Désolée, j'ai choppé un virus, je ne peux pas selectionner
Fermé
ccathF
Messages postés
24
Date d'inscription
samedi 28 février 2015
Statut
Membre
Dernière intervention
22 mai 2015
-
20 mai 2015 à 17:36
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 22 mai 2015 à 10:51
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 22 mai 2015 à 10:51
A voir également:
- Désolée, j'ai choppé un virus, je ne peux pas selectionner
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Sélectionner texte pdf - Guide
- Faux message virus ordinateur - Accueil - Arnaque
- Tinyurl.com virus - Forum Virus
6 réponses
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
20 mai 2015 à 17:42
20 mai 2015 à 17:42
Salut,
1/
Télécharge : AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)
2/
[*] Télécharge :Farbar Recovery Scan Tool (FRST) à partir
ce lien : https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
[*] Enregistre le sur votre bureau ( Vous devez exécuter la version compatible avec votre système 32 bits ou 64 bits)
==> Comment savoir quelle version 32 bits ou 64 bits est exécutée sur mon système ?
[*] Lance FRST, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
[*] Sur le menu principal, vérifie que la case "Addition.txt" soit cochée puis clique sur "Scan" et patiente le temps de l'analyse
[*] Une fois le scan terminé rends toi sur le bureau, deux rapports FRST.txt et Addition.txt ont été créés.
[*] Héberge les rapports FRST.txt et Addition.txt présent sur ton bureau sur : malekal.com
[*] Fais copier/coller les liens fournis dans ta prochaine réponse.
==> Aide: <<<ICI>>>
@+
1/
Télécharge : AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)
2/
[*] Télécharge :Farbar Recovery Scan Tool (FRST) à partir
ce lien : https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
[*] Enregistre le sur votre bureau ( Vous devez exécuter la version compatible avec votre système 32 bits ou 64 bits)
==> Comment savoir quelle version 32 bits ou 64 bits est exécutée sur mon système ?
[*] Lance FRST, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
[*] Sur le menu principal, vérifie que la case "Addition.txt" soit cochée puis clique sur "Scan" et patiente le temps de l'analyse
[*] Une fois le scan terminé rends toi sur le bureau, deux rapports FRST.txt et Addition.txt ont été créés.
[*] Héberge les rapports FRST.txt et Addition.txt présent sur ton bureau sur : malekal.com
[*] Fais copier/coller les liens fournis dans ta prochaine réponse.
==> Aide: <<<ICI>>>
@+
ccathF
Messages postés
24
Date d'inscription
samedi 28 février 2015
Statut
Membre
Dernière intervention
22 mai 2015
20 mai 2015 à 18:12
20 mai 2015 à 18:12
Bonsoir et merci pour ton aide.
Concernant adwcleaner, j'ai cliqué sur "nettoyer" et ensuite, plus rien.
Concernant le deuxième, il ne m'a pas été demandé de choisir une destination pour l'enregistrer.
J'ai eu ces deux rapports:
1.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by cath (administrator) on CATH on 20-05-2015 18:04:59
Running from C:\Users\cath\Downloads
Loaded Profiles: cath (Available profiles: UpdatusUser & cath)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
(Cambridge Silicon Radio Limited) C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2874256 2012-12-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [CsrHCRPServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] ()
HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-20] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\MountPoints2: {290f1be4-aad1-11e3-824f-54bef74e59da} - "E:\Set-up.exe"
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\MountPoints2: {6cb20fbc-1626-11e3-be6b-806e6f6e6963} - "D:\Autorun.exe"
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\MountPoints2: {b30846d9-32b7-11e4-be9b-54bef74e59da} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\cath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 1050 J410 series.lnk [2014-01-08]
ShortcutTarget: Alertes de surveillance de l'encre - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-20] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1213990004-317629520-483694600-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yhs4.search.yahoo.com/... 8.1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://fr.search.yahoo.com/yhs/?hspart=iry&hsimp=yhs-fullyhosted_003 8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://fr.search.yahoo.com/yhs/?hspart=iry&hsimp=yhs-fullyhosted_003 8.1&p={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_clu_15_12&cd=2XzuyEtN2Y1L1QzuyCtDtDtB0ByEtC0D0EtA0AtC0A0F0C0FtN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtCyCtBzzyBtDtGtA0D0AtCtGtDyCtBzytGtAtAzzyEtGtAzyyDtA0BzztB0EtDyCtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0AtC0B0FyDtCtGzz0D0DtAtGyEyDtD0EtGzytDyDtBtGtAzy0C0A0BzzyB0D0E0DyCzy2Q&cr=1401988859&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1213990004-317629520-483694600-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://fr.search.yahoo.com/yhs/?hspart=iry&hsimp=yhs-fullyhosted_003 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1213990004-317629520-483694600-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://fr.search.yahoo.com/yhs/?hspart=iry&hsimp=yhs-fullyhosted_003 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1213990004-317629520-483694600-1002 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_clu_15_12&cd=2XzuyEtN2Y1L1QzuyCtDtDtB0ByEtC0D0EtA0AtC0A0F0C0FtN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtCyCtBzzyBtDtGtA0D0AtCtGtDyCtBzytGtAtAzzyEtGtAzyyDtA0BzztB0EtDyCtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0AtC0B0FyDtCtGzz0D0DtAtGyEyDtD0EtGzytDyDtBtGtAzy0C0A0BzzyB0D0E0DyCzy2Q&cr=1401988859&ir=
SearchScopes: HKU\S-1-5-21-1213990004-317629520-483694600-1002 -> {A23A2FF2-0706-4EC4-8CCF-E6D35A2CC3BD} URL = https://fr.search.yahoo.com/web?fr=chr-greentree_ie{searchTerms}
BHO: dailyyprrizze -> {4082FE46-0FA7-45AC-B797-0B4709D42550} -> C:\Program Files (x86)\dailyyprrizze\ogzsu9yxLaeeZi.x64.dll [2015-05-20] ()
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-20] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: lowpricceis -> {B7F2571E-C297-4EFB-9162-20AFC10E13E2} -> C:\Program Files (x86)\lowpricceis\wSVQzWpdt4R3JH.x64.dll [2015-05-20] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: No Name -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-20] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\user.js [2015-03-22]
FF SearchPlugin: C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\searchplugins\search-provided-by-yahoo.xml [2015-03-22]
FF Extension: SaleoFfer - C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\Extensions\k0@3hwvkkrg.com [2015-05-20]
FF Extension: No Name - C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\Extensions\nilfceoulkpyn@oobkxohwxgkfghsgizo.org [2015-05-19]
FF Extension: Firebug - C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\Extensions\firebug@software.joehewitt.com.xpi [2014-01-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe cs5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe cs5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-20]
FF HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (eyeCare Protect your vision and health) - C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeeningnfkaonkonalpcicgemnnijjhn [2015-05-20]
CHR Extension: (Bookmark Manager) - C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Avast Online Security) - C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-20] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-09-05] (Dritek System INC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]
U2 e15b56b7; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\SegmentProlonger\SegmentProlonger.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-20] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-20] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-20] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-20] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-20] ()
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 csravrcp; C:\Windows\System32\drivers\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Limited)
R3 CsrBthAudioHF; C:\Windows\system32\DRIVERS\CsrBthAudioHF.sys [39120 2012-03-22] (Cambridge Silicon Radio Limited)
R3 CsrBtPort; C:\Windows\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrhfgcc; C:\Windows\System32\drivers\csrhfgcc.sys [38080 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrpan; C:\Windows\system32\DRIVERS\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrserial; C:\Windows\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csr_bthav; C:\Windows\system32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Limited)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-13] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-09-05] (Dritek System Inc.)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
U3 wampapache64; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 18:04 - 2015-05-20 18:05 - 00028970 _____ () C:\Users\cath\Downloads\FRST.txt
2015-05-20 18:04 - 2015-05-20 18:05 - 00000000 ____D () C:\FRST
2015-05-20 18:04 - 2015-05-20 18:04 - 02107904 _____ (Farbar) C:\Users\cath\Downloads\FRST64.exe
2015-05-20 17:58 - 2015-05-20 17:58 - 00001880 _____ () C:\Users\cath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-05-20 17:43 - 2015-05-20 17:43 - 02209792 _____ () C:\Users\cath\Downloads\adwcleaner_4.204.exe
2015-05-20 13:42 - 2015-05-20 13:42 - 00000000 ____D () C:\Users\cath\AppData\Roaming\AVAST Software
2015-05-20 13:39 - 2015-05-20 13:39 - 00001950 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-20 13:39 - 2015-05-20 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-20 13:38 - 2015-05-20 13:38 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-20 13:38 - 2015-05-20 13:38 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-05-20 13:38 - 2015-05-20 13:38 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-05-20 13:38 - 2015-05-20 13:37 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-20 13:31 - 2015-05-20 13:31 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-20 13:29 - 2015-05-20 13:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-20 13:27 - 2015-05-20 13:28 - 05481336 _____ (Avast Software s.r.o.) C:\Users\cath\Downloads\avast_free_antivirus_setup_online_01net.exe
2015-05-20 13:13 - 2015-05-20 16:38 - 00433784 _____ () C:\WINDOWS\PFRO.log
2015-05-20 13:13 - 2015-05-20 13:14 - 07340536 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-20 12:25 - 2015-05-20 18:00 - 00000693 _____ () C:\WINDOWS\setupact.log
2015-05-20 12:25 - 2015-05-20 12:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-20 12:24 - 2015-05-20 18:03 - 00302679 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-20 09:11 - 2015-05-20 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-20 08:16 - 2015-05-20 13:11 - 00000000 ____D () C:\Program Files (x86)\eyeCare Protect your vision and health
2015-05-20 08:15 - 2015-05-20 13:45 - 00000000 ____D () C:\Program Files (x86)\dailyyprrizze
2015-05-20 08:14 - 2015-05-20 13:45 - 00000000 ____D () C:\Program Files (x86)\lowpricceis
2015-05-20 08:14 - 2015-05-20 13:11 - 00000000 ____D () C:\Program Files (x86)\SaleoFfer
2015-05-20 08:14 - 2015-05-20 08:16 - 00000000 ____D () C:\ProgramData\8525013640150914827
2015-05-19 17:54 - 2015-05-19 17:54 - 00000079 _____ () C:\Program Files (x86)\prefs.js
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\WINDOWS\system32\gl-ES
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\WINDOWS\system32\fr-CA
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\WINDOWS\system32\eu-ES
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\WINDOWS\system32\es-cl
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\WINDOWS\system32\ca-ES
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\Program Files (x86)\CSR
2015-05-18 20:06 - 2015-05-18 20:06 - 00000000 ____D () C:\Program Files\CSR
2015-05-18 20:02 - 2015-05-18 20:02 - 00000000 ____D () C:\Users\cath\Downloads\CSR_Harmony_Software_Ver_2_1_63_0
2015-05-18 19:43 - 2015-05-18 20:02 - 427178476 _____ () C:\Users\cath\Downloads\CSR_Harmony_Software_Ver_2_1_63_0.zip
2015-05-16 18:17 - 2015-05-16 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-16 18:16 - 2015-05-16 18:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-05-16 18:15 - 2015-05-16 18:17 - 00001959 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-05-16 18:15 - 2015-05-16 18:17 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-16 18:15 - 2015-05-16 18:15 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-16 11:16 - 2015-05-19 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 09:44 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 09:44 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:57 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 10:57 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 10:57 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 10:57 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 10:57 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 10:57 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 10:57 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 10:57 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 10:57 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 10:57 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 10:57 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 10:57 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 10:57 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 10:57 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 10:57 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 10:57 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 10:57 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 10:57 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 10:57 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 10:57 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 10:57 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 10:57 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 10:57 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 10:57 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-13 10:56 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 10:56 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 10:55 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 10:55 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 10:55 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 10:55 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 10:55 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 10:55 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 10:55 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 10:55 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 10:55 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 10:55 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 10:55 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 10:53 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 10:53 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 10:53 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 10:53 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 10:53 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 10:53 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 10:53 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 10:53 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 10:53 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 10:53 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 10:53 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 10:53 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 10:53 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 10:53 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 10:53 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 10:53 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 10:53 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 10:53 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 10:53 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 10:53 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 10:53 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 10:53 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 10:53 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 10:53 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 10:53 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 10:53 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 10:53 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 10:53 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 10:53 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 10:53 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 10:53 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 10:53 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 10:53 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 10:53 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 10:53 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 10:53 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 10:53 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 10:53 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 10:53 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 10:52 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 10:52 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 10:52 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 12:16 - 2015-05-12 12:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_csrserial_01009.Wdf
2015-05-12 12:12 - 2015-05-12 12:12 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_csrpan_01009.Wdf
2015-05-12 12:09 - 2015-05-12 12:09 - 00001188 _____ () C:\Users\cath\Desktop\videos-assises.txt
2015-05-12 12:06 - 2015-05-19 16:05 - 00000000 ____D () C:\BluetoothExchangeFolder
2015-05-11 13:48 - 2015-05-11 13:48 - 00000000 ____D () C:\Users\cath\Downloads\register-plus-redux.4.1.2
2015-05-11 13:47 - 2015-05-11 13:47 - 01086018 _____ () C:\Users\cath\Downloads\register-plus-redux.4.1.2.zip
2015-05-10 11:16 - 2015-05-10 11:16 - 00001777 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-10 11:16 - 2015-05-10 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-10 11:15 - 2015-05-10 11:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-10 11:15 - 2015-05-10 11:15 - 00000000 ____D () C:\Program Files\iTunes
2015-05-10 11:15 - 2015-05-10 11:15 - 00000000 ____D () C:\Program Files\iPod
2015-05-07 14:27 - 2015-05-07 14:27 - 01649389 _____ () C:\Users\cath\Downloads\views-7.x-3.11.tar.gz
2015-05-07 14:27 - 2015-05-07 14:27 - 00137672 _____ () C:\Users\cath\Downloads\webform-7.x-3.24.tar.gz
2015-05-07 14:27 - 2015-05-07 14:27 - 00000000 ____D () C:\Users\cath\Downloads\webform-7.x-3.24
2015-05-07 14:27 - 2015-05-07 14:27 - 00000000 ____D () C:\Users\cath\Downloads\views-7.x-3.11
2015-05-07 14:27 - 2015-05-07 14:27 - 00000000 ____D () C:\Users\cath\Downloads\ctools-7.x-1.7
2015-05-07 14:26 - 2015-05-07 14:26 - 00426463 _____ () C:\Users\cath\Downloads\ctools-7.x-1.7.tar.gz
2015-05-07 14:24 - 2015-05-07 14:24 - 00000000 ____D () C:\Users\cath\Downloads\drupal-7.37
2015-05-07 14:23 - 2015-05-07 14:23 - 03244291 _____ () C:\Users\cath\Downloads\drupal-7.37.tar.gz
2015-05-07 13:37 - 2015-05-07 13:37 - 00140993 _____ () C:\Users\cath\Downloads\webform-6.x-3.23.tar.gz
2015-05-07 13:37 - 2015-05-07 13:37 - 00000000 ____D () C:\Users\cath\Downloads\webform-6.x-3.23
2015-05-07 13:36 - 2015-05-07 13:36 - 01270729 _____ () C:\Users\cath\Downloads\views-6.x-2.18.tar.gz
2015-05-07 13:36 - 2015-05-07 13:36 - 00000000 ____D () C:\Users\cath\Downloads\views-6.x-2.18
2015-05-07 13:30 - 2015-05-07 13:30 - 00000000 ____D () C:\Users\cath\Downloads\contentanalysis-6.x-1.7
2015-05-07 13:29 - 2015-05-07 13:29 - 00050443 _____ () C:\Users\cath\Downloads\contentanalysis-6.x-1.7.tar.gz
2015-05-07 13:22 - 2015-05-07 13:22 - 00375805 _____ () C:\Users\cath\Downloads\ctools-6.x-1.12.tar.gz
2015-05-07 13:22 - 2015-05-07 13:22 - 00000000 ____D () C:\Users\cath\Downloads\ctools-6.x-1.12
2015-05-07 12:50 - 2015-05-07 12:51 - 12428021 _____ () C:\Users\cath\Downloads\voyancemagie.sql
2015-05-07 12:41 - 2015-05-07 12:42 - 16836847 _____ () C:\Users\cath\Downloads\katia.sql
2015-05-07 12:37 - 2015-05-07 12:37 - 00000000 ____D () C:\Users\cath\Downloads\drupal-6.35
2015-05-07 12:34 - 2015-05-07 12:35 - 01112024 _____ () C:\Users\cath\Downloads\drupal-6.35.tar.gz
2015-05-06 13:17 - 2015-05-06 13:17 - 02206093 _____ () C:\Users\cath\Downloads\profile-builder.2.1.6.zip
2015-05-06 13:17 - 2015-05-06 13:17 - 00000000 ____D () C:\Users\cath\Downloads\profile-builder.2.1.6
2015-05-06 11:17 - 2015-05-06 20:56 - 00006312 _____ () C:\Users\cath\Desktop\codes-pages-assises.txt
2015-05-01 19:37 - 2015-05-19 09:03 - 00000000 ____D () C:\ProgramData\6758b3b000063c4
2015-04-29 21:04 - 2015-04-29 21:04 - 01883565 _____ () C:\Users\cath\Downloads\guig_assisestransfrontalieresorg(4).sql
2015-04-29 19:44 - 2015-04-29 19:44 - 02341778 _____ () C:\Users\cath\Downloads\CherryFramework.zip
2015-04-29 11:36 - 2015-04-29 23:08 - 00004014 _____ () C:\Users\cath\Desktop\modifs-reparations-assises.txt
2015-04-29 10:59 - 2015-04-29 10:59 - 00000000 ____D () C:\Users\cath\Downloads\cherry-plugin-master
2015-04-29 10:58 - 2015-04-29 10:58 - 00523463 _____ () C:\Users\cath\Downloads\cherry-plugin-master.zip
2015-04-29 08:31 - 2015-04-29 08:31 - 00000000 ____D () C:\Users\cath\AppData\Roaming\WinRAR
2015-04-29 08:30 - 2015-04-29 08:30 - 00001045 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2015-04-29 08:30 - 2015-04-29 08:30 - 00000000 ____D () C:\Users\cath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-29 08:30 - 2015-04-29 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-29 08:30 - 2015-04-29 08:30 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-04-29 08:30 - 2015-04-29 08:29 - 01857120 _____ () C:\Users\cath\Downloads\winrar_5-21_fr_9632_32 [1].exe
2015-04-29 08:28 - 2015-04-29 08:28 - 00732616 _____ (Generic ) C:\Users\cath\Downloads\winrar_5-21_fr_9632_32.exe
2015-04-26 23:58 - 2015-04-26 23:59 - 01110476 _____ () C:\Users\cath\Downloads\7-zip_9-20_fr_11161_32.exe
2015-04-26 23:56 - 2015-04-26 23:56 - 07323083 _____ () C:\Users\cath\Downloads\wordpress-4.2-fr_FR.zip
2015-04-20 12:47 - 2015-04-20 12:47 - 02404741 _____ () C:\Users\cath\Downloads\guig_preprod2(3).sql
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 18:05 - 2014-01-06 17:28 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1213990004-317629520-483694600-1002
2015-05-20 18:04 - 2015-03-01 14:54 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 18:03 - 2014-03-13 19:24 - 00000000 ___DO () C:\Users\cath\SkyDrive
2015-05-20 18:02 - 2014-01-06 20:47 - 00000000 ____D () C:\Users\cath\AppData\Roaming\Skype
2015-05-20 18:01 - 2015-03-01 14:54 - 00001082 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 17:59 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-20 17:59 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-20 17:55 - 2014-01-09 08:29 - 00000000 ____D () C:\Users\cath\AppData\Local\CrashDumps
2015-05-20 17:54 - 2014-03-22 16:30 - 00000000 ____D () C:\AdwCleaner
2015-05-20 17:48 - 2014-01-06 20:43 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-20 17:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-20 16:46 - 2013-11-14 09:32 - 01831884 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-20 16:46 - 2013-11-14 09:13 - 00815098 _____ () C:\WINDOWS\system32\perfh00C.dat
2015-05-20 16:46 - 2013-11-14 09:13 - 00160394 _____ () C:\WINDOWS\system32\perfc00C.dat
2015-05-20 16:44 - 2014-03-21 20:17 - 00003916 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DA9B2BB5-0DB8-4142-A096-70E46C7C0B34}
2015-05-20 13:13 - 2014-01-06 18:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 12:38 - 2015-02-28 13:07 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 12:38 - 2015-02-28 13:07 - 00001086 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-20 12:38 - 2015-02-28 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-20 12:38 - 2015-02-28 13:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-20 12:29 - 2015-03-01 15:09 - 00020992 ___SH () C:\Users\cath\Desktop\Thumbs.db
2015-05-20 12:27 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-20 09:15 - 2013-06-19 13:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-18 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2015-05-18 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH
2015-05-18 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2015-05-18 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2015-05-18 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA
2015-05-17 19:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-17 14:19 - 2014-01-14 19:32 - 00001456 _____ () C:\Users\cath\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
2015-05-16 18:15 - 2014-01-06 20:43 - 00003890 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-16 18:15 - 2014-01-06 19:24 - 00000000 ____D () C:\Users\cath\AppData\Local\Adobe
2015-05-16 13:54 - 2014-03-13 18:54 - 00000000 ____D () C:\Users\cath
2015-05-16 10:59 - 2015-03-01 14:54 - 00004058 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 10:59 - 2015-03-01 14:54 - 00003822 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-15 11:04 - 2015-03-01 14:57 - 00002173 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-15 10:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 10:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-14 09:45 - 2014-01-06 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 09:43 - 2014-01-07 08:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-14 09:37 - 2014-01-07 08:32 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-14 09:32 - 2014-08-02 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-14 09:32 - 2013-08-22 15:25 - 00000269 _____ () C:\WINDOWS\win.ini
2015-05-14 09:29 - 2014-12-07 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 09:28 - 2014-12-07 17:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 09:28 - 2014-12-07 17:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 09:23 - 2013-11-14 09:16 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:12 - 2014-01-07 15:57 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 23:17 - 2014-01-06 20:00 - 00000000 ____D () C:\Users\cath\AppData\Roaming\FileZilla
2015-05-13 16:23 - 2014-12-13 11:15 - 00000600 _____ () C:\Users\cath\AppData\Local\PUTTY.RND
2015-05-12 09:17 - 2014-02-24 23:13 - 00034212 _____ () C:\Users\cath\Desktop\camille-assises.txt
2015-05-10 11:15 - 2014-09-17 18:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-10 11:15 - 2014-02-20 13:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-07 11:34 - 2014-03-08 10:59 - 00000000 ____D () C:\Users\cath\Documents\auto
2015-05-05 19:59 - 2015-03-12 09:06 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-03-12 09:06 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 20:54 - 2014-09-17 12:08 - 00000000 ____D () C:\Users\cath\AppData\Local\Research In Motion
2015-05-01 20:53 - 2014-09-17 12:06 - 00001937 _____ () C:\Users\cath\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-05-01 20:47 - 2015-02-28 14:54 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2015-05-01 19:39 - 2015-04-06 10:31 - 00000000 ____D () C:\Users\cath\AppData\Roaming\WildTangent
2015-05-01 19:39 - 2013-06-19 13:16 - 00000000 ____D () C:\ProgramData\WildTangent
2015-05-01 19:39 - 2013-06-19 13:16 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-04-27 07:56 - 2014-03-06 18:01 - 00000000 ____D () C:\ProgramData\Skype
2015-04-26 23:57 - 2015-03-22 16:34 - 00000000 ____D () C:\Users\cath\AppData\Local\WinZip
==================== Files in the root of some directories =======
2015-05-19 17:54 - 2015-05-19 17:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-08-02 16:41 - 2014-08-02 16:41 - 0000421 _____ () C:\Users\cath\AppData\Roaming\1_and_1_redirect.xml
2015-03-10 19:32 - 2015-03-10 19:32 - 0000600 _____ () C:\Users\cath\AppData\Roaming\PUTTY.RND
2014-09-17 12:08 - 2014-09-17 18:23 - 0000154 _____ () C:\Users\cath\AppData\Roaming\Rim.Desktop.Exception.log
2014-09-17 12:06 - 2015-05-01 20:53 - 0001937 _____ () C:\Users\cath\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-09-17 12:08 - 2014-09-17 18:23 - 0000154 _____ () C:\Users\cath\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-21 21:46 - 2015-03-22 18:28 - 0000133 _____ () C:\Users\cath\AppData\Roaming\WB.CFG
2014-01-14 19:32 - 2015-05-17 14:19 - 0001456 _____ () C:\Users\cath\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
2015-03-22 18:28 - 2015-03-22 18:28 - 0000010 _____ () C:\Users\cath\AppData\Local\DSI.DAT
2014-12-13 11:15 - 2015-05-13 16:23 - 0000600 _____ () C:\Users\cath\AppData\Local\PUTTY.RND
2014-01-08 00:00 - 2014-01-08 00:00 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\cath\AppData\Local\Temp\HitmanPro.exe
C:\Users\cath\AppData\Local\Temp\Quarantine.exe
C:\Users\cath\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-18 20:26
==================== End Of Log ============================
2.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by cath at 2015-05-20 18:06:41
Running from C:\Users\cath\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrateur (S-1-5-21-1213990004-317629520-483694600-500 - Administrator - Disabled)
cath (S-1-5-21-1213990004-317629520-483694600-1002 - Administrator - Enabled) => C:\Users\cath
HomeGroupUser$ (S-1-5-21-1213990004-317629520-483694600-1007 - Limited - Enabled)
Invité (S-1-5-21-1213990004-317629520-483694600-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1213990004-317629520-483694600-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Complément Microsoft Enregistrer en tant que PDF pour programmes Microsoft Office 2007 (HKLM-x32\...\{90120000-00B0-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CopyTrans Control Center désinstallation uniquement (HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - CSR Plc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 11.6.17.002_WHQL (HKLM\...\Elantech) (Version: 11.6.17.002 - ELAN Microelectronic Corp.)
Étude pour l'amélioration du produit HP Deskjet 1050 J410 series (HKLM\...\{0207D705-24F6-4BF7-BFD2-EBDE3D291879}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 1050 J410 series Aide (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Packard Bell)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Packard Bell)
Logiciel de base du périphérique HP Deskjet 1050 J410 series (HKLM\...\{635F63A6-9FC8-4101-B109-00698C6F3A91}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Outlook 2013 (HKLM-x32\...\Office15.OUTLOOK) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corp
Concernant adwcleaner, j'ai cliqué sur "nettoyer" et ensuite, plus rien.
Concernant le deuxième, il ne m'a pas été demandé de choisir une destination pour l'enregistrer.
J'ai eu ces deux rapports:
1.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by cath (administrator) on CATH on 20-05-2015 18:04:59
Running from C:\Users\cath\Downloads
Loaded Profiles: cath (Available profiles: UpdatusUser & cath)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
(Cambridge Silicon Radio Limited) C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2874256 2012-12-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [CsrHCRPServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] ()
HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-20] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\MountPoints2: {290f1be4-aad1-11e3-824f-54bef74e59da} - "E:\Set-up.exe"
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\MountPoints2: {6cb20fbc-1626-11e3-be6b-806e6f6e6963} - "D:\Autorun.exe"
HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\MountPoints2: {b30846d9-32b7-11e4-be9b-54bef74e59da} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\cath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 1050 J410 series.lnk [2014-01-08]
ShortcutTarget: Alertes de surveillance de l'encre - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-20] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1213990004-317629520-483694600-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yhs4.search.yahoo.com/... 8.1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://fr.search.yahoo.com/yhs/?hspart=iry&hsimp=yhs-fullyhosted_003 8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://fr.search.yahoo.com/yhs/?hspart=iry&hsimp=yhs-fullyhosted_003 8.1&p={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_clu_15_12&cd=2XzuyEtN2Y1L1QzuyCtDtDtB0ByEtC0D0EtA0AtC0A0F0C0FtN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtCyCtBzzyBtDtGtA0D0AtCtGtDyCtBzytGtAtAzzyEtGtAzyyDtA0BzztB0EtDyCtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0AtC0B0FyDtCtGzz0D0DtAtGyEyDtD0EtGzytDyDtBtGtAzy0C0A0BzzyB0D0E0DyCzy2Q&cr=1401988859&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1213990004-317629520-483694600-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://fr.search.yahoo.com/yhs/?hspart=iry&hsimp=yhs-fullyhosted_003 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1213990004-317629520-483694600-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = https://fr.search.yahoo.com/yhs/?hspart=iry&hsimp=yhs-fullyhosted_003 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1213990004-317629520-483694600-1002 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_clu_15_12&cd=2XzuyEtN2Y1L1QzuyCtDtDtB0ByEtC0D0EtA0AtC0A0F0C0FtN0D0Tzu0StCtCyByCtN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtCyCtBzzyBtDtGtA0D0AtCtGtDyCtBzytGtAtAzzyEtGtAzyyDtA0BzztB0EtDyCtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0AtC0B0FyDtCtGzz0D0DtAtGyEyDtD0EtGzytDyDtBtGtAzy0C0A0BzzyB0D0E0DyCzy2Q&cr=1401988859&ir=
SearchScopes: HKU\S-1-5-21-1213990004-317629520-483694600-1002 -> {A23A2FF2-0706-4EC4-8CCF-E6D35A2CC3BD} URL = https://fr.search.yahoo.com/web?fr=chr-greentree_ie{searchTerms}
BHO: dailyyprrizze -> {4082FE46-0FA7-45AC-B797-0B4709D42550} -> C:\Program Files (x86)\dailyyprrizze\ogzsu9yxLaeeZi.x64.dll [2015-05-20] ()
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-20] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: lowpricceis -> {B7F2571E-C297-4EFB-9162-20AFC10E13E2} -> C:\Program Files (x86)\lowpricceis\wSVQzWpdt4R3JH.x64.dll [2015-05-20] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: No Name -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-20] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\user.js [2015-03-22]
FF SearchPlugin: C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\searchplugins\search-provided-by-yahoo.xml [2015-03-22]
FF Extension: SaleoFfer - C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\Extensions\k0@3hwvkkrg.com [2015-05-20]
FF Extension: No Name - C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\Extensions\nilfceoulkpyn@oobkxohwxgkfghsgizo.org [2015-05-19]
FF Extension: Firebug - C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\Extensions\firebug@software.joehewitt.com.xpi [2014-01-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe cs5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe cs5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-20]
FF HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (eyeCare Protect your vision and health) - C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeeningnfkaonkonalpcicgemnnijjhn [2015-05-20]
CHR Extension: (Bookmark Manager) - C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Avast Online Security) - C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-20] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-09-05] (Dritek System INC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]
U2 e15b56b7; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\SegmentProlonger\SegmentProlonger.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-20] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-20] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-20] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-20] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-20] ()
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 csravrcp; C:\Windows\System32\drivers\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Limited)
R3 CsrBthAudioHF; C:\Windows\system32\DRIVERS\CsrBthAudioHF.sys [39120 2012-03-22] (Cambridge Silicon Radio Limited)
R3 CsrBtPort; C:\Windows\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrhfgcc; C:\Windows\System32\drivers\csrhfgcc.sys [38080 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrpan; C:\Windows\system32\DRIVERS\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrserial; C:\Windows\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
R3 csr_bthav; C:\Windows\system32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Limited)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-13] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-09-05] (Dritek System Inc.)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
U3 wampapache64; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 18:04 - 2015-05-20 18:05 - 00028970 _____ () C:\Users\cath\Downloads\FRST.txt
2015-05-20 18:04 - 2015-05-20 18:05 - 00000000 ____D () C:\FRST
2015-05-20 18:04 - 2015-05-20 18:04 - 02107904 _____ (Farbar) C:\Users\cath\Downloads\FRST64.exe
2015-05-20 17:58 - 2015-05-20 17:58 - 00001880 _____ () C:\Users\cath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-05-20 17:43 - 2015-05-20 17:43 - 02209792 _____ () C:\Users\cath\Downloads\adwcleaner_4.204.exe
2015-05-20 13:42 - 2015-05-20 13:42 - 00000000 ____D () C:\Users\cath\AppData\Roaming\AVAST Software
2015-05-20 13:39 - 2015-05-20 13:39 - 00001950 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-20 13:39 - 2015-05-20 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-20 13:38 - 2015-05-20 13:38 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-20 13:38 - 2015-05-20 13:38 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-05-20 13:38 - 2015-05-20 13:38 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-20 13:38 - 2015-05-20 13:38 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-05-20 13:38 - 2015-05-20 13:37 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-20 13:31 - 2015-05-20 13:31 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-20 13:29 - 2015-05-20 13:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-20 13:27 - 2015-05-20 13:28 - 05481336 _____ (Avast Software s.r.o.) C:\Users\cath\Downloads\avast_free_antivirus_setup_online_01net.exe
2015-05-20 13:13 - 2015-05-20 16:38 - 00433784 _____ () C:\WINDOWS\PFRO.log
2015-05-20 13:13 - 2015-05-20 13:14 - 07340536 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-20 12:25 - 2015-05-20 18:00 - 00000693 _____ () C:\WINDOWS\setupact.log
2015-05-20 12:25 - 2015-05-20 12:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-20 12:24 - 2015-05-20 18:03 - 00302679 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-20 09:11 - 2015-05-20 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-20 08:16 - 2015-05-20 13:11 - 00000000 ____D () C:\Program Files (x86)\eyeCare Protect your vision and health
2015-05-20 08:15 - 2015-05-20 13:45 - 00000000 ____D () C:\Program Files (x86)\dailyyprrizze
2015-05-20 08:14 - 2015-05-20 13:45 - 00000000 ____D () C:\Program Files (x86)\lowpricceis
2015-05-20 08:14 - 2015-05-20 13:11 - 00000000 ____D () C:\Program Files (x86)\SaleoFfer
2015-05-20 08:14 - 2015-05-20 08:16 - 00000000 ____D () C:\ProgramData\8525013640150914827
2015-05-19 17:54 - 2015-05-19 17:54 - 00000079 _____ () C:\Program Files (x86)\prefs.js
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\WINDOWS\system32\gl-ES
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\WINDOWS\system32\fr-CA
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\WINDOWS\system32\eu-ES
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\WINDOWS\system32\es-cl
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\WINDOWS\system32\ca-ES
2015-05-18 20:07 - 2015-05-18 20:07 - 00000000 ____D () C:\Program Files (x86)\CSR
2015-05-18 20:06 - 2015-05-18 20:06 - 00000000 ____D () C:\Program Files\CSR
2015-05-18 20:02 - 2015-05-18 20:02 - 00000000 ____D () C:\Users\cath\Downloads\CSR_Harmony_Software_Ver_2_1_63_0
2015-05-18 19:43 - 2015-05-18 20:02 - 427178476 _____ () C:\Users\cath\Downloads\CSR_Harmony_Software_Ver_2_1_63_0.zip
2015-05-16 18:17 - 2015-05-16 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-16 18:16 - 2015-05-16 18:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-05-16 18:15 - 2015-05-16 18:17 - 00001959 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-05-16 18:15 - 2015-05-16 18:17 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-16 18:15 - 2015-05-16 18:15 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-16 11:16 - 2015-05-19 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 09:44 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 09:44 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:57 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 10:57 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 10:57 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 10:57 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 10:57 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 10:57 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 10:57 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 10:57 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 10:57 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 10:57 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 10:57 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 10:57 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 10:57 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 10:57 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 10:57 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 10:57 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 10:57 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 10:57 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 10:57 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 10:57 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 10:57 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 10:57 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 10:57 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 10:57 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-13 10:56 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 10:56 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 10:55 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 10:55 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 10:55 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 10:55 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 10:55 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 10:55 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 10:55 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 10:55 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 10:55 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 10:55 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 10:55 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 10:53 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 10:53 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 10:53 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 10:53 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 10:53 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 10:53 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 10:53 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 10:53 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 10:53 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 10:53 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 10:53 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 10:53 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 10:53 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 10:53 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 10:53 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 10:53 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 10:53 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 10:53 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 10:53 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 10:53 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 10:53 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 10:53 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 10:53 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 10:53 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 10:53 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 10:53 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 10:53 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 10:53 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 10:53 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 10:53 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 10:53 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 10:53 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 10:53 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 10:53 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 10:53 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 10:53 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 10:53 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 10:53 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 10:53 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 10:52 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 10:52 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 10:52 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 12:16 - 2015-05-12 12:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_csrserial_01009.Wdf
2015-05-12 12:12 - 2015-05-12 12:12 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_csrpan_01009.Wdf
2015-05-12 12:09 - 2015-05-12 12:09 - 00001188 _____ () C:\Users\cath\Desktop\videos-assises.txt
2015-05-12 12:06 - 2015-05-19 16:05 - 00000000 ____D () C:\BluetoothExchangeFolder
2015-05-11 13:48 - 2015-05-11 13:48 - 00000000 ____D () C:\Users\cath\Downloads\register-plus-redux.4.1.2
2015-05-11 13:47 - 2015-05-11 13:47 - 01086018 _____ () C:\Users\cath\Downloads\register-plus-redux.4.1.2.zip
2015-05-10 11:16 - 2015-05-10 11:16 - 00001777 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-10 11:16 - 2015-05-10 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-10 11:15 - 2015-05-10 11:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-10 11:15 - 2015-05-10 11:15 - 00000000 ____D () C:\Program Files\iTunes
2015-05-10 11:15 - 2015-05-10 11:15 - 00000000 ____D () C:\Program Files\iPod
2015-05-07 14:27 - 2015-05-07 14:27 - 01649389 _____ () C:\Users\cath\Downloads\views-7.x-3.11.tar.gz
2015-05-07 14:27 - 2015-05-07 14:27 - 00137672 _____ () C:\Users\cath\Downloads\webform-7.x-3.24.tar.gz
2015-05-07 14:27 - 2015-05-07 14:27 - 00000000 ____D () C:\Users\cath\Downloads\webform-7.x-3.24
2015-05-07 14:27 - 2015-05-07 14:27 - 00000000 ____D () C:\Users\cath\Downloads\views-7.x-3.11
2015-05-07 14:27 - 2015-05-07 14:27 - 00000000 ____D () C:\Users\cath\Downloads\ctools-7.x-1.7
2015-05-07 14:26 - 2015-05-07 14:26 - 00426463 _____ () C:\Users\cath\Downloads\ctools-7.x-1.7.tar.gz
2015-05-07 14:24 - 2015-05-07 14:24 - 00000000 ____D () C:\Users\cath\Downloads\drupal-7.37
2015-05-07 14:23 - 2015-05-07 14:23 - 03244291 _____ () C:\Users\cath\Downloads\drupal-7.37.tar.gz
2015-05-07 13:37 - 2015-05-07 13:37 - 00140993 _____ () C:\Users\cath\Downloads\webform-6.x-3.23.tar.gz
2015-05-07 13:37 - 2015-05-07 13:37 - 00000000 ____D () C:\Users\cath\Downloads\webform-6.x-3.23
2015-05-07 13:36 - 2015-05-07 13:36 - 01270729 _____ () C:\Users\cath\Downloads\views-6.x-2.18.tar.gz
2015-05-07 13:36 - 2015-05-07 13:36 - 00000000 ____D () C:\Users\cath\Downloads\views-6.x-2.18
2015-05-07 13:30 - 2015-05-07 13:30 - 00000000 ____D () C:\Users\cath\Downloads\contentanalysis-6.x-1.7
2015-05-07 13:29 - 2015-05-07 13:29 - 00050443 _____ () C:\Users\cath\Downloads\contentanalysis-6.x-1.7.tar.gz
2015-05-07 13:22 - 2015-05-07 13:22 - 00375805 _____ () C:\Users\cath\Downloads\ctools-6.x-1.12.tar.gz
2015-05-07 13:22 - 2015-05-07 13:22 - 00000000 ____D () C:\Users\cath\Downloads\ctools-6.x-1.12
2015-05-07 12:50 - 2015-05-07 12:51 - 12428021 _____ () C:\Users\cath\Downloads\voyancemagie.sql
2015-05-07 12:41 - 2015-05-07 12:42 - 16836847 _____ () C:\Users\cath\Downloads\katia.sql
2015-05-07 12:37 - 2015-05-07 12:37 - 00000000 ____D () C:\Users\cath\Downloads\drupal-6.35
2015-05-07 12:34 - 2015-05-07 12:35 - 01112024 _____ () C:\Users\cath\Downloads\drupal-6.35.tar.gz
2015-05-06 13:17 - 2015-05-06 13:17 - 02206093 _____ () C:\Users\cath\Downloads\profile-builder.2.1.6.zip
2015-05-06 13:17 - 2015-05-06 13:17 - 00000000 ____D () C:\Users\cath\Downloads\profile-builder.2.1.6
2015-05-06 11:17 - 2015-05-06 20:56 - 00006312 _____ () C:\Users\cath\Desktop\codes-pages-assises.txt
2015-05-01 19:37 - 2015-05-19 09:03 - 00000000 ____D () C:\ProgramData\6758b3b000063c4
2015-04-29 21:04 - 2015-04-29 21:04 - 01883565 _____ () C:\Users\cath\Downloads\guig_assisestransfrontalieresorg(4).sql
2015-04-29 19:44 - 2015-04-29 19:44 - 02341778 _____ () C:\Users\cath\Downloads\CherryFramework.zip
2015-04-29 11:36 - 2015-04-29 23:08 - 00004014 _____ () C:\Users\cath\Desktop\modifs-reparations-assises.txt
2015-04-29 10:59 - 2015-04-29 10:59 - 00000000 ____D () C:\Users\cath\Downloads\cherry-plugin-master
2015-04-29 10:58 - 2015-04-29 10:58 - 00523463 _____ () C:\Users\cath\Downloads\cherry-plugin-master.zip
2015-04-29 08:31 - 2015-04-29 08:31 - 00000000 ____D () C:\Users\cath\AppData\Roaming\WinRAR
2015-04-29 08:30 - 2015-04-29 08:30 - 00001045 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2015-04-29 08:30 - 2015-04-29 08:30 - 00000000 ____D () C:\Users\cath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-29 08:30 - 2015-04-29 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-29 08:30 - 2015-04-29 08:30 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-04-29 08:30 - 2015-04-29 08:29 - 01857120 _____ () C:\Users\cath\Downloads\winrar_5-21_fr_9632_32 [1].exe
2015-04-29 08:28 - 2015-04-29 08:28 - 00732616 _____ (Generic ) C:\Users\cath\Downloads\winrar_5-21_fr_9632_32.exe
2015-04-26 23:58 - 2015-04-26 23:59 - 01110476 _____ () C:\Users\cath\Downloads\7-zip_9-20_fr_11161_32.exe
2015-04-26 23:56 - 2015-04-26 23:56 - 07323083 _____ () C:\Users\cath\Downloads\wordpress-4.2-fr_FR.zip
2015-04-20 12:47 - 2015-04-20 12:47 - 02404741 _____ () C:\Users\cath\Downloads\guig_preprod2(3).sql
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 18:05 - 2014-01-06 17:28 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1213990004-317629520-483694600-1002
2015-05-20 18:04 - 2015-03-01 14:54 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 18:03 - 2014-03-13 19:24 - 00000000 ___DO () C:\Users\cath\SkyDrive
2015-05-20 18:02 - 2014-01-06 20:47 - 00000000 ____D () C:\Users\cath\AppData\Roaming\Skype
2015-05-20 18:01 - 2015-03-01 14:54 - 00001082 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 17:59 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-20 17:59 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-20 17:55 - 2014-01-09 08:29 - 00000000 ____D () C:\Users\cath\AppData\Local\CrashDumps
2015-05-20 17:54 - 2014-03-22 16:30 - 00000000 ____D () C:\AdwCleaner
2015-05-20 17:48 - 2014-01-06 20:43 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-20 17:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-20 16:46 - 2013-11-14 09:32 - 01831884 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-20 16:46 - 2013-11-14 09:13 - 00815098 _____ () C:\WINDOWS\system32\perfh00C.dat
2015-05-20 16:46 - 2013-11-14 09:13 - 00160394 _____ () C:\WINDOWS\system32\perfc00C.dat
2015-05-20 16:44 - 2014-03-21 20:17 - 00003916 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DA9B2BB5-0DB8-4142-A096-70E46C7C0B34}
2015-05-20 13:13 - 2014-01-06 18:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 12:38 - 2015-02-28 13:07 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 12:38 - 2015-02-28 13:07 - 00001086 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-20 12:38 - 2015-02-28 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-20 12:38 - 2015-02-28 13:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-20 12:29 - 2015-03-01 15:09 - 00020992 ___SH () C:\Users\cath\Desktop\Thumbs.db
2015-05-20 12:27 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-20 09:15 - 2013-06-19 13:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-18 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2015-05-18 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH
2015-05-18 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2015-05-18 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2015-05-18 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA
2015-05-17 19:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-17 14:19 - 2014-01-14 19:32 - 00001456 _____ () C:\Users\cath\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
2015-05-16 18:15 - 2014-01-06 20:43 - 00003890 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-16 18:15 - 2014-01-06 19:24 - 00000000 ____D () C:\Users\cath\AppData\Local\Adobe
2015-05-16 13:54 - 2014-03-13 18:54 - 00000000 ____D () C:\Users\cath
2015-05-16 10:59 - 2015-03-01 14:54 - 00004058 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 10:59 - 2015-03-01 14:54 - 00003822 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-15 11:04 - 2015-03-01 14:57 - 00002173 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-15 10:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 10:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-14 09:45 - 2014-01-06 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 09:43 - 2014-01-07 08:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-14 09:37 - 2014-01-07 08:32 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-14 09:32 - 2014-08-02 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-14 09:32 - 2013-08-22 15:25 - 00000269 _____ () C:\WINDOWS\win.ini
2015-05-14 09:29 - 2014-12-07 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 09:28 - 2014-12-07 17:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 09:28 - 2014-12-07 17:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 09:23 - 2013-11-14 09:16 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:12 - 2014-01-07 15:57 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 23:17 - 2014-01-06 20:00 - 00000000 ____D () C:\Users\cath\AppData\Roaming\FileZilla
2015-05-13 16:23 - 2014-12-13 11:15 - 00000600 _____ () C:\Users\cath\AppData\Local\PUTTY.RND
2015-05-12 09:17 - 2014-02-24 23:13 - 00034212 _____ () C:\Users\cath\Desktop\camille-assises.txt
2015-05-10 11:15 - 2014-09-17 18:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-10 11:15 - 2014-02-20 13:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-07 11:34 - 2014-03-08 10:59 - 00000000 ____D () C:\Users\cath\Documents\auto
2015-05-05 19:59 - 2015-03-12 09:06 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-03-12 09:06 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 20:54 - 2014-09-17 12:08 - 00000000 ____D () C:\Users\cath\AppData\Local\Research In Motion
2015-05-01 20:53 - 2014-09-17 12:06 - 00001937 _____ () C:\Users\cath\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-05-01 20:47 - 2015-02-28 14:54 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2015-05-01 19:39 - 2015-04-06 10:31 - 00000000 ____D () C:\Users\cath\AppData\Roaming\WildTangent
2015-05-01 19:39 - 2013-06-19 13:16 - 00000000 ____D () C:\ProgramData\WildTangent
2015-05-01 19:39 - 2013-06-19 13:16 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-04-27 07:56 - 2014-03-06 18:01 - 00000000 ____D () C:\ProgramData\Skype
2015-04-26 23:57 - 2015-03-22 16:34 - 00000000 ____D () C:\Users\cath\AppData\Local\WinZip
==================== Files in the root of some directories =======
2015-05-19 17:54 - 2015-05-19 17:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-08-02 16:41 - 2014-08-02 16:41 - 0000421 _____ () C:\Users\cath\AppData\Roaming\1_and_1_redirect.xml
2015-03-10 19:32 - 2015-03-10 19:32 - 0000600 _____ () C:\Users\cath\AppData\Roaming\PUTTY.RND
2014-09-17 12:08 - 2014-09-17 18:23 - 0000154 _____ () C:\Users\cath\AppData\Roaming\Rim.Desktop.Exception.log
2014-09-17 12:06 - 2015-05-01 20:53 - 0001937 _____ () C:\Users\cath\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-09-17 12:08 - 2014-09-17 18:23 - 0000154 _____ () C:\Users\cath\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-21 21:46 - 2015-03-22 18:28 - 0000133 _____ () C:\Users\cath\AppData\Roaming\WB.CFG
2014-01-14 19:32 - 2015-05-17 14:19 - 0001456 _____ () C:\Users\cath\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
2015-03-22 18:28 - 2015-03-22 18:28 - 0000010 _____ () C:\Users\cath\AppData\Local\DSI.DAT
2014-12-13 11:15 - 2015-05-13 16:23 - 0000600 _____ () C:\Users\cath\AppData\Local\PUTTY.RND
2014-01-08 00:00 - 2014-01-08 00:00 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\cath\AppData\Local\Temp\HitmanPro.exe
C:\Users\cath\AppData\Local\Temp\Quarantine.exe
C:\Users\cath\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-18 20:26
==================== End Of Log ============================
2.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by cath at 2015-05-20 18:06:41
Running from C:\Users\cath\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrateur (S-1-5-21-1213990004-317629520-483694600-500 - Administrator - Disabled)
cath (S-1-5-21-1213990004-317629520-483694600-1002 - Administrator - Enabled) => C:\Users\cath
HomeGroupUser$ (S-1-5-21-1213990004-317629520-483694600-1007 - Limited - Enabled)
Invité (S-1-5-21-1213990004-317629520-483694600-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1213990004-317629520-483694600-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Complément Microsoft Enregistrer en tant que PDF pour programmes Microsoft Office 2007 (HKLM-x32\...\{90120000-00B0-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CopyTrans Control Center désinstallation uniquement (HKU\S-1-5-21-1213990004-317629520-483694600-1002\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - CSR Plc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 11.6.17.002_WHQL (HKLM\...\Elantech) (Version: 11.6.17.002 - ELAN Microelectronic Corp.)
Étude pour l'amélioration du produit HP Deskjet 1050 J410 series (HKLM\...\{0207D705-24F6-4BF7-BFD2-EBDE3D291879}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 1050 J410 series Aide (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Packard Bell)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Packard Bell)
Logiciel de base du périphérique HP Deskjet 1050 J410 series (HKLM\...\{635F63A6-9FC8-4101-B109-00698C6F3A91}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Outlook 2013 (HKLM-x32\...\Office15.OUTLOOK) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corp
ccathF
Messages postés
24
Date d'inscription
samedi 28 février 2015
Statut
Membre
Dernière intervention
22 mai 2015
20 mai 2015 à 18:14
20 mai 2015 à 18:14
J'ajoute que j'ai windows defender comme antivirus et que j'ai téléchargé Avast tout à l'heure qui n'arrête pas de m'envoyer des messages de menaces....
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
20 mai 2015 à 20:22
20 mai 2015 à 20:22
Bonsoir,
1/
Les rapports sont incomplets! :-)
Héberge FRST et Addition comme suit :
2/
Concernant ADWCleaner, vérifies si le rapport existe ici :
C:\AdwCleaner\AdwCleaner[S0].txt.
Poste le stp
Bonne soirée
1/
Les rapports sont incomplets! :-)
Héberge FRST et Addition comme suit :
- Rends toi sur pjjoint.malekal.com
- Clique sur le bouton Parcourir
- Sélectionne le fichier que tu veux héberger et clique sur Ouvrir
- Clique sur le bouton Envoyer
- Un message de confirmation s'affiche (L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015
- Copie le lien dans ta prochaine réponse.
2/
Concernant ADWCleaner, vérifies si le rapport existe ici :
C:\AdwCleaner\AdwCleaner[S0].txt.
Poste le stp
Bonne soirée
ccathF
Messages postés
24
Date d'inscription
samedi 28 février 2015
Statut
Membre
Dernière intervention
22 mai 2015
22 mai 2015 à 09:30
22 mai 2015 à 09:30
Voici le rapport d'adwcleaner:
# AdwCleaner v4.205 - Rapport créé le 22/05/2015 à 09:21:56
# Mis à jour le 21/05/2015 par Xplode
# Base de données : 2015-05-21.2 [Serveur]
# Système d'exploitation : Windows 8.1 (x64)
# Nom d'utilisateur : cath - CATH
# Exécuté depuis : C:\Users\cath\Downloads\adwcleaner_4.205.exe
# Option : Nettoyer
Dossier Supprimé : C:\ProgramData\8525013640150914827
Dossier Supprimé : C:\ProgramData\{eec0c6ee-3dc7-6c11-eec0-0c6ee3dc1bb8}
Dossier Supprimé : C:\Program Files (x86)\dailyyprrizze
Dossier Supprimé : C:\Program Files (x86)\lowpricceis
Dossier Supprimé : C:\Program Files (x86)\SaleoFfer
Dossier Supprimé : C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\Extensions\k0@3hwvkkrg.com
Dossier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeeningnfkaonkonalpcicgemnnijjhn
Dossier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Dossier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Dossier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Fichier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeeningnfkaonkonalpcicgemnnijjhn_0.localstorage
Fichier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeeningnfkaonkonalpcicgemnnijjhn_0.localstorage-journal
Fichier Supprimé : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
Fichier Supprimé : C:\Program Files (x86)\prefs.js
Fichier Supprimé : C:\Users\cath\AppData\Local\PUTTY.RND
Fichier Supprimé : C:\Users\cath\AppData\Roaming\PUTTY.RND
Fichier Supprimé : C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\invalidprefs.js
Fichier Supprimé : C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\user.js
Fichier Supprimé : C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\searchplugins\search-provided-by-yahoo.xml
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Clé Supprimée : HKLM\SOFTWARE\0ba88013-f9ee-bf75-79ef-fa4a6294759a
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{7A35867D-D50D-4D31-BAA2-279E5AACCBCC}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Clé Supprimée : HKCU\Software\Super Optimizer
Clé Supprimée : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKCU\Software\AppDataLow\Software\adawarebp
Clé Supprimée : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clé Supprimée : HKLM\SOFTWARE\Uniblue
Clé Supprimée : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
Donnée Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
-\\ Internet Explorer v11.0.9600.17416
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v38.0.1 (x86 fr)
-\\ Google Chrome v43.0.2357.65
[C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Supprimée [Search Provider] : hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_12¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dfr%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtB0ByEtC0D0EtA0AtC0A0F0C0FtN0D0Tzu0StCtCyByCtN1L2XzutAtFzytFyEtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyBtByDzz0FyD0EtGtDzyyEtCtGyEtAtBtCtGtAyByCyBtGtC0EyB0DyCtAtA0CzztAtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0AtC0B0FyDtCtGzz0D0DtAtGyEyDtD0EtGzytDyDtBtGtAzy0C0A0BzzyB0D0E0DyCzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCtDyB%26cr%3D524964446%26a%3Dwny_wnzp_15_12%26os%3DWindows 8.1&p={searchTerms}
[C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Supprimée [Extension] : eeeningnfkaonkonalpcicgemnnijjhn
[C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Supprimée [Extension] : gmlllbghnfkpflemihljekbapjopfjik
[C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Supprimée [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Supprimée [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
AdwCleaner[R0].txt - [9444 octets] - [22/03/2014 16:30:21]
AdwCleaner[R1].txt - [8865 octets] - [28/02/2015 15:22:58]
AdwCleaner[R2].txt - [6272 octets] - [20/05/2015 17:44:25]
AdwCleaner[R3].txt - [6477 octets] - [22/05/2015 09:17:27]
AdwCleaner[R4].txt - [6537 octets] - [22/05/2015 09:20:58]
AdwCleaner[S0].txt - [9092 octets] - [22/03/2014 16:31:25]
AdwCleaner[S1].txt - [8573 octets] - [28/02/2015 15:28:04]
AdwCleaner[S2].txt - [342 octets] - [20/05/2015 17:54:39]
AdwCleaner[S3].txt - [5706 octets] - [22/05/2015 09:21:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [5766 octets] ##########
# AdwCleaner v4.205 - Rapport créé le 22/05/2015 à 09:21:56
# Mis à jour le 21/05/2015 par Xplode
# Base de données : 2015-05-21.2 [Serveur]
# Système d'exploitation : Windows 8.1 (x64)
# Nom d'utilisateur : cath - CATH
# Exécuté depuis : C:\Users\cath\Downloads\adwcleaner_4.205.exe
# Option : Nettoyer
- [ Services ] *****
- [ Fichiers / Dossiers ] *****
Dossier Supprimé : C:\ProgramData\8525013640150914827
Dossier Supprimé : C:\ProgramData\{eec0c6ee-3dc7-6c11-eec0-0c6ee3dc1bb8}
Dossier Supprimé : C:\Program Files (x86)\dailyyprrizze
Dossier Supprimé : C:\Program Files (x86)\lowpricceis
Dossier Supprimé : C:\Program Files (x86)\SaleoFfer
Dossier Supprimé : C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\Extensions\k0@3hwvkkrg.com
Dossier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeeningnfkaonkonalpcicgemnnijjhn
Dossier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Dossier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Dossier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Fichier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeeningnfkaonkonalpcicgemnnijjhn_0.localstorage
Fichier Supprimé : C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeeningnfkaonkonalpcicgemnnijjhn_0.localstorage-journal
Fichier Supprimé : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
Fichier Supprimé : C:\Program Files (x86)\prefs.js
Fichier Supprimé : C:\Users\cath\AppData\Local\PUTTY.RND
Fichier Supprimé : C:\Users\cath\AppData\Roaming\PUTTY.RND
Fichier Supprimé : C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\invalidprefs.js
Fichier Supprimé : C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\user.js
Fichier Supprimé : C:\Users\cath\AppData\Roaming\Mozilla\Firefox\Profiles\5ht8h2gm.default\searchplugins\search-provided-by-yahoo.xml
- [ Tâches planifiées ] *****
- [ Raccourcis ] *****
- [ Registre ] *****
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Clé Supprimée : HKLM\SOFTWARE\0ba88013-f9ee-bf75-79ef-fa4a6294759a
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{7A35867D-D50D-4D31-BAA2-279E5AACCBCC}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Clé Supprimée : HKCU\Software\Super Optimizer
Clé Supprimée : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKCU\Software\AppDataLow\Software\adawarebp
Clé Supprimée : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clé Supprimée : HKLM\SOFTWARE\Uniblue
Clé Supprimée : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
Donnée Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
- [ Navigateurs ] *****
-\\ Internet Explorer v11.0.9600.17416
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v38.0.1 (x86 fr)
-\\ Google Chrome v43.0.2357.65
[C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Supprimée [Search Provider] : hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_12¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dfr%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtB0ByEtC0D0EtA0AtC0A0F0C0FtN0D0Tzu0StCtCyByCtN1L2XzutAtFzytFyEtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyBtByDzz0FyD0EtGtDzyyEtCtGyEtAtBtCtGtAyByCyBtGtC0EyB0DyCtAtA0CzztAtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtB0AtC0B0FyDtCtGzz0D0DtAtGyEyDtD0EtGzytDyDtBtGtAzy0C0A0BzzyB0D0E0DyCzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCtDyB%26cr%3D524964446%26a%3Dwny_wnzp_15_12%26os%3DWindows 8.1&p={searchTerms}
[C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Supprimée [Extension] : eeeningnfkaonkonalpcicgemnnijjhn
[C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Supprimée [Extension] : gmlllbghnfkpflemihljekbapjopfjik
[C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Supprimée [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\cath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Supprimée [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
AdwCleaner[R0].txt - [9444 octets] - [22/03/2014 16:30:21]
AdwCleaner[R1].txt - [8865 octets] - [28/02/2015 15:22:58]
AdwCleaner[R2].txt - [6272 octets] - [20/05/2015 17:44:25]
AdwCleaner[R3].txt - [6477 octets] - [22/05/2015 09:17:27]
AdwCleaner[R4].txt - [6537 octets] - [22/05/2015 09:20:58]
AdwCleaner[S0].txt - [9092 octets] - [22/03/2014 16:31:25]
AdwCleaner[S1].txt - [8573 octets] - [28/02/2015 15:28:04]
AdwCleaner[S2].txt - [342 octets] - [20/05/2015 17:54:39]
AdwCleaner[S3].txt - [5706 octets] - [22/05/2015 09:21:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [5766 octets] ##########
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
22 mai 2015 à 09:36
22 mai 2015 à 09:36
Bonjour,
Il manque l'hébergement des deux rapports : FRST et addition (ils existent sur le bureau) comme expliqué en 1/ :
===> : https://forums.commentcamarche.net/forum/affich-31999423-desolee-j-ai-choppe-un-virus-je-ne-peux-pas-selectionner#4
Il manque l'hébergement des deux rapports : FRST et addition (ils existent sur le bureau) comme expliqué en 1/ :
===> : https://forums.commentcamarche.net/forum/affich-31999423-desolee-j-ai-choppe-un-virus-je-ne-peux-pas-selectionner#4
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ccathF
Messages postés
24
Date d'inscription
samedi 28 février 2015
Statut
Membre
Dernière intervention
22 mai 2015
22 mai 2015 à 09:53
22 mai 2015 à 09:53
Et voici les liens de farbar...
https://pjjoint.malekal.com/files.php?id=20150522_u12t14s5u14s6
https://pjjoint.malekal.com/files.php?id=20150522_w11b10l15i9n6
Merci!
https://pjjoint.malekal.com/files.php?id=20150522_u12t14s5u14s6
https://pjjoint.malekal.com/files.php?id=20150522_w11b10l15i9n6
Merci!
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
22 mai 2015 à 10:51
22 mai 2015 à 10:51
Bien! :-)
----------
1/
[*] Appuies simultanément sur les touches Windows et R
[*] Une fenêtre va s'ouvrir, tape ceci : notepad
[*] Clic sur OK (Le bloc note va s'ouvrir)
[*] Coller le script en gras ci-dessous dans votre bloc-notes
start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: dailyyprrizze -> {4082FE46-0FA7-45AC-B797-0B4709D42550} -> C:\Program Files (x86)\dailyyprrizze\ogzsu9yxLaeeZi.x64.dll No File
BHO: lowpricceis -> {B7F2571E-C297-4EFB-9162-20AFC10E13E2} -> C:\Program Files (x86)\lowpricceis\wSVQzWpdt4R3JH.x64.dll No File
U2 e15b56b7; C:\WINDOWS\system32\rundll32.exe c:\Program Files (x86)\SegmentProlonger\SegmentProlonger.dll,serv
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
U3 wampapache64; No ImagePath
2015-05-10 11:15 - 2015-05-10 11:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-01 19:37 - 2015-05-19 09:03 - 00000000 ____D () C:\ProgramData\6758b3b000063c4
2014-03-21 21:46 - 2015-03-22 18:28 - 0000133 _____ () C:\Users\cath\AppData\Roaming\WB.CFG
2014-01-14 19:32 - 2015-05-21 10:44 - 0001456 _____ () C:\Users\cath\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
2015-03-22 18:28 - 2015-03-22 18:28 - 0000010 _____ () C:\Users\cath\AppData\Local\DSI.DAT
2014-01-08 00:00 - 2014-01-08 00:00 - 0000057 _____ () C:\ProgramData\Ament.ini
EmptyTemp:
end
[*] Une fois, le texte coller dans le bloc-note.
[*] Cliquez sur "Fichier" puis dans le menu déroulant sur "Enregistrer sous"
[*] A cette fenêtre cliquez sur "Bureau"
[*] Dans la zone de "Nom de fichier" tapez : fixlist puis validez en cliquant sur Enregistrer
[*] Sur votre bureau vous avez le fichier texte (fixlist.txt & FRST.exe)
[*] Lancez FRST, "exécuter en tant qu'administrateur" sous Windows Vista, Windows Seven et Windows 8/8.1
[*] Cliquez sur "Fix"
[*] Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
[*] Redémarre l'ordinateur.
[*] ===> Aide : <<<ICI>>>
2/
[*] Lance Malwarebytes.
[*] Mets le à jour puis lance un examen "Menaces".
[*] coche "Recherche de rootkits" (Paramètres -> Détection et protection)
[*] A la fin du scan, clic sur "Mettre tous en quarantaine" en bas à gauche.
[*] Redémarre l'ordinateur si besoin.
[*] Après redémarrage, relance Malwarebytes.
[*] Vas chercher le rapport dans l'onglet "Historique".
[*] Clic à gauche sur l'onglet Journaux de l'application.
[*] Double-clic sur le journal d'examen pour l'afficher.
[*] En bas à gauche choisis "Copier dans le presse papier"
[*] colle le rapport le contenu du journal ici
@+
----------
1/
[*] Appuies simultanément sur les touches Windows et R
[*] Une fenêtre va s'ouvrir, tape ceci : notepad
[*] Clic sur OK (Le bloc note va s'ouvrir)
[*] Coller le script en gras ci-dessous dans votre bloc-notes
start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: dailyyprrizze -> {4082FE46-0FA7-45AC-B797-0B4709D42550} -> C:\Program Files (x86)\dailyyprrizze\ogzsu9yxLaeeZi.x64.dll No File
BHO: lowpricceis -> {B7F2571E-C297-4EFB-9162-20AFC10E13E2} -> C:\Program Files (x86)\lowpricceis\wSVQzWpdt4R3JH.x64.dll No File
U2 e15b56b7; C:\WINDOWS\system32\rundll32.exe c:\Program Files (x86)\SegmentProlonger\SegmentProlonger.dll,serv
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
U3 wampapache64; No ImagePath
2015-05-10 11:15 - 2015-05-10 11:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-01 19:37 - 2015-05-19 09:03 - 00000000 ____D () C:\ProgramData\6758b3b000063c4
2014-03-21 21:46 - 2015-03-22 18:28 - 0000133 _____ () C:\Users\cath\AppData\Roaming\WB.CFG
2014-01-14 19:32 - 2015-05-21 10:44 - 0001456 _____ () C:\Users\cath\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
2015-03-22 18:28 - 2015-03-22 18:28 - 0000010 _____ () C:\Users\cath\AppData\Local\DSI.DAT
2014-01-08 00:00 - 2014-01-08 00:00 - 0000057 _____ () C:\ProgramData\Ament.ini
EmptyTemp:
end
[*] Une fois, le texte coller dans le bloc-note.
[*] Cliquez sur "Fichier" puis dans le menu déroulant sur "Enregistrer sous"
[*] A cette fenêtre cliquez sur "Bureau"
[*] Dans la zone de "Nom de fichier" tapez : fixlist puis validez en cliquant sur Enregistrer
[*] Sur votre bureau vous avez le fichier texte (fixlist.txt & FRST.exe)
[*] Lancez FRST, "exécuter en tant qu'administrateur" sous Windows Vista, Windows Seven et Windows 8/8.1
[*] Cliquez sur "Fix"
[*] Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
[*] Redémarre l'ordinateur.
[*] ===> Aide : <<<ICI>>>
2/
[*] Lance Malwarebytes.
[*] Mets le à jour puis lance un examen "Menaces".
[*] coche "Recherche de rootkits" (Paramètres -> Détection et protection)
[*] A la fin du scan, clic sur "Mettre tous en quarantaine" en bas à gauche.
[*] Redémarre l'ordinateur si besoin.
[*] Après redémarrage, relance Malwarebytes.
[*] Vas chercher le rapport dans l'onglet "Historique".
[*] Clic à gauche sur l'onglet Journaux de l'application.
[*] Double-clic sur le journal d'examen pour l'afficher.
[*] En bas à gauche choisis "Copier dans le presse papier"
[*] colle le rapport le contenu du journal ici
@+