveillant trouvé.


    ***** [ DLL ] *****

    Aucune DLL patchée trouvée.


    ***** [ WMI ] *****

    Aucune clé malveillante trouvée.


    ***** [ Raccourcis ] *****

    Aucun raccourci infecté trouvé.


    ***** [ Tâches planifiées ] *****

    Aucune tâche malveillante trouvée.


    ***** [ Registre ] *****

    Aucun élément malveillant trouvé dans le registre.


    ***** [ Navigateurs web ] *****

    Aucune préférence Firefox malveillante trouvée.
    Chromium préf trouvée: [C:\Users\USER\AppData\Local\Chromium\User Data\Default\Web data] - yahoo! powered
    Chromium préf trouvée: [C:\Users\USER\AppData\Local\Chromium\User Data\Default\Secure Preferences] - hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tchfld_16_41&param1=1&param2=f%3D7%26b%3D
    Chromium préf trouvée: [C:\Users\USER\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - pilplloabdedfmialnfchjomjmpjcoej
    Chromium préf trouvée: [C:\Users\USER\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tchfld_16_41&param1=1&param2=f%3D1%26b%3
    Chromium préf trouvée: [C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pilplloabdedfmialnfchjomjmpjcoej

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [907 octets] - [06/02/2016 11:29:04]
    C:\AdwCleaner\AdwCleaner[C2].txt - [2516 octets] - [18/09/2016 10:10:49]
    C:\AdwCleaner\AdwCleaner[S1].txt - [679 octets] - [03/11/2015 22:36:16]
    C:\AdwCleaner\AdwCleaner[S2].txt - [689 octets] - [10/12/2015 19:18:56]
    C:\AdwCleaner\AdwCleaner[S3].txt - [689 octets] - [06/01/2016 23:10:36]
    C:\AdwCleaner\AdwCleaner[S4].txt - [796 octets] - [06/02/2016 11:25:48]
    C:\AdwCleaner\AdwCleaner[S5].txt - [2739 octets] - [18/09/2016 10:10:37]
    C:\AdwCleaner\AdwCleaner[S6].txt - [1762 octets] - [07/10/2016 13:59:10]
    C:\AdwCleaner\AdwCleaner[S7].txt - [2494 octets] - [20/10/2016 08:58:39]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2568 octets] ##########
     
  8. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    ADWCLeaner Clean:

    # AdwCleaner v6.030 - Rapport créé le 20/10/2016 à 08:59:40
    # Mis à jour le 19/10/2016 par Malwarebytes
    # Base de données : 2016-10-18.1 [Serveur]
    # Système d'exploitation : Windows 8.1 (X64)
    # Nom d'utilisateur : USER - TOSHIBA
    # Exécuté depuis : C:\Users\USER\Desktop\adwcleaner_6.030.exe
    # Mode: Nettoyage
    # Support : hxxps://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Dossiers ] *****



    ***** [ Fichiers ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Raccourcis ] *****



    ***** [ Tâches planifiées ] *****



    ***** [ Registre ] *****



    ***** [ Navigateurs ] *****

    [-] [C:\Users\USER\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Supprimé: yahoo! powered
    [-] [C:\Users\USER\AppData\Local\Chromium\User Data\Default] [startup_urls] Supprimé: hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tchfld_16_41&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEyC0B0A0FzyyD0C0BtAzytN0D0Tzu0StCyByEyEtN1L2XzutAtFtByEtFtByDtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0F0AzyyEzyzztAtGyDzyyCtBtGtD0DtByDtGyByByDyBtG0AtDyCzyyDyC0B0C0C0AtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0ByD0ByEyBzyyEtG0E0FyEtDtGyEzz0DzztGzzzytCzztG0Fzz0CyByCtD0DtB0AtCtDtC2QtN0A0LzuyE%26cr%3D928585033%26a%3Dwbf_tchfld_16_41%26os_ver%3D6.3%26os%3DWindows%2B8.1
    [-] [C:\Users\USER\AppData\Local\Chromium\User Data\Default] [extension] Supprimé: pilplloabdedfmialnfchjomjmpjcoej
    [-] [C:\Users\USER\AppData\Local\Chromium\User Data\Default] [homepage] Supprimé: hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tchfld_16_41&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEyC0B0A0FzyyD0C0BtAzytN0D0Tzu0StCyByEyEtN1L2XzutAtFtByEtFtByDtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0F0AzyyEzyzztAtGyDzyyCtBtGtD0DtByDtGyByByDyBtG0AtDyCzyyDyC0B0C0C0AtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0ByD0ByEyBzyyEtG0E0FyEtDtGyEzz0DzztGzzzytCzztG0Fzz0CyByCtD0DtB0AtCtDtC2QtN0A0LzuyE%26cr%3D928585033%26a%3Dwbf_tchfld_16_41%26os_ver%3D6.3%26os%3DWindows%2B8.1
    [-] [C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default] [extension] Supprimé: pilplloabdedfmialnfchjomjmpjcoej


    *************************

    :: Clés "Tracing" supprimées
    :: Paramètres Winsock réinitialisés

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [907 octets] - [06/02/2016 11:29:04]
    C:\AdwCleaner\AdwCleaner[C2].txt - [2516 octets] - [18/09/2016 10:10:49]
    C:\AdwCleaner\AdwCleaner[C3].txt - [2572 octets] - [20/10/2016 08:59:40]
    C:\AdwCleaner\AdwCleaner[S1].txt - [679 octets] - [03/11/2015 22:36:16]
    C:\AdwCleaner\AdwCleaner[S2].txt - [689 octets] - [10/12/2015 19:18:56]
    C:\AdwCleaner\AdwCleaner[S3].txt - [689 octets] - [06/01/2016 23:10:36]
    C:\AdwCleaner\AdwCleaner[S4].txt - [796 octets] - [06/02/2016 11:25:48]
    C:\AdwCleaner\AdwCleaner[S5].txt - [2739 octets] - [18/09/2016 10:10:37]
    C:\AdwCleaner\AdwCleaner[S6].txt - [1762 octets] - [07/10/2016 13:59:10]
    C:\AdwCleaner\AdwCleaner[S7].txt - [2648 octets] - [20/10/2016 08:58:39]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [3160 octets] ##########
     
  9. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.4 (09.28.2015:1)
    OS: Windows 8.1 x64
    Ran by USER on 2016-10-20 at 9:04:11,24
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\TOSHIBA



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\b3rwmyxm.default-1444782379509\minidumps [3 files]



    ~~~ Chrome


    [C:\Users\USER\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\USER\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\USER\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\USER\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2016-10-20 at 9:08:21,72
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    Oh yes, and Chromium you see in the logs is one of those unwanted software for which the uninstall did not work for some reason.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  12. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    FRST log is so short :), maybe I have done something wrong :



    LastRegBack: 2016-10-15 12:12

    ==================== Fin de FRST.txt ============================
     
  13. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    Addition:

    Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 17-10-2016
    Exécuté par USER (20-10-2016 20:46:33)
    Exécuté depuis C:\Users\USER\Desktop
    Windows 8.1 (Update) (X64) (2014-10-29 00:08:45)
    Mode d'amorçage: Normal
    ==========================================================


    ==================== Comptes: =============================

    Administrateur (S-1-5-21-2253113614-2940369490-2009371491-500 - Administrator - Disabled)
    Invité (S-1-5-21-2253113614-2940369490-2009371491-501 - Limited - Disabled)
    USER (S-1-5-21-2253113614-2940369490-2009371491-1001 - Administrator - Enabled) => C:\Users\USER

    ==================== Centre de sécurité ========================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

    AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Programmes installés ======================

    (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.17) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{42EC3153-24B0-FCAD-0F16-0904BCBAB179}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32 bits) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
    Apple Application Support (64 bits) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.1.2.0 - Auslogics Labs Pty Ltd)
    Avast Antivirus Gratuit (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
    Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.36.50 - Conexant)
    CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1321 - CyberLink Corp.)
    Disk Investigator 1.61 (HKLM-x32\...\Disk Investigator) (Version: 1.61 - Kevin Solway)
    DTS Sound (HKLM-x32\...\{5B54DDC3-0ACC-4722-9C23-C3F07AF4825D}) (Version: 1.01.6700 - DTS, Inc.)
    EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
    ELAN Touchpad 11.8.43.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.43.1 - ELAN Microelectronic Corp.)
    Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    eMule (HKLM-x32\...\eMule) (Version: - )
    Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)
    Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
    HP Officejet Pro 8600 Aide (HKLM-x32\...\{20033B23-1270-4E9C-92DC-2E167A367C73}) (Version: 28.0.0 - Hewlett Packard)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    ImpôtRapide 2014 (HKLM-x32\...\{7366981E-1520-4A66-AD94-FBFC60A80E97}) (Version: 1.00.0000 - Intuit Canada)
    ImpôtRapide 2015 (HKLM-x32\...\{9DF6FA30-3746-4D96-B5B7-C0B88CE0E149}) (Version: 1.00.0000 - Intuit Canada)
    Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
    iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
    Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Logiciel de base du périphérique HP Officejet Pro 8600 (HKLM\...\{E588CA1D-AD74-4E04-8C53-AD9735C4CA54}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.7369.2038 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mozilla Firefox 49.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 fr)) (Version: 49.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
    OEM Application Profile (HKLM-x32\...\{8C7185EB-4165-040E-D581-EA62D922E8A2}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
    OpenOffice 4.1.1 (HKLM-x32\...\{121727D5-FDF3-4723-BA57-EB383440ED72}) (Version: 4.11.9775 - Apache Software Foundation)
    Package de pilotes Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Package de pilotes Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    RogueKiller version 12.7.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.3.0 - Adlice Software)
    SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
    SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
    Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.101 - Skype Technologies S.A.)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
    TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.02.6402 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.3.0 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
    TRS32 Emulator 1.28 (HKLM-x32\...\TRS32 Emulator) (Version: 1.28 - Matthew Reed)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
    Xperia Companion (HKLM-x32\...\{8f4f39fa-087f-4e5c-84f3-1433ac7389e9}) (Version: 1.2.8.0 - Sony)
    Xperia Companion (x32 Version: 1.2.8.0 - Sony) Hidden

    ==================== Personnalisé CLSID (Avec liste blanche): ==========================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    CustomCLSID: HKU\S-1-5-21-2253113614-2940369490-2009371491-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
    CustomCLSID: HKU\S-1-5-21-2253113614-2940369490-2009371491-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

    ==================== Tâches planifiées (Avec liste blanche) =============

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {145B61C7-F36B-4DD9-9541-15A752CAF0A2} - System32\Tasks\avastBCLRestartS-1-5-21-2253113614-2940369490-2009371491-1001 => Firefox.exe
    Task: {15804648-D1A1-404E-91B5-6A4083EC3583} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-09] (Microsoft Corporation)
    Task: {351BACA6-9351-45B3-B0EE-99C225048CAB} - System32\Tasks\SafeZone scheduled Autoupdate 1458770513 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
    Task: {3C9D0E7F-A80A-4017-824D-EEF0D7369ADC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {4323FE07-5473-45BB-83B0-4C5214050DBC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
     
  14. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    Addition continues:

    Task: {4853226D-0428-4186-8110-D1C2EE755F66} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
    Task: {5AEA4244-652D-4350-BB09-4E65025828C7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
    Task: {5D7CB2C6-0A00-455C-B69B-38ACC8CD06B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-13] (Adobe Systems Incorporated)
    Task: {6A9333EA-7C66-4795-A55A-EA6403A8EA54} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
    Task: {726D954D-C994-4CC6-9360-C7038850A9D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
    Task: {81DE33C7-7318-4FF5-90E8-E663C935499F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
    Task: {9380E2E8-1F9D-4648-A383-7C9FB85AE748} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
    Task: {976FB582-D56D-4910-AD5B-EFAF49305993} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
    Task: {9BC9FFB6-7595-4D77-A54F-FFE3D4276072} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
    Task: {9C0136FA-9913-40DB-A1FA-91C370131A24} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2253113614-2940369490-2009371491-1001 => C:\Users\USER\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-23] (Microsoft Corporation)
    Task: {D52AD4F0-85AB-4D11-9638-876D4BD0C518} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {E253F052-16A9-4EEC-8B0E-85B00A6265C5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
    Task: {F9B77B3A-958C-4132-95C3-60EE40CA7D29} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-18] (AVAST Software)

    (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Raccourcis =============================

    (Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

    ==================== Modules chargés (Avec liste blanche) ==============

    2016-08-23 07:15 - 2016-08-23 07:15 - 01864384 _____ () C:\Users\USER\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
    2015-08-11 19:10 - 2009-10-16 18:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-08-11 19:10 - 2009-10-16 18:12 - 00273408 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdxdr.dll
    2015-08-11 19:10 - 2009-10-16 18:09 - 01401856 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdxptpc.dll
    2015-08-11 19:10 - 2009-10-16 18:12 - 00196096 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdxdrui.dll
    2015-02-12 22:45 - 2013-06-09 22:10 - 00348344 _____ () C:\Program Files (x86)\Cheat Engine 6.3\lua5.1-64.dll
    2016-07-24 10:34 - 2015-11-22 16:53 - 00035496 _____ () C:\Program Files\GIMP 2\bin\libgimpmodule-2.0-0.dll
    2016-07-24 10:34 - 2015-11-22 16:53 - 00050912 _____ () C:\Program Files\GIMP 2\bin\libgimpthumb-2.0-0.dll
    2016-07-24 10:34 - 2015-11-22 16:53 - 01242256 _____ () C:\Program Files\GIMP 2\bin\libgimpwidgets-2.0-0.dll
    2016-07-24 10:34 - 2015-11-22 16:53 - 00101584 _____ () C:\Program Files\GIMP 2\bin\libgimpbase-2.0-0.dll
    2016-07-24 10:34 - 2015-11-22 16:53 - 00067968 _____ () C:\Program Files\GIMP 2\bin\libgimpcolor-2.0-0.dll
    2016-07-24 10:34 - 2015-11-22 16:53 - 00077168 _____ () C:\Program Files\GIMP 2\bin\libgimpconfig-2.0-0.dll
    2016-07-24 10:34 - 2015-11-22 16:53 - 00039240 _____ () C:\Program Files\GIMP 2\bin\libgimpmath-2.0-0.dll
    2016-07-24 10:34 - 2015-11-22 14:18 - 00279384 _____ () C:\Program Files\GIMP 2\bin\libfontconfig-1.dll
    2016-07-24 10:34 - 2015-11-18 00:42 - 00129732 _____ () C:\Program Files\GIMP 2\bin\libbabl-0.1-0.dll
    2016-07-24 10:34 - 2015-11-18 00:28 - 00899175 _____ () C:\Program Files\GIMP 2\bin\libcairo-2.dll
    2016-07-24 10:34 - 2015-11-17 23:49 - 00517214 _____ () C:\Program Files\GIMP 2\bin\libfreetype-6.dll
    2016-07-24 10:34 - 2015-11-19 01:45 - 00420671 _____ () C:\Program Files\GIMP 2\bin\libgegl-0.2-0.dll
    2016-07-24 10:34 - 2015-11-18 00:49 - 00083158 _____ () C:\Program Files\GIMP 2\bin\libgcc_s_seh-1.dll
    2016-07-24 10:34 - 2015-11-17 23:50 - 01253294 _____ () C:\Program Files\GIMP 2\bin\libxml2-2.dll
    2016-07-24 10:34 - 2015-11-17 23:47 - 00664136 _____ () C:\Program Files\GIMP 2\bin\libpixman-1-0.dll
    2016-07-24 10:34 - 2015-11-17 23:50 - 00219294 _____ () C:\Program Files\GIMP 2\bin\libpng16-16.dll
    2016-07-24 10:34 - 2015-11-17 23:49 - 00090777 _____ () C:\Program Files\GIMP 2\bin\zlib1.dll
    2016-07-24 10:34 - 2015-11-18 00:03 - 00287367 _____ () C:\Program Files\GIMP 2\bin\libjasper-1.dll
    2016-07-24 10:34 - 2015-11-17 23:47 - 00343606 _____ () C:\Program Files\GIMP 2\bin\libjpeg-8.dll
    2016-07-24 10:34 - 2015-11-18 00:23 - 00435601 _____ () C:\Program Files\GIMP 2\bin\libtiff-5.dll
    2016-07-24 10:34 - 2015-11-17 23:46 - 00032655 _____ () C:\Program Files\GIMP 2\bin\libffi-6.dll
    2016-07-24 10:34 - 2015-11-18 01:21 - 00365156 _____ () C:\Program Files\GIMP 2\bin\libharfbuzz-0.dll
    2016-07-24 10:34 - 2015-11-19 01:17 - 00074031 _____ () C:\Program Files\GIMP 2\lib\gtk-2.0\2.10.0\engines\libwimp.dll
    2016-07-24 10:34 - 2015-11-22 16:54 - 00036288 _____ () C:\Program Files\GIMP 2\lib\gimp\2.0\modules\libdisplay-filter-lcms.dll
    2016-07-24 10:34 - 2015-11-18 00:28 - 00313493 _____ () C:\Program Files\GIMP 2\bin\liblcms2-2.dll
    2016-07-24 10:34 - 2015-11-22 16:53 - 00146032 _____ () C:\Program Files\GIMP 2\bin\libgimpui-2.0-0.dll
    2016-07-24 10:34 - 2015-11-22 16:53 - 00242648 _____ () C:\Program Files\GIMP 2\bin\libgimp-2.0-0.dll
    2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2016-09-18 09:53 - 2016-09-18 09:53 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-09-18 09:53 - 2016-09-18 09:53 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-10-20 17:15 - 2016-10-20 17:15 - 03121496 _____ () C:\Program Files\AVAST Software\Avast\defs\16102001\algo.dll
    2016-09-18 09:54 - 2016-09-18 09:54 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-10-28 16:56 - 2014-03-06 16:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2016-10-03 18:22 - 2016-09-24 23:47 - 01805416 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
    2016-10-03 18:22 - 2016-09-24 23:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
    2015-02-12 22:45 - 2013-06-07 22:56 - 00181944 _____ () C:\Program Files (x86)\Cheat Engine 6.3\speedhack-i386.dll
    2016-05-30 08:10 - 2016-10-19 10:09 - 03593408 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
    2014-08-13 10:27 - 2014-08-13 10:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
    2014-07-29 14:34 - 2014-07-29 14:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll

    ==================== Alternate Data Streams (Avec liste blanche) =========

    (Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)

    AlternateDataStreams: C:\Users\USER\Desktop\scan1.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\scan1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan2.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan3.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan4.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan5.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan6.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan7.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan7.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

    ==================== Mode sans échec (Avec liste blanche) ===================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)


    ==================== Association (Avec liste blanche) ===============

    (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)


    ==================== Internet Explorer sites de confiance/sensibles ===============

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)


    ==================== Hosts contenu: ===============================

    (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Autres zones ============================

    (Actuellement, il n'y a pas de correction automatique pour cette section.)

    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\TOSHIBA\TOSHIBA1.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Le Pare-feu est activé.

    ==================== MSCONFIG/TASK MANAGER éléments désactivés ==


    ==================== RèglesPare-feu (Avec liste blanche) ===============

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{AE271592-A0F7-42F3-9857-AFE057D7A3E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{75985013-E0BA-45CF-9E7C-30B84EC8FF86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{FD091C7F-015C-4958-AA58-F5EB0C957645}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{CA0545B2-379D-4B01-9343-30286FB4D6B9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{C67E8DDE-E599-405B-A726-E95ED4DB9671}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{EA9653E7-EDE7-49C2-AE97-0E4EA1F8AB36}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{E07B0480-9C07-4853-AE30-D7D7398BF158}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
    FirewallRules: [UDP Query User{A19E8FD5-3D72-44F5-A48A-1C794B6CA601}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
    FirewallRules: [{818DF91C-AEAC-461A-84A5-E1E5AA2F516F}] => (Allow) C:\Windows\System32\lxdxcoms.exe
    FirewallRules: [{0B367D88-1C21-4654-9AE0-7A882A13C2A1}] => (Allow) C:\Windows\System32\lxdxcoms.exe
    FirewallRules: [TCP Query User{E8E12FB7-3ED0-4A9F-BCC5-73B8C9A1CB25}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe
    FirewallRules: [UDP Query User{1407856B-FAE8-40AA-8463-101E9C44F036}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe
    FirewallRules: [{F6E31EE9-5AB8-4E87-BCDC-7FBE72C3BBD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{FADEA5F1-BF72-4589-B631-482D28B24D07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{BBE309C3-1170-4CE5-9E32-20176DDF5491}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{83E8DFB8-780E-40D8-A154-40C3BB51C471}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F8C244EE-17D8-4753-BC1D-268E354D7310}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{7C68CB09-E90D-41A4-9F34-B165E90324DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F43D6A73-33FB-4008-A247-EB8F4E3D42FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5A6D3548-E096-4B50-A92A-0E3D76203FF7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{AB9DEB72-CB8F-4D1F-9BCD-6D6D6080BA73}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{D33A049D-4E7B-4539-83E5-D269390FC44D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{42B73876-03CD-44A8-B6D9-BEC0292E0E06}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{60A43361-3852-4427-9508-819ABDCC5B30}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{07588C57-0889-4939-8548-CD205775F58E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{EDA0B863-E364-46ED-810E-E0DDFBFDAEE2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{6B977F7E-7D30-4E28-B2DF-B179FB08E672}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
    FirewallRules: [{E31E4980-D668-473E-B5B9-8176676043C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Points de restauration =========================

    23-09-2016 15:22:50 ASU_MSI_TRAN
    07-10-2016 14:08:14 JRT Pre-Junkware Removal
    12-10-2016 09:40:32 Windows Update
    13-10-2016 12:24:27 Opération de restauration
    17-10-2016 14:44:25 ASU_MSI_TRAN
    20-10-2016 09:04:19 JRT Pre-Junkware Removal

    ==================== Éléments en erreur du Gestionnaire de périphériques =============

    Name: Intel(R) Dual Band Wireless-AC 3160
    Description: Intel(R) Dual Band Wireless-AC 3160
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Intel Corporation
    Service: NETwNb64
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Erreurs du Journal des événements: =========================

    Erreurs Application:
    ==================
    Error: (10/20/2016 02:46:09 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: Un problème a empêché l’envoi des données du Programme d’amélioration de l’expérience utilisateur à Microsoft (erreur 80070005).

    Error: (10/20/2016 12:39:58 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante wmiprvse.exe, version : 6.3.9600.18264, horodatage : 0x56e1bc63
    Nom du module défaillant : ProtectionManagement.dll, version : 4.8.207.0, horodatage : 0x55933dc7
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x000000000000f674
    ID du processus défaillant : 0x296c
    Heure de début de l’application défaillante : 0x01d22a8c034a59cb
    Chemin d’accès de l’application défaillante : C:\Windows\system32\wbem\wmiprvse.exe
    Chemin d’accès du module défaillant: C:\Program Files\Windows Defender\ProtectionManagement.dll
    ID de rapport : 4102df5c-967f-11e6-82cf-a08869756669
    Nom complet du package défaillant :
    ID de l’application relative au package défaillant :

    Error: (10/20/2016 12:39:46 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante wmiprvse.exe, version : 6.3.9600.18264, horodatage : 0x56e1bc63
    Nom du module défaillant : ProtectionManagement.dll, version : 4.8.207.0, horodatage : 0x55933dc7
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x000000000000f674
    ID du processus défaillant : 0x1838
    Heure de début de l’application défaillante : 0x01d22a8becb9daa6
    Chemin d’accès de l’application défaillante : C:\Windows\system32\wbem\wmiprvse.exe
    Chemin d’accès du module défaillant: C:\Program Files\Windows Defender\ProtectionManagement.dll
    ID de rapport : 39a62347-967f-11e6-82cf-a08869756669
    Nom complet du package défaillant :
    ID de l’application relative au package défaillant :

    Error: (10/19/2016 07:18:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: Un problème a empêché l’envoi des données du Programme d’amélioration de l’expérience utilisateur à Microsoft (erreur 80070005).

    Error: (10/19/2016 09:04:06 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {FB85F804-7781-4ECE-96BA-6DA12CD84C6B}

    Error: (10/19/2016 09:04:06 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {FB85F804-7781-4ECE-96BA-6DA12CD84C6B}

    Error: (10/19/2016 08:28:18 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante AvastSvc.exe, version : 12.3.3154.0, horodatage : 0x57b5c39d
    Nom du module défaillant : ntdll.dll, version : 6.3.9600.18233, horodatage : 0x56bb4e1d
    Code d’exception : 0xc0000374
    Décalage d’erreur : 0x000e6054
    ID du processus défaillant : 0x47c
    Heure de début de l’application défaillante : 0x01d22615dcec996c
    Chemin d’accès de l’application défaillante : C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll
    ID de rapport : 835640c5-95f7-11e6-82ce-c454446baf95
    Nom complet du package défaillant :
    ID de l’application relative au package défaillant :

    Error: (10/19/2016 08:27:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 32363907

    Error: (10/19/2016 08:27:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 32363907

    Error: (10/19/2016 08:27:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    Erreurs système:
    =============
    Error: (10/20/2016 11:38:48 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
    Description: Le serveur {1B1F472E-3221-4826-97DB-2C2324D389AE} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

    Error: (10/20/2016 11:38:17 AM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
    Description: Le serveur {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

    Error: (10/20/2016 09:05:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Le service TMachInfo s’est terminé de façon inattendue pour la 1ème fois.

    Error: (10/20/2016 09:05:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Le service Intel(R) Dynamic Application Loader Host Interface Service s’est terminé de façon inattendue pour la 1ème fois.

    Error: (10/20/2016 09:05:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Le service Intel(R) ME Service s’est terminé de façon inattendue pour la 1ème fois.

    Error: (10/20/2016 09:05:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Le service GamesAppIntegrationService s’est terminé de façon inattendue pour la 1ème fois.

    Error: (10/20/2016 09:05:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Le service Service de l’iPod s’est terminé de façon inattendue pour la 1ème fois.

    Error: (10/20/2016 09:05:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Le service TOSHIBA eco Utility Service s’est terminé de façon inattendue pour la 1ème fois.

    Error: (10/20/2016 09:05:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Le service lxdx_device s’est terminé de façon inattendue pour la 1ème fois.

    Error: (10/20/2016 09:05:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Le service Intel(R) Capability Licensing Service Interface s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service.


    CodeIntegrity:
    ===================================
    Date: 2016-09-18 11:06:54.161
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-08 12:58:08.185
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-02-08 12:58:07.518
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-02-08 12:29:27.941
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-02-08 12:29:27.210
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-02-08 12:28:41.616
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-02-08 12:28:40.915
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\A-FF Find and Mount\slicedisk-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Infos Mémoire ===========================

    Processeur: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
    Pourcentage de mémoire utilisée: 57%
    Mémoire physique - RAM - totale: 8112.14 MB
    Mémoire physique - RAM - disponible: 3441.38 MB
    Mémoire virtuelle totale: 12080.14 MB
    Mémoire virtuelle disponible: 6751.13 MB

    ==================== Lecteurs ================================

    Drive c: (TI80167500B) (Fixed) (Total:685.87 GB) (Free:358.61 GB) NTFS

    ==================== MBR & Table des partitions ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== Fin de Addition.txt ============================
     
  15. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Yes. Re-run it.
     
  16. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    Ok, better this time:

    Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
    Exécuté par USER (administrateur) sur TOSHIBA (20-10-2016 21:38:33)
    Exécuté depuis C:\Users\USER\Desktop
    Profils chargés: USER (Profils disponibles: USER)
    Platform: Windows 8.1 (Update) (X64) Langue: Français (France)
    Internet Explorer Version 11 (Navigateur par défaut: FF)
    Mode d'amorçage: Normal
    Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processus (Avec liste blanche) =================

    (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_185.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
    (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
    (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Cheat Engine) C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-x86_64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Spencer Kimball, Peter Mattis and the GIMP Development Team) C:\Program Files\GIMP 2\bin\gimp-2.8.exe
    (Spencer Kimball, Peter Mattis and the GIMP Development Team) C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\script-fu.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe


    ==================== Registre (Avec liste blanche) ====================

    (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3249384 2015-05-19] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [914648 2014-03-05] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830104 2014-01-14] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-13] (AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2062208 2016-05-26] (Sony)
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\MountPoints2: {4022c6e4-ccec-11e5-82ac-a08869756669} - "D:\LaunchU3.exe"
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\MountPoints2: {e740946d-dd81-11e5-82b2-a08869756669} - "D:\Startme.exe"
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-18] (AVAST Software)
    Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2016-08-08]
    ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Avec liste blanche) ====================

    (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0B4C5874-80F0-4B7C-8486-17CDA628398E}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{4A0A451B-6198-4D5D-9FBF-AE2FBBC85052}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{50DF5579-E176-48A2-9370-9422E9E0575C}: [DhcpNameServer] 192.168.44.1
    Tcpip\..\Interfaces\{D332F385-12BF-4B5C-A372-3D807ADE6D5E}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba13.msn.com/?pc=TNJB
    hxxp://www.toshiba.ca/welcome/?w=23
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshiba.ca/welcome/?w=23
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-18] (AVAST Software)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-07] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-18] (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-07] (Oracle Corporation)
    Handler-x32: intu-ir2014 - {980B949F-E16E-4459-88E8-580392AEF9AE} - C:\Program Files (x86)\ImpotRapide 2014\ic2014pp.dll [2015-02-13] (Intuit Canada, a general partnership/une société en nom collectif.)
    Handler-x32: intu-ir2015 - {6BEE4271-88EB-43B7-BEE1-54B77DC65F9C} - C:\Program Files (x86)\ImpotRapide 2015\ic2015pp.dll [2015-11-23] (Intuit Canada, a general partnership/une société en nom collectif.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 [2016-10-20]
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 -> Yahoo!
    FF Homepage: Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509 -> hxxps://www.google.ca
    FF Extension: (Google Translator for Firefox) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509\Extensions\translator@zoli.bod.xpi [2016-04-28]
    FF Extension: (WOT) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b3rwmyxm.default-1444782379509\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-13]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-13]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-13] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-13] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-07] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://ca.search.yahoo.com/?type=926458&fr=yo-yhp-ch
    CHR StartupUrls: Default -> "hxxp://www.google.ca/"
    CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2016-10-20]
    CHR Extension: (Google Slides) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
    CHR Extension: (Google Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
    CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
    CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Recherche Google) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Avast SafePrice) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-18]
    CHR Extension: (Google Sheets) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
    CHR Extension: (Google Docs hors connexion) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (Avast Online Security) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-20]
    CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
    CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-27]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <non trouvé(e)>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <non trouvé(e)>

    ==================== Services (Avec liste blanche) ====================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
    S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [Fichier non signé]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-18] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
    S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-21] ()
    S2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-05-19] (ELAN Microelectronics Corp.)
    S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [Fichier non signé]
    S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Fichier non signé]
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Fichier non signé]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
    S2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
    S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Pilotes (Avec liste blanche) ======================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-18] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-18] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-18] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-18] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-18] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-18] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-18] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
    S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
    S3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
    R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
    S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [13824 2008-04-03] (Atola) [Fichier non signé]
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows (R) Win 7 DDK provider)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Avec liste blanche) ===================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


    ==================== Un mois - Créés - fichiers et dossiers ========

    (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

    2016-10-20 21:11 - 2016-10-20 21:11 - 00001527 _____ C:\Users\USER\Desktop\Skype - Raccourci.lnk
    2016-10-20 20:47 - 2016-10-20 21:38 - 00021460 _____ C:\Users\USER\Desktop\FRST.txt
    2016-10-20 20:46 - 2016-10-20 20:47 - 00041095 _____ C:\Users\USER\Desktop\Addition.txt
    2016-10-20 15:47 - 2016-10-20 15:47 - 00022243 _____ C:\Users\USER\AppData\Local\recently-used.xbel
    2016-10-20 15:44 - 2016-10-20 15:44 - 00000000 ____D C:\Users\USER\AppData\Local\webkit
    2016-10-20 09:21 - 2016-10-20 09:21 - 00000090 ____H C:\Users\USER\Desktop\.~lock.Stat CC1(2a).ods#
    2016-10-20 09:18 - 2016-10-20 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016
    2016-10-20 09:08 - 2016-10-20 09:08 - 00001266 _____ C:\Users\USER\Desktop\JRT.txt
    2016-10-20 08:59 - 2016-10-20 08:59 - 00003240 _____ C:\Users\USER\Desktop\AdwCleaner[C3].txt
    2016-10-20 08:58 - 2016-10-20 08:58 - 00002648 _____ C:\Users\USER\Desktop\AdwCleaner[S7].txt
    2016-10-20 08:56 - 2016-10-20 08:57 - 03910208 _____ C:\Users\USER\Desktop\adwcleaner_6.030.exe
    2016-10-20 08:55 - 2016-10-20 08:55 - 00014851 _____ C:\Users\USER\Desktop\MBAM.txt
    2016-10-19 23:54 - 2016-10-19 23:54 - 00007124 _____ C:\Users\USER\Desktop\Masques.txt
    2016-10-19 23:53 - 2016-10-19 23:53 - 00000881 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-10-19 23:53 - 2016-10-19 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-10-19 23:53 - 2016-10-19 23:53 - 00000000 ____D C:\Program Files\RogueKiller
    2016-10-19 22:44 - 2016-10-19 22:45 - 22851472 _____ (Malwarebytes ) C:\Users\USER\Desktop\mbam-setup-2.2.1.1043.exe
    2016-10-19 22:36 - 2016-10-19 22:38 - 33551160 _____ (Adlice Software ) C:\Users\USER\Desktop\setup.exe
    2016-10-19 20:19 - 2016-10-19 20:38 - 00018920 _____ C:\Users\USER\Desktop\lettre de présentation.odt
    2016-10-19 20:18 - 2016-10-19 20:18 - 00015349 _____ C:\Users\USER\Downloads\lettre-de-présentation-. (2).odt
    2016-10-19 20:18 - 2016-10-19 20:18 - 00015349 _____ C:\Users\USER\Downloads\lettre-de-présentation-. (1).odt
    2016-10-19 11:33 - 2016-10-20 21:38 - 00000000 ____D C:\FRST
    2016-10-19 11:32 - 2016-10-19 11:32 - 02407424 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
    2016-10-19 11:30 - 2016-10-20 15:39 - 00000000 ____D C:\Users\USER\Desktop\TRIER
    2016-10-19 09:04 - 2016-10-19 09:04 - 00000162 _____ C:\Users\USER\Desktop\NDLH.txt
    2016-10-18 22:41 - 2016-10-18 22:41 - 00015349 _____ C:\Users\USER\Downloads\lettre-de-présentation-..odt
    2016-10-18 21:57 - 2016-10-18 21:57 - 00018567 _____ C:\Users\USER\Downloads\Roxane-Sarrazin-.CV. (1).odt
    2016-10-18 21:53 - 2016-10-18 21:53 - 00018621 _____ C:\Users\USER\Downloads\Roxane-Sarrazin-.CV..odt
    2016-10-18 21:42 - 2016-10-18 21:42 - 00018698 _____ C:\Users\USER\Downloads\Roxane-Sarrazin-CV..odt
    2016-10-18 08:09 - 2016-10-18 08:09 - 00205311 _____ C:\Users\USER\Downloads\c-20101-2.pdf
    2016-10-14 08:46 - 2016-10-14 08:46 - 00000000 ____D C:\Windows\LastGood.Tmp
    2016-10-14 08:26 - 2016-09-30 20:15 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-10-14 08:26 - 2016-09-30 20:15 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-10-14 06:55 - 2016-10-14 06:55 - 00081539 _____ C:\Users\USER\Downloads\IMG_28281.jpg.part
    2016-10-14 00:26 - 2016-10-14 00:26 - 01883777 _____ C:\Users\USER\Downloads\AncetreDataLogSeptembre.csv
    2016-10-13 17:47 - 2016-10-13 17:47 - 00142778 _____ C:\Users\USER\Downloads\18600REC0380076732.pdf
    2016-10-13 14:39 - 2016-10-13 14:39 - 00008272 _____ C:\Windows\SAII_LOG.TXT
    2016-10-13 14:39 - 2016-10-13 14:39 - 00001937 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
    2016-10-13 14:38 - 2016-10-13 14:38 - 00000000 ____D C:\Users\Public\Documents\Conexant
    2016-10-13 14:38 - 2012-12-12 15:38 - 00205560 _____ (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
    2016-10-13 14:34 - 2016-10-13 14:36 - 69079984 _____ C:\Users\USER\Downloads\tc70184400k.exe
    2016-10-13 14:18 - 2016-09-30 20:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-10-13 14:18 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-10-13 14:18 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-10-13 14:18 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-10-13 14:18 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-10-13 14:18 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-10-13 14:18 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-10-13 14:18 - 2016-09-30 01:41 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-10-13 14:18 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-10-13 14:18 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-10-13 14:18 - 2016-09-30 01:33 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-10-13 14:18 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-10-13 14:18 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-10-13 14:18 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-10-13 14:18 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-10-13 14:18 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-10-13 14:18 - 2016-09-30 01:11 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-10-13 14:18 - 2016-09-30 01:06 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-10-13 14:18 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-10-13 14:18 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-10-13 14:18 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-10-13 14:18 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-10-13 14:18 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-10-13 14:18 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-10-13 14:18 - 2016-09-17 14:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
    2016-10-13 14:18 - 2016-09-17 13:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-10-13 14:18 - 2016-09-17 13:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
    2016-10-13 14:18 - 2016-09-17 13:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-10-13 14:18 - 2016-09-17 13:02 - 01446400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-10-13 14:18 - 2016-09-13 21:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-10-13 14:18 - 2016-09-13 21:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-10-13 14:18 - 2016-09-13 21:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-10-13 14:18 - 2016-09-13 21:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2016-10-13 14:18 - 2016-09-12 19:48 - 00085680 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-10-13 14:18 - 2016-09-12 18:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
    2016-10-13 14:18 - 2016-09-12 17:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
    2016-10-13 14:18 - 2016-09-09 10:17 - 04170752 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-10-13 14:18 - 2016-09-09 09:38 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-10-13 14:18 - 2016-09-09 09:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-10-13 14:18 - 2016-09-08 16:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
    2016-10-13 14:18 - 2016-09-08 10:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-10-13 14:18 - 2016-09-08 10:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2016-10-13 14:18 - 2016-09-07 18:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2016-10-13 14:18 - 2016-09-07 17:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
    2016-10-13 14:18 - 2016-09-07 17:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2016-10-13 14:18 - 2016-09-07 17:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2016-10-13 14:18 - 2016-09-07 17:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2016-10-13 14:18 - 2016-08-31 13:22 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2016-10-13 14:18 - 2016-08-31 12:33 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2016-10-13 14:18 - 2016-08-25 16:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
    2016-10-13 14:18 - 2016-08-25 15:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
    2016-10-13 14:18 - 2016-08-12 20:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2016-10-13 14:18 - 2016-08-12 20:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
    2016-10-13 14:18 - 2016-08-12 20:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
    2016-10-13 14:18 - 2016-08-12 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
    2016-10-13 14:18 - 2016-08-12 18:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
    2016-10-13 14:18 - 2016-08-12 18:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2016-10-13 14:18 - 2016-08-12 17:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2016-10-13 14:18 - 2016-08-12 17:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
    2016-10-13 14:18 - 2016-08-12 16:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2016-10-13 14:18 - 2016-08-11 21:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2016-10-13 14:18 - 2016-08-11 21:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2016-10-13 14:18 - 2016-08-11 14:33 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
    2016-10-13 14:18 - 2016-08-11 14:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
    2016-10-13 14:18 - 2016-08-11 14:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
    2016-10-13 14:18 - 2016-08-11 13:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
    2016-10-13 14:18 - 2016-08-11 09:39 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml
    2016-10-13 14:18 - 2016-08-11 01:46 - 00420184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
    2016-10-13 14:18 - 2016-08-03 11:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
    2016-10-13 14:18 - 2016-08-03 11:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
    2016-10-13 14:18 - 2016-08-03 11:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
    2016-10-13 14:18 - 2016-08-03 11:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
    2016-10-13 14:18 - 2016-07-30 13:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
    2016-10-13 14:18 - 2016-07-30 12:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
    2016-10-13 14:18 - 2016-07-23 14:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
    2016-10-13 14:18 - 2016-07-23 14:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
    2016-10-13 14:17 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-10-13 14:17 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-10-13 14:17 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-10-13 14:17 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-10-13 14:17 - 2016-08-27 15:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-10-13 14:17 - 2016-08-27 15:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-10-13 14:17 - 2016-08-27 15:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
    2016-10-13 14:17 - 2016-08-27 14:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-10-13 14:17 - 2016-08-27 14:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-10-13 14:17 - 2016-08-27 14:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
    2016-10-13 14:17 - 2016-08-27 12:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2016-10-13 14:17 - 2016-08-27 12:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2016-10-13 14:17 - 2016-08-27 12:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2016-10-13 14:17 - 2016-08-27 11:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2016-10-13 14:17 - 2016-08-20 18:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-10-13 14:17 - 2016-08-20 18:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-10-13 14:17 - 2016-07-26 09:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
    2016-10-13 14:17 - 2016-07-26 09:40 - 00162850 _____ C:\Windows\system32\C_932.NLS
    2016-10-13 14:08 - 2016-10-13 14:08 - 00000000 ____D C:\Users\USER\AppData\Local\AudioSwitcher
    2016-10-13 14:06 - 2016-10-13 14:07 - 00293485 _____ C:\Users\USER\Downloads\AudioSwitcher.zip
    2016-10-13 13:22 - 2016-09-18 09:54 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-10-11 00:40 - 2016-10-11 00:41 - 00000000 ____D C:\Users\USER\AppData\Local\chromium
    2016-10-11 00:38 - 2016-10-11 00:38 - 00000000 ____D C:\ProgramData\{FCD139B2-7693-B374-F055-2D366A17A6F8}
    2016-10-10 11:38 - 2016-10-10 11:38 - 00000000 ____D C:\Users\USER\AppData\Roaming\WinBatch
    2016-10-10 09:17 - 2016-10-10 09:17 - 00025908 _____ C:\Users\USER\Downloads\usbdeview-x64.zip
    2016-10-10 09:14 - 2016-10-10 09:14 - 00000022 _____ C:\Users\USER\Downloads\usbdeview.zip
    2016-10-07 22:52 - 2016-10-07 22:52 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
    2016-10-07 22:52 - 2016-10-07 22:52 - 00394496 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
    2016-10-07 22:52 - 2016-10-07 22:52 - 00334608 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
    2016-10-07 22:52 - 2016-10-07 22:52 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
    2016-10-07 22:52 - 2016-10-07 22:52 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
    2016-10-07 22:49 - 2016-10-07 22:49 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
    2016-10-07 22:49 - 2016-10-07 22:49 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
    2016-10-07 22:45 - 2016-10-07 22:45 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
    2016-10-07 14:36 - 2016-10-07 14:36 - 00000000 ____D C:\Program Files\Sony
    2016-10-07 14:05 - 2016-10-07 14:05 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2016-10-07 14:05 - 2016-10-07 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-10-07 13:59 - 2016-10-07 13:59 - 00739904 _____ (Oracle Corporation) C:\Users\USER\Downloads\jxpiinstall(1).exe
    2016-10-07 13:57 - 2016-10-07 13:57 - 00243712 _____ C:\Users\USER\Downloads\Firefox Setup Stub 49.0.1.exe
    2016-10-04 15:54 - 2016-10-04 15:54 - 00000579 _____ C:\Users\USER\Downloads\Texte(1).txt
    2016-10-04 15:53 - 2016-10-04 15:54 - 00096291 _____ C:\Users\USER\Downloads\Fwd_ TR_ Production quotidienne fromage.eml
    2016-10-04 10:22 - 2016-10-04 10:22 - 00040086 _____ C:\Users\USER\Downloads\Production Aston rapport pour Env 2016-10-04.xlsx
    2016-09-22 21:51 - 2016-09-22 21:51 - 00046493 _____ C:\Users\USER\Downloads\Distribution(1).pdf
    2016-09-21 22:29 - 2016-09-21 22:29 - 00053679 _____ C:\Users\USER\Downloads\Horaire Pondeurs.pdf
    2016-09-21 22:29 - 2016-09-21 22:29 - 00051986 _____ C:\Users\USER\Downloads\Horaire Clowns.pdf
    2016-09-21 22:29 - 2016-09-21 22:29 - 00039462 _____ C:\Users\USER\Downloads\Personnages fixes.pdf
    2016-09-21 22:28 - 2016-09-21 22:28 - 00050368 _____ C:\Users\USER\Downloads\Horaire Traqueurs.pdf
    2016-09-21 22:23 - 2016-09-21 22:23 - 00050802 _____ C:\Users\USER\Downloads\Horaire Mutants.pdf
    2016-09-21 18:47 - 2016-09-21 18:47 - 00064954 _____ C:\Users\USER\Downloads\Descriptions.pdf
    2016-09-21 18:47 - 2016-09-21 18:47 - 00053315 _____ C:\Users\USER\Downloads\Distribution.pdf
    2016-09-21 18:47 - 2016-09-21 18:47 - 00038258 _____ C:\Users\USER\Downloads\Horaire.pdf
    2016-09-21 09:56 - 2016-09-21 09:56 - 00069500 _____ C:\Users\USER\Downloads\M113104.pdf
    2016-09-21 08:14 - 2016-09-21 08:14 - 00179948 _____ C:\Users\USER\Downloads\c-19810-3(1).pdf

    ==================== Un mois - Modifiés - fichiers et dossiers ========

    (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

    2016-10-20 21:29 - 2015-01-21 21:29 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
    2016-10-20 21:20 - 2015-01-20 23:40 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-20 21:16 - 2015-01-27 20:23 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-20 19:20 - 2015-01-20 23:40 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-10-20 18:23 - 2014-10-28 20:09 - 00000000 ____D C:\Users\USER\AppData\Local\Packages
    2016-10-20 15:47 - 2016-07-24 10:45 - 00000000 ____D C:\Users\USER\AppData\Local\gtk-2.0
    2016-10-20 15:44 - 2016-07-24 10:36 - 00000000 ____D C:\Users\USER\.gimp-2.8
    2016-10-20 15:37 - 2015-01-20 21:44 - 00003928 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E23F4E4B-10C1-4082-AB07-CBCEC93CA7B5}
    2016-10-20 11:37 - 2014-10-28 20:15 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2253113614-2940369490-2009371491-1001
    2016-10-20 09:19 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-10-20 09:17 - 2014-10-28 17:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-10-20 09:03 - 2015-11-03 22:36 - 00000000 ____D C:\AdwCleaner
    2016-10-20 09:01 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-20 08:33 - 2015-03-10 18:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-10-20 00:03 - 2015-11-01 18:35 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-10-19 23:55 - 2015-11-07 10:10 - 00100284 _____ C:\Users\USER\Desktop\Stat CC1(2a).ods
    2016-10-19 23:54 - 2016-05-15 22:43 - 00069082 _____ C:\Users\USER\Desktop\Rapports a faire.txt
    2016-10-19 18:14 - 2015-08-11 19:10 - 00000000 ____D C:\ProgramData\lx_Cats
    2016-10-19 18:14 - 2014-04-10 22:11 - 01824010 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-10-19 18:14 - 2013-08-28 21:28 - 00812350 _____ C:\Windows\system32\perfh00C.dat
    2016-10-19 18:14 - 2013-08-28 21:28 - 00159412 _____ C:\Windows\system32\perfc00C.dat
    2016-10-19 18:14 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
    2016-10-19 09:16 - 2015-01-20 23:51 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-10-19 09:03 - 2015-07-09 20:54 - 00000000 ____D C:\Users\USER\Desktop\Phe
    2016-10-19 09:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
    2016-10-18 15:28 - 2015-02-17 07:10 - 00000000 ____D C:\Users\USER\AppData\Local\CrashDumps
    2016-10-17 20:29 - 2015-07-03 22:23 - 00055808 _____ C:\Users\USER\Desktop\poid.xls
    2016-10-17 14:47 - 2015-01-21 21:28 - 00000000 ____D C:\ProgramData\Skype
    2016-10-17 14:46 - 2015-01-21 21:28 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-10-14 16:06 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
    2016-10-14 12:15 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-10-14 08:24 - 2013-08-22 10:44 - 00506896 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-10-14 08:16 - 2015-01-20 23:32 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-10-14 08:16 - 2015-01-20 23:32 - 00000000 ____D C:\Windows\system32\appraiser
    2016-10-14 08:16 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
    2016-10-14 07:42 - 2016-05-16 23:33 - 00000000 ____D C:\Users\USER\Desktop\Biochem
    2016-10-13 15:31 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-10-13 15:29 - 2015-01-20 22:44 - 00000000 ____D C:\Windows\system32\MRT
    2016-10-13 15:24 - 2015-01-20 22:43 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-10-13 14:38 - 2014-10-28 17:01 - 00000000 ____D C:\Windows\system32\SRSLabs
    2016-10-13 14:38 - 2014-10-28 17:01 - 00000000 ____D C:\Program Files\CONEXANT
    2016-10-13 14:31 - 2016-08-17 15:01 - 00000000 ____D C:\Users\USER\AppData\Local\ElevatedDiagnostics
    2016-10-13 14:00 - 2016-03-23 18:02 - 00003914 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458770513
    2016-10-13 14:00 - 2016-03-23 18:02 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-10-13 13:33 - 2016-05-07 13:56 - 00001949 _____ C:\Users\Public\Desktop\Avast Antivirus Gratuit.lnk
    2016-10-13 13:30 - 2015-01-20 23:51 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2016-10-13 13:19 - 2015-01-27 20:23 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-10-13 13:18 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-10-13 13:18 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
    2016-10-13 13:01 - 2015-12-03 18:26 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-10-13 13:01 - 2014-10-28 17:10 - 00000000 ____D C:\Windows\System32\Tasks\TOSHIBA
    2016-10-13 13:01 - 2013-08-22 11:36 - 00000000 __RSD C:\Windows\Media
    2016-10-13 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
    2016-10-13 13:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
    2016-10-13 13:01 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Sysprep
    2016-10-13 13:00 - 2016-08-27 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    2016-10-13 13:00 - 2015-01-20 23:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-10-13 13:00 - 2014-10-28 16:54 - 00000000 ____D C:\ProgramData\Package Cache
    2016-10-13 12:59 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2016-10-13 12:59 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2016-10-13 12:54 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-10-13 12:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
    2016-10-13 12:40 - 2015-06-05 22:06 - 00000000 ____D C:\ProgramData\Oracle
    2016-10-13 12:37 - 2016-08-27 09:18 - 00000000 ____D C:\Program Files (x86)\Sony
    2016-10-12 09:17 - 2016-03-01 13:47 - 00000000 ____D C:\Users\USER\Desktop\Photos Xperia
    2016-10-10 09:14 - 2016-07-05 12:52 - 00035574 _____ C:\Users\USER\Downloads\readme.txt
    2016-10-10 09:14 - 2016-07-05 12:52 - 00022886 _____ C:\Users\USER\Downloads\USBDeview.chm
    2016-10-07 14:07 - 2015-01-27 20:22 - 00000000 ____D C:\Users\USER\AppData\Local\Adobe
    2016-10-07 14:05 - 2015-06-05 22:06 - 00000000 ____D C:\Program Files (x86)\Java
    2016-10-07 13:58 - 2016-09-18 09:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-10-07 13:58 - 2015-01-20 23:45 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-10-07 13:58 - 2015-01-20 23:45 - 00001174 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-10-03 18:22 - 2015-01-20 23:42 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-10-03 18:22 - 2015-01-20 23:42 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-09-30 14:39 - 2015-11-27 11:22 - 00000000 ___RD C:\Users\USER\Documents\Scanned Documents
    2016-09-22 09:58 - 2015-01-20 23:51 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2016-09-21 10:05 - 2015-01-21 22:00 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

    ==================== Fichiers à la racine de certains dossiers =======

    2016-10-20 15:47 - 2016-10-20 15:47 - 0022243 _____ () C:\Users\USER\AppData\Local\recently-used.xbel
    2016-08-18 14:04 - 2016-08-18 14:04 - 0000057 _____ () C:\ProgramData\Ament.ini

    Certains fichiers dans TEMP:
    ====================
    C:\Users\USER\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\USER\AppData\Local\Temp\libeay32.dll
    C:\Users\USER\AppData\Local\Temp\msvcr120.dll
    C:\Users\USER\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap ======================

    (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

    C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
    C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
    C:\Windows\explorer.exe => Le fichier est signé numériquement
    C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
    C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
    C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
    C:\Windows\system32\services.exe => Le fichier est signé numériquement
    C:\Windows\system32\User32.dll => Le fichier est signé numériquement
    C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
    C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
    C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
    C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
    C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
    C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
    C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


    LastRegBack: 2016-10-15 12:12

    ==================== Fin de FRST.txt ============================
     
  17. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  18. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    Fixlog:

    Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 17-10-2016
    Exécuté par USER (20-10-2016 21:59:37) Run:1
    Exécuté depuis C:\Users\USER\Desktop
    Profils chargés: USER (Profils disponibles: USER)
    Mode d'amorçage: Normal
    ==============================================

    fixlist contenu:
    *****************
    AlternateDataStreams: C:\Users\USER\Desktop\scan1.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\scan1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan2.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan3.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan4.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan5.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan6.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan7.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
    AlternateDataStreams: C:\Users\USER\Desktop\Scan7.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\MountPoints2: {4022c6e4-ccec-11e5-82ac-a08869756669} - "D:\LaunchU3.exe"
    HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\...\MountPoints2: {e740946d-dd81-11e5-82b2-a08869756669} - "D:\Startme.exe"
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    2016-10-11 00:40 - 2016-10-11 00:41 - 00000000 ____D C:\Users\USER\AppData\Local\chromium
    2016-10-20 15:47 - 2016-10-20 15:47 - 0022243 _____ () C:\Users\USER\AppData\Local\recently-used.xbel
    2016-08-18 14:04 - 2016-08-18 14:04 - 0000057 _____ () C:\ProgramData\Ament.ini
    C:\Users\USER\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\USER\AppData\Local\Temp\libeay32.dll
    C:\Users\USER\AppData\Local\Temp\msvcr120.dll
    C:\Users\USER\AppData\Local\Temp\sqlite3.dll

    *****************

    C:\Users\USER\Desktop\scan1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS impossible à supprimer.
    C:\Users\USER\Desktop\scan1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS supprimé(es) avec succès.
    C:\Users\USER\Desktop\Scan2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS impossible à supprimer.
    C:\Users\USER\Desktop\Scan2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS supprimé(es) avec succès.
    C:\Users\USER\Desktop\Scan3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS impossible à supprimer.
    C:\Users\USER\Desktop\Scan3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS supprimé(es) avec succès.
    C:\Users\USER\Desktop\Scan4.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS impossible à supprimer.
    C:\Users\USER\Desktop\Scan4.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS supprimé(es) avec succès.
    C:\Users\USER\Desktop\Scan5.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS impossible à supprimer.
    C:\Users\USER\Desktop\Scan5.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS supprimé(es) avec succès.
    C:\Users\USER\Desktop\Scan6.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS impossible à supprimer.
    C:\Users\USER\Desktop\Scan6.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS supprimé(es) avec succès.
    C:\Users\USER\Desktop\Scan7.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS impossible à supprimer.
    C:\Users\USER\Desktop\Scan7.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS supprimé(es) avec succès.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => valeur supprimé(es) avec succès
    "HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4022c6e4-ccec-11e5-82ac-a08869756669}" => clé supprimé(es) avec succès
    HKCR\CLSID\{4022c6e4-ccec-11e5-82ac-a08869756669} => clé non trouvé(e).
    "HKU\S-1-5-21-2253113614-2940369490-2009371491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e740946d-dd81-11e5-82b2-a08869756669}" => clé supprimé(es) avec succès
    HKCR\CLSID\{e740946d-dd81-11e5-82b2-a08869756669} => clé non trouvé(e).
    AvastVBoxSvc => service impossible à supprimer
    VBoxAswDrv => service impossible à supprimer
    C:\Users\USER\AppData\Local\chromium => déplacé(es) avec succès
    C:\Users\USER\AppData\Local\recently-used.xbel => déplacé(es) avec succès
    C:\ProgramData\Ament.ini => déplacé(es) avec succès
    C:\Users\USER\AppData\Local\Temp\dllnt_dump.dll => déplacé(es) avec succès
    C:\Users\USER\AppData\Local\Temp\libeay32.dll => déplacé(es) avec succès
    C:\Users\USER\AppData\Local\Temp\msvcr120.dll => déplacé(es) avec succès
    C:\Users\USER\AppData\Local\Temp\sqlite3.dll => déplacé(es) avec succès

    ==== Fin de Fixlog 21:59:38 ====
     
  19. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  20. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    Checkup:

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Defender
    Avast Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 101
    Java version 32-bit out of Date!
    Adobe Flash Player 23.0.0.185
    Adobe Reader XI
    Mozilla Firefox (49.0.1)
    Google Chrome (53.0.2785.116)
    Google Chrome (53.0.2785.143)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  21. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    FSS:

    Farbar Service Scanner Version: 27-01-2016
    Ran by USER (administrator) on 20-10-2016 at 23:07:12
    Running from "C:\Users\USER\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  22. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    TFC done.

    Sophos done, clean, no log.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  24. needhelp51

    needhelp51 TS Booster Topic Starter Posts: 285

    Thanks for the help. Computer is definitely faster. However, I have attempted reactivating my wifi card and it still seems unresponsive. Same thing for the sound card issue. I guess that these problems are on the hardware side, sadly.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...