Se débarrasser DEFINITIVEMENT de zombie invasion

Fermé
klap94 Messages postés 4 Date d'inscription dimanche 18 janvier 2015 Statut Membre Dernière intervention 19 janvier 2015 - 18 janv. 2015 à 11:38
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 18 janv. 2015 à 13:51
bonjour,
depuis une MAJ d'Adobe je suis envahie. j'ai scanné avec adwcleaner et malwarebytes mais quand j'ouvre firefox j'ai toujours une fenêtre zombie. je fais quoi?
Merci

3 réponses

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 658
18 janv. 2015 à 11:39
Salut,

Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
Voici la procédure à suivre pour les supprimer :

Commence par ceci :

Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= ( d'Xplode )
Télécharge le sur ton bureau ou dossier de téléchargement.
Lance AdwCleaner, clique sur [Scanner].
L'analyse peux durer plusieurs minutes, patiente.
Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


puis :

Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie comme expliqué, ces trois rapports sur le site pjjoint et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.


0
klap94 Messages postés 4 Date d'inscription dimanche 18 janvier 2015 Statut Membre Dernière intervention 19 janvier 2015
18 janv. 2015 à 13:50
voici les rapports
# AdwCleaner v4.107 - Rapport créé le 18/01/2015 à 11:21:02
# Mis à jour le 07/01/2015 par Xplode
# Database : 2015-01-13.2 [Live]
# Système d'exploitation : Windows 8.1 (32 bits)
# Nom d'utilisateur : Karine - PORTABLETTE
# Exécuté depuis : C:\Users\Karine\Downloads\adwcleaner_4.107(1).exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Tâches planifiées ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 fr)


*************************

AdwCleaner[R0].txt - [19252 octets] - [16/01/2015 22:51:54]
AdwCleaner[R1].txt - [899 octets] - [18/01/2015 11:16:59]
AdwCleaner[S0].txt - [18790 octets] - [16/01/2015 23:12:02]
AdwCleaner[S1].txt - [821 octets] - [18/01/2015 11:21:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [880 octets] ##########


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-01-2015
Ran by Karine at 2015-01-18 12:28:46
Running from C:\Users\Karine\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
Configuration DivX (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version: - )
Dropbox (HKU\S-1-5-21-2909161450-3177780669-467316093-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office Famille et Etudiant 2013 - fr-fr (HKLM\...\HomeStudentRetail - fr-fr) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2909161450-3177780669-467316093-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 fr) (HKLM\...\Mozilla Firefox 34.0.5 (x86 fr)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
Ultimate Codecs Setup Wizard Packages (HKU\S-1-5-21-2909161450-3177780669-467316093-1001\...\Ultimate Codecs Setup Wizard Packages) (Version: - ) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - ASUS (AsusHID) Mouse (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Karine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{19041B6B-8F97-4669-BA21-C17572737ED2}\localserver32 -> "C:\Users\Karine\AppData\Local\BoBrowser\Application\36.0.1985.136\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Karine\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Karine\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909161450-3177780669-467316093-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karine\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0723CAD5-E672-450C-AA5E-ADFDF7D7E5C2} - System32\Tasks\LORNAL => C:\Users\Karine\AppData\Roaming\LORNAL.exe <==== ATTENTION
Task: {0EDF7962-BC88-41AB-8AF1-72EBB5CC61F3} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2909161450-3177780669-467316093-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {1A25D125-A9A5-406D-9796-76EA8E1D016C} - System32\Tasks\MWTVWJ => C:\Users\Karine\AppData\Roaming\MWTVWJ.exe <==== ATTENTION
Task: {31FC1D6B-970D-42C9-B2F8-DA3E058673DB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-22] (Microsoft Corporation)
Task: {5D0DF084-3AD4-497A-B134-14EDDF3DFF73} - System32\Tasks\{86B2D834-F1E9-4F97-9CEE-F43A7BB24B97} => pcalua.exe -a "C:\Users\Karine\AppData\Roaming\1H1Q\Ultimate Codecs Setup Wizard Packages\uninstaller.exe" -c /Uninstall /NM="Ultimate Codecs Setup Wizard Packages" /AN="1H1Q" /MBN="Ultimate Codecs Setup Wizard Packages"
Task: {6010B2FC-CF2D-4A48-8BC3-5C7AA00AD5F3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2909161450-3177780669-467316093-1001 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {66F48BF4-BCD1-4E06-B943-1860CA82B160} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {68FB88EB-04EE-4F4D-BDFF-4A48C4ABD79A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {7F824A8D-EB5D-4256-A1F0-D45319C88733} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2015-01-17] ()
Task: {A57EF574-F377-4905-8B56-8B236AD5B11A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A5D954D2-629A-4475-A9CF-8D2BFC676746} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-04-08] (AsusTek)
Task: {B45F9886-0B5E-4993-994A-506598357AEB} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2015-01-17] ()
Task: {B986FD41-D98F-418F-AB74-525EE3BE9327} - System32\Tasks\ZFLP => C:\Users\Karine\AppData\Roaming\ZFLP.exe <==== ATTENTION
Task: {D0A321CA-996F-4C19-955E-08F56F9E175A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2909161450-3177780669-467316093-1001 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {D7E4721E-7656-4F4C-879A-4FF64BBEA95E} - System32\Tasks\TEYJ => C:\Users\Karine\AppData\Roaming\TEYJ.exe <==== ATTENTION
Task: {E2E788ED-EC40-44E0-9566-340C5B8F25D1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {E69010AA-21D3-41C5-9C96-CC86E3DB03FA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for portablette-Karine portablette => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-10-08] (Microsoft Corporation)
Task: {E728F7EB-48D4-4E83-8D2B-C70FF1D8710B} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\LORNAL.job => C:\Users\Karine\AppData\Roaming\LORNAL.exe <==== ATTENTION
Task: C:\Windows\Tasks\MWTVWJ.job => C:\Users\Karine\AppData\Roaming\MWTVWJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\TEYJ.job => C:\Users\Karine\AppData\Roaming\TEYJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZFLP.job => C:\Users\Karine\AppData\Roaming\ZFLP.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-10-08 21:38 - 2013-10-31 16:14 - 00077992 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-10-08 21:38 - 2014-01-02 15:27 - 00414376 _____ () C:\Program Files\Microsoft Office 15\ClientX86\StreamServer.dll
2014-11-29 16:21 - 2014-11-29 16:22 - 00143360 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\ErrorReporting.dll
2014-10-08 21:39 - 2014-10-08 21:40 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Karine\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-18 11:23 - 2015-01-18 11:23 - 00043008 _____ () c:\users\karine\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxyfg9t.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Karine\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Karine\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Karine\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-08 21:38 - 2014-10-08 21:38 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-12-12 18:56 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-07 23:14 - 2015-01-07 23:14 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Karine\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Karine\OneDrive (2).old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrateur (S-1-5-21-2909161450-3177780669-467316093-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2909161450-3177780669-467316093-1003 - Limited - Enabled)
Invité (S-1-5-21-2909161450-3177780669-467316093-501 - Limited - Disabled)
Karine (S-1-5-21-2909161450-3177780669-467316093-1001 - Administrator - Enabled) => C:\Users\Karine

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 11:23:17 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.

Error: (01/18/2015 11:21:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PORTABLETTE)
Description: Échec de l'activation de l'application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 avec l'erreur : -2144927141 Pour plus d'informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (01/18/2015 10:53:28 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.

Error: (01/18/2015 00:10:37 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.

Error: (01/17/2015 07:23:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d'activation a échoué pour « Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (01/17/2015 07:23:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d'activation a échoué pour « Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (01/17/2015 07:23:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d'activation a échoué pour « Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (01/17/2015 07:22:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d'activation a échoué pour « Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (01/17/2015 07:22:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d'activation a échoué pour « Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (01/17/2015 07:22:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d'activation a échoué pour « Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.


System errors:
=============
Error: (01/18/2015 00:25:59 PM) (Source: DCOM) (EventID: 10000) (User: PORTABLETTE)
Description: "C:\Windows\system32\igfxsrvc.exe" -Embedding2{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (01/18/2015 11:21:03 AM) (Source: DCOM) (EventID: 10010) (User: PORTABLETTE)
Description: Microsoft.WindowsLive.Mail.AppXchpnq3xrg3grbgjnhp88jn3v9r1xskxr.mca

Error: (01/17/2015 08:36:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l'attente de la réponse transactionnelle du service WMPNetworkSvc.

Error: (01/17/2015 08:13:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l'attente de la réponse transactionnelle du service WMPNetworkSvc.

Error: (01/16/2015 11:13:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d'extensibilité WLAN s'est arrêté de façon inattendue.

Chemin d'accès du module : C:\Windows\System32\bcmihvsrv.dll

Error: (01/16/2015 11:13:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d'extensibilité WLAN s'est arrêté de façon inattendue.

Chemin d'accès du module : C:\Windows\System32\bcmihvsrv.dll

Error: (01/16/2015 11:13:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d'extensibilité WLAN s'est arrêté de façon inattendue.

Chemin d'accès du module : C:\Windows\System32\bcmihvsrv.dll

Error: (01/16/2015 11:13:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d'entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Windows Search, mais cette action a échoué en raison de l'erreur suivante :
%%1056

Error: (01/16/2015 11:12:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (01/16/2015 11:12:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Service Partage réseau du Lecteur Windows Media s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.


Microsoft Office Sessions:
=========================
Error: (01/18/2015 11:23:17 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.

Error: (01/18/2015 11:21:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PORTABLETTE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (01/18/2015 10:53:28 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.

Error: (01/18/2015 00:10:37 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.

Error: (01/17/2015 07:23:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\ASUS\ASUS Smart Gesture\win7\AsusTPDrv\x64\dpinst.exe

Error: (01/17/2015 07:23:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\ASUS\ASUS Smart Gesture\win8\AsusTPDrv\x64\dpinst.exe

Error: (01/17/2015 07:23:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\ASUS\ASUS Smart Gesture\win81\AsusTPDrv\x64\dpinst.exe

Error: (01/17/2015 07:22:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\ASUS\ASUS Smart Gesture\win7\AsusTPDrv\x64\dpinst.exe

Error: (01/17/2015 07:22:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\ASUS\ASUS Smart Gesture\win8\AsusTPDrv\x64\dpinst.exe

Error: (01/17/2015 07:22:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\ASUS\ASUS Smart Gesture\win81\AsusTPDrv\x64\dpinst.exe


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3775 @ 1.46GHz
Percentage of memory in use: 66%
Total physical RAM: 1933.14 MB
Available physical RAM: 645.69 MB
Total Pagefile: 2701.14 MB
Available Pagefile: 1088.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1842.49 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:4.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:3.63 GB) (Free:3.2 GB) FAT32
Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:434.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: F07FAFA9)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: AEB31F7D)

Partition: GPT Partition Type.

==================== End Of Log ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015
Ran by Karine (administrator) on PORTABLETTE on 18-01-2015 12:27:30
Running from C:\Users\Karine\Desktop
Loaded Profiles: Karine (Available profiles: Karine)
Platform: Microsoft Windows 8.1 (X86) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Dropbox, Inc.) C:\Users\Karine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-04-10] (ASUSTek Computer Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2912256 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-2909161450-3177780669-467316093-1001\...\Run: [EPSON SX235 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50064;https=127.0.0.1:50064
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\Root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\Root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Karine\AppData\Roaming\Mozilla\Firefox\Profiles\n4jsmqps.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\Root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Karine\AppData\Roaming\Mozilla\Firefox\Profiles\n4jsmqps.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-30]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-2909161450-3177780669-467316093-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-02-18] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-07-15] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1490104 2014-01-02] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [156160 2011-01-11] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [125440 2011-01-11] (SEIKO EPSON CORPORATION)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [68888 2014-04-08] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2014-07-15] (Broadcom Corp)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2014-07-15] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [130776 2014-07-15] (Broadcom Corporation.)
S3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
S3 igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [3381248 2014-02-01] (Intel Corporation) [File not signed]
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-01-22] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [169176 2014-03-14] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-04-11] (Microsoft Corporation)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 12:27 - 2015-01-18 12:27 - 00016981 _____ () C:\Users\Karine\Desktop\FRST.txt
2015-01-18 12:27 - 2015-01-18 12:27 - 00000000 ____D () C:\FRST
2015-01-18 12:26 - 2015-01-18 12:24 - 01117696 _____ (Farbar) C:\Users\Karine\Desktop\FRST.exe
2015-01-18 12:23 - 2015-01-18 12:24 - 01117696 _____ (Farbar) C:\Users\Karine\Downloads\FRST.exe
2015-01-18 11:16 - 2015-01-18 11:16 - 02191360 _____ () C:\Users\Karine\Downloads\adwcleaner_4.107(1).exe
2015-01-17 23:54 - 2015-01-18 11:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 23:54 - 2015-01-17 23:54 - 00001074 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 23:54 - 2015-01-17 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 23:53 - 2015-01-17 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 23:53 - 2015-01-17 23:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-17 23:53 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 23:53 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-17 23:53 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-17 23:52 - 2015-01-17 23:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Karine\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-16 22:51 - 2015-01-18 11:21 - 00000000 ____D () C:\AdwCleaner
2015-01-16 22:51 - 2015-01-16 22:51 - 02191360 _____ () C:\Users\Karine\Downloads\adwcleaner_4.107.exe
2015-01-16 21:54 - 2015-01-16 21:54 - 00802056 _____ (%VENDOR%) C:\Users\Karine\Downloads\FileOpenerSetup.exe
2015-01-16 21:11 - 2015-01-16 22:16 - 00000000 ____D () C:\Program Files\Software
2015-01-16 21:11 - 2015-01-16 21:11 - 00000000 ____D () C:\Users\Karine\AppData\Local\Software
2015-01-16 21:09 - 2015-01-18 00:10 - 00000000 ____D () C:\ProgramData\BHAqdUvBupN
2015-01-16 21:06 - 2015-01-16 21:06 - 00000000 ____D () C:\Users\Karine\Documents\Blocs-notes OneNote
2015-01-16 20:28 - 2015-01-16 20:28 - 00000000 ____D () C:\Users\Karine\AppData\Local\Google
2015-01-16 20:26 - 2015-01-16 20:25 - 05162080 _____ (Piriform Ltd) C:\Users\Karine\Downloads\ccleaner_5_0.exe
2015-01-16 20:25 - 2015-01-16 20:25 - 00730408 _____ (Clubic) C:\Users\Karine\Downloads\ccleaner_5_fr_14492.exe
2015-01-16 20:08 - 2015-01-16 20:08 - 00628496 _____ (CMI Limited) C:\Users\Karine\AppData\Local\nsi95F7.tmp
2015-01-16 19:48 - 2015-01-16 19:50 - 00001615 _____ () C:\Windows\system32\${LOGFILE}
2015-01-16 19:43 - 2015-01-16 19:43 - 00000000 __SHD () C:\Users\Karine\AppData\Local\EmieBrowserModeList
2015-01-16 19:17 - 2015-01-16 19:17 - 00613057 _____ (CMI Limited) C:\Users\Karine\AppData\Local\nseD3B5.tmp
2015-01-16 18:55 - 2015-01-16 21:43 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-16 18:53 - 2015-01-18 00:09 - 00000000 ____D () C:\Users\Karine\AppData\Local\com
2015-01-16 18:52 - 2015-01-18 11:23 - 00001366 _____ () C:\Windows\Tasks\MWTVWJ.job
2015-01-16 18:52 - 2015-01-18 11:23 - 00001366 _____ () C:\Windows\Tasks\LORNAL.job
2015-01-16 18:52 - 2015-01-18 11:23 - 00001362 _____ () C:\Windows\Tasks\ZFLP.job
2015-01-16 18:52 - 2015-01-18 11:23 - 00001362 _____ () C:\Windows\Tasks\TEYJ.job
2015-01-15 10:25 - 2015-01-15 10:26 - 03766675 _____ () C:\Users\Karine\Downloads\Vocal 017.m4a
2015-01-14 15:51 - 2014-12-12 02:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:51 - 2014-12-12 01:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 15:51 - 2014-12-06 03:36 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 15:51 - 2014-12-06 02:28 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:51 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 15:50 - 2014-12-19 06:46 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:50 - 2014-12-09 04:42 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:50 - 2014-12-08 20:46 - 00485544 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 15:50 - 2014-12-08 20:46 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 15:50 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 15:50 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 15:50 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 15:50 - 2014-12-06 02:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 15:50 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 15:50 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 15:50 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 15:50 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 15:50 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 15:50 - 2014-10-29 04:07 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 15:50 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 15:50 - 2014-10-29 01:49 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-08 22:17 - 2015-01-08 22:17 - 00075495 _____ () C:\Users\Karine\Downloads\EDT Licence Lettres Modernes 2e semestre 2014-2015.xlsx
2015-01-06 13:52 - 2015-01-06 13:52 - 02181171 _____ () C:\Users\Karine\Downloads\Vocal 014.m4a
2014-12-22 14:09 - 2014-12-22 14:09 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-12-19 18:01 - 2014-12-19 18:01 - 00000172 _____ () C:\Users\Karine\Downloads\jre-8u25-windows-i586(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 12:25 - 2014-11-06 17:42 - 00351232 ___SH () C:\Users\Karine\Downloads\Thumbs.db
2015-01-18 12:11 - 2014-07-15 13:48 - 02047095 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 12:04 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\system32\sru
2015-01-18 11:27 - 2014-03-18 08:56 - 01824010 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-18 11:23 - 2014-10-11 12:50 - 00000000 __RDO () C:\Users\Karine\OneDrive
2015-01-18 11:23 - 2014-10-10 22:01 - 00000000 ___RD () C:\Users\Karine\Dropbox
2015-01-18 11:23 - 2014-10-10 21:58 - 00000000 ____D () C:\Users\Karine\AppData\Roaming\Dropbox
2015-01-18 11:21 - 2014-03-18 01:46 - 00056154 _____ () C:\Windows\PFRO.log
2015-01-18 11:21 - 2013-08-22 08:23 - 00025522 _____ () C:\Windows\setupact.log
2015-01-18 11:21 - 2013-08-22 08:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 11:21 - 2013-08-22 07:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-18 10:58 - 2014-10-10 21:33 - 00000000 ____D () C:\Users\Karine\AppData\Roaming\vlc
2015-01-18 10:26 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-16 21:06 - 2013-08-22 07:13 - 00000194 _____ () C:\Windows\win.ini
2015-01-16 20:49 - 2014-12-12 18:56 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-16 19:20 - 2014-10-13 19:57 - 00000000 ____D () C:\Users\Karine\AppData\Local\Adobe
2015-01-16 19:17 - 2014-10-11 14:16 - 00000000 __SHD () C:\aws
2015-01-16 19:17 - 2014-04-10 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-16 19:17 - 2014-04-10 19:54 - 00000000 ____D () C:\Program Files\ASUS
2015-01-16 19:14 - 2014-10-11 13:38 - 00000000 ____D () C:\Users\Karine\AppData\Roaming\Real
2015-01-16 19:14 - 2014-10-11 13:37 - 00000000 ____D () C:\ProgramData\Real
2015-01-16 19:14 - 2014-07-15 13:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-16 19:13 - 2014-07-15 13:51 - 00000000 ____D () C:\Program Files\Intel
2015-01-16 19:11 - 2014-10-10 21:29 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-16 19:11 - 2014-10-08 19:54 - 00001460 _____ () C:\Users\Karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-16 18:55 - 2013-08-22 07:21 - 00000000 ___RD () C:\Users\Public
2015-01-16 12:13 - 2014-10-10 22:47 - 00000090 _____ () C:\Users\Karine\AppData\Roaming\WB.CFG
2015-01-14 23:47 - 2014-10-10 22:33 - 00000000 ____D () C:\Users\Karine\Desktop\FAC2014-2015
2015-01-14 17:15 - 2013-08-22 09:05 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-06 01:08 - 2013-08-22 09:18 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 09:18 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-31 12:13 - 2014-10-08 20:03 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-22 20:42 - 2014-10-19 18:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-22 20:38 - 2014-10-19 18:05 - 109818608 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-22 14:09 - 2014-10-24 14:17 - 00000000 ____D () C:\ProgramData\EPSON

==================== Files in the root of some directories =======
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Karine\AppData\Roaming\LORNAL
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Karine\AppData\Roaming\MWTVWJ
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Karine\AppData\Roaming\TEYJ
2014-10-10 22:47 - 2015-01-16 12:13 - 0000090 _____ () C:\Users\Karine\AppData\Roaming\WB.CFG
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Karine\AppData\Roaming\ZFLP
2015-01-16 19:17 - 2015-01-16 19:17 - 0613057 _____ (CMI Limited) C:\Users\Karine\AppData\Local\nseD3B5.tmp
2015-01-16 20:08 - 2015-01-16 20:08 - 0628496 _____ (CMI Limited) C:\Users\Karine\AppData\Local\nsi95F7.tmp
2014-04-10 19:54 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2014-04-10 19:54 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-04-10 19:54 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Karine\AppData\Local\Temp\9FE6A1E7-B783-103C-6AFE-63F2A3675D19.exe
C:\Users\Karine\AppData\Local\Temp\A639C9C4-46E0-4BAC-18D6-528B561019C5.dll
C:\Users\Karine\AppData\Local\Temp\A639C9C4-46E0-4BAC-18D6-528B561019C5.exe
C:\Users\Karine\AppData\Local\Temp\amisetup5566__11083.exe
C:\Users\Karine\AppData\Local\Temp\amisetup6150__11083.exe
C:\Users\Karine\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\Karine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxyfg9t.dll
C:\Users\Karine\AppData\Local\Temp\Quarantine.exe
C:\Users\Karine\AppData\Local\Temp\SetupHomeStudentRetail.x86.fr-FR_HomeStudentRetail_FNMCP-XTWG7-Y6FKK-JTTYH-4CW9Q_act_1_.exe
C:\Users\Karine\AppData\Local\Temp\sqlite3.dll
C:\Users\Karine\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 10:26

==================== End Of Log ============================


Users shortcut scan result (x86) Version: 18-01-2015
Ran by Karine at 2015-01-18 12:29:42
Running from C:\Users\Karine\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut:
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 658
18 janv. 2015 à 13:51
Les rapports FRST sont à donner via pjjoint.
0