Fraud.Foxit.daws

runisarosac -  
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,
je voudrais me débarrasser de ce virus : Fraud.Foxit.daws, qui pourrais me dire comment faire. J'ai avast payant


2 réponses

Réponse 1 / 2
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
Salut,

Commence par ceci :

Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= ( d'Xplode )
Télécharge le sur ton bureau ou dossier de téléchargement.
Lance AdwCleaner, clique sur [Scanner].
L'analyse peux durer plusieurs minutes, patiente.
Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


puis :

Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
(et bien prendre le temps de lire afin d'appliquer correctement - tout y est expliqué).
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
  • FRST.txt
  • Shortcut.txt
  • Additionnal.txt


Envoie, comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et en retour donne les trois liens pjjoint qui mènent à ses rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.
0
runisarosac
 
merci beaucoup, je vais faire tout ça
0
runisarosac > runisarosac
 
# AdwCleaner v4.206 - Rapport créé le 02/06/2015 à 18:06:50
# Mis à jour le 01/06/2015 par Xplode
# Base de données : 2015-06-01.1 [Serveur]
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Nom d'utilisateur : Christiane - PC-DE-BUREAU
# Exécuté depuis : C:\Users\Christiane\Downloads\adwcleaner_4.206.exe
# Option : Scanner
          • [ Services ] *****


Service Trouvé : Update Edu App
Service Trouvé : Util Edu App
Service Trouvé : innfd_1_10_0_14
          • [ Fichiers / Dossiers ] *****


Dossier Trouvé : C:\Program Files\DriverBoost
Dossier Trouvé : C:\Program Files\Edu App
Dossier Trouvé : C:\Program Files\Edu App
Dossier Trouvé : C:\Program Files\Flash Player Pro
Dossier Trouvé : C:\Program Files\Freeze.com
Dossier Trouvé : C:\Program Files\MapsGalaxy_39EI
Dossier Trouvé : C:\Program Files\MaxComputerCleaner
Dossier Trouvé : C:\Program Files\searchweb
Dossier Trouvé : C:\Program Files\Uniblue
Dossier Trouvé : C:\ProgramData\DeviceVM
Dossier Trouvé : C:\ProgramData\Driver Manager
Dossier Trouvé : C:\ProgramData\Driver Mender
Dossier Trouvé : C:\ProgramData\driver whiz
Dossier Trouvé : C:\ProgramData\DriverBoost
Dossier Trouvé : C:\ProgramData\IHProtectUpDate
Dossier Trouvé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
Dossier Trouvé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Dossier Trouvé : C:\ProgramData\Uniblue
Dossier Trouvé : C:\Users\CHRIST~1\AppData\Local\Temp\Edu App
Dossier Trouvé : C:\Users\CHRIST~1\AppData\Local\Temp\Edu App
Dossier Trouvé : C:\Users\CHRIST~1\AppData\Local\Temp\mt_ffx
Dossier Trouvé : C:\Users\Christiane\AppData\Local\71D14820-1432752345-11D5-8276-F46D04DA54E2
Dossier Trouvé : C:\Users\Christiane\AppData\Local\Boxore
Dossier Trouvé : C:\Users\Christiane\AppData\Local\Crossbrowse
Dossier Trouvé : C:\Users\Christiane\AppData\Local\Max_Computer_Cleaner
Dossier Trouvé : C:\Users\Christiane\AppData\Local\PackageAware
Dossier Trouvé : C:\Users\Christiane\AppData\LocalLow\Delta
Dossier Trouvé : C:\Users\Christiane\AppData\LocalLow\Kiwee Toolbar
Dossier Trouvé : C:\Users\Christiane\AppData\LocalLow\MapsGalaxy_39EI
Dossier Trouvé : C:\Users\Christiane\AppData\Roaming\AnyProtectEx
Dossier Trouvé : C:\Users\Christiane\AppData\Roaming\DeviceVM
Dossier Trouvé : C:\Users\Christiane\AppData\Roaming\goforfiles
Dossier Trouvé : C:\Users\Christiane\AppData\Roaming\iWin
Dossier Trouvé : C:\Users\Christiane\AppData\Roaming\pdfforge
Dossier Trouvé : C:\Users\Christiane\AppData\Roaming\Uniblue
Dossier Trouvé : C:\Users\Christiane\Documents\Flash Player Pro
Dossier Trouvé : C:\Users\Christiane\Documents\MaxComputerCleaner
Dossier Trouvé : C:\Windows\system32\config\systemprofile\AppData\Local\SafeGuard
Dossier Trouvé : C:\Windows\system32\config\systemprofile\AppData\Local\StormWatch
Dossier Trouvé : C:\Windows\system32\config\systemprofile\AppData\Roaming\AGI
Fichier Trouvé : C:\Users\Christiane\AppData\Roaming\Bubble Dock.installation.log
Fichier Trouvé : C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\sbyqjpbr.default-1419096858175\user.js
Fichier Trouvé : C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\xk5cl1r5.default\invalidprefs.js
Fichier Trouvé : C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\xk5cl1r5.default\user.js
          • [ Tâches planifiées ] *****


Tâche Trouvée : APSnotifierPP1
Tâche Trouvée : APSnotifierPP2
Tâche Trouvée : APSnotifierPP3
Tâche Trouvée : driverscanner
Tâche Trouvée : GoforFilesUpdate
Tâche Trouvée : SpeedUpMyPC
Tâche Trouvée : MaxComputerCleaner_Start
          • [ Raccourcis ] *****
          • [ Registre ] *****


Clé Trouvée : HKCU\Software\AnyProtect
Clé Trouvée : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Clé Trouvée : HKCU\Software\Boost
Clé Trouvée : HKCU\Software\Boxore
Clé Trouvée : HKCU\Software\Crossbrowse
Clé Trouvée : HKCU\Software\dt soft\daemon tools toolbar
Clé Trouvée : HKCU\Software\GoforFiles
Clé Trouvée : HKCU\Software\MaxComputerCleanerLanguage
Clé Trouvée : HKCU\Software\MessengerSkinner
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Clé Trouvée : HKCU\Software\Mozilla\Extends
Clé Trouvée : HKCU\Software\SafeGuardApp
Clé Trouvée : HKCU\Software\StormWatchApp
Clé Trouvée : HKCU\Software\torch
Clé Trouvée : HKCU\Software\YahooPartnerToolbar
Clé Trouvée : HKLM\SOFTWARE\5955dfd1b239ee48
Clé Trouvée : HKLM\SOFTWARE\Boost
Clé Trouvée : HKLM\SOFTWARE\Boxore
Clé Trouvée : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Clé Trouvée : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Clé Trouvée : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Clé Trouvée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Clé Trouvée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Clé Trouvée : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Clé Trouvée : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Clé Trouvée : HKLM\SOFTWARE\Classes\MapsGalaxy_39Installer.Start
Clé Trouvée : HKLM\SOFTWARE\Classes\MapsGalaxy_39Installer.Start.1
Clé Trouvée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Trouvée : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Clé Trouvée : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Clé Trouvée : HKLM\SOFTWARE\Classes\speedupmypc
Clé Trouvée : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Clé Trouvée : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Clé Trouvée : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Clé Trouvée : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Clé Trouvée : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Clé Trouvée : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Clé Trouvée : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Clé Trouvée : HKLM\SOFTWARE\Crossbrowse
Clé Trouvée : HKLM\SOFTWARE\Edu App
Clé Trouvée : HKLM\SOFTWARE\FFPluginHp
Clé Trouvée : HKLM\SOFTWARE\GoforFiles
Clé Trouvée : HKLM\SOFTWARE\IHProtect
Clé Trouvée : HKLM\SOFTWARE\istartsurfSoftware
Clé Trouvée : HKLM\SOFTWARE\MapsGalaxy_39EI
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{dec6d58c-0490-497d-970a-fca45aebe8e9}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftwareUpdate.exe
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Clé Trouvée : HKLM\SOFTWARE\SafeGuardApp
Clé Trouvée : HKLM\SOFTWARE\SearchCore for Browsers
Clé Trouvée : HKLM\SOFTWARE\StormWatchApp
Clé Trouvée : HKLM\SOFTWARE\SupDp
Clé Trouvée : HKLM\SOFTWARE\supWindowsMangerProtect
Clé Trouvée : HKLM\SOFTWARE\torch
Clé Trouvée : HKLM\SOFTWARE\Trymedia Systems
Clé Trouvée : HKLM\SOFTWARE\Uniblue
Clé Trouvée : HKLM\SOFTWARE\Uniblue\DriverScanner
Clé Trouvée : HKLM\SOFTWARE\Uniblue\SpeedUpMyPC
Clé Trouvée : HKLM\SOFTWARE\WebBar
Clé Trouvée : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Edu App
Clé Trouvée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Clé Trouvée : HKU\.DEFAULT\Software\Boxore
Donnée Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Valeur Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedUpMyPC]
Valeur Trouvée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [***@***]
          • [ Navigateurs ] *****


-\\ Internet Explorer v9.0.8112.16644

Paramètre Trouvé : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://www.istartsurf.com/web/?type=dspp&ts=1432744400&z=e09dd397f47d5310ff777d2gfz0c1o2m7zez4c4tem&from=tugs&uid=395049983_1052515_2C186529&q={searchTerms}
Paramètre Trouvé : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.istartsurf.com/web/?type=dspp&ts=1432744400&z=e09dd397f47d5310ff777d2gfz0c1o2m7zez4c4tem&from=tugs&uid=395049983_1052515_2C186529&q={searchTerms}

-\\ Mozilla Firefox v38.0.5 (x86 fr)

[sbyqjpbr.default-1419096858175] - Ligne Trouvée : user_pref("browser.search.searchengine.alias", "istartsurf");
[sbyqjpbr.default-1419096858175] - Ligne Trouvée : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[sbyqjpbr.default-1419096858175] - Ligne Trouvée : user_pref("browser.search.searchengine.name", "istartsurf");
[sbyqjpbr.default-1419096858175] - Ligne Trouvée : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1432744400&z=e09dd397f47d5310ff777d2gfz0c1o2m7zez4c4tem&from=tugs&uid=395049983_1052515_2C186529&q={searchTerm[...]
[sbyqjpbr.default-1419096858175] - Ligne Trouvée : user_pref("extensions.quick_start.enable_search1", false);
[sbyqjpbr.default-1419096858175] - Ligne Trouvée : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[xk5cl1r5.default] - Ligne Trouvée : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[xk5cl1r5.default] - Ligne Trouvée : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[xk5cl1r5.default] - Ligne Trouvée : user_pref("smartbar.machineId", "+4ANFHPS9P9V2YIGNAKYGWYHXUXUY1X6BFMBHCSGPTA84M3DGKE9PYMEEHSWRAIA/MSR/IXIUCDNVYRYM9AJQW");

-\\ Google Chrome v


AdwCleaner[R0].txt - [13035 octets] - [02/06/2015 18:06:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13096 octets] ##########
Acceder au document : http://pjjoint.malekal.com/files.php?read=FRST_20150602_y7s10p7u5f7

Evaluer son rapport de scan OTL, HijackThis, ZHPDiag etc avec filtrage des lignes légitimes : http://pjjoint.malekal.com/files.php?read=FRST_20150602_y7s10p7u5f7&html=on&filtre=legitime

Evaluer son rapport de scan OTL, HijackThis, ZHPDiag etc : http://pjjoint.malekal.com/files.php?read=FRST_20150602_y7s10p7u5f7&html=on
0
Runisarosac
 
Bonjour, je vais le refaire alors ce soir spres le boulot, bonne journee
0
Réponse 2 / 2
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

R2 kigopepi; C:\Users\Christiane\AppData\Roaming\71D14820-1432744906-11D5-8276-F46D04DA54E2\nsgABB.tmp [353280 2015-05-27] () [File not signed]
R2 Update Edu App; C:\Program Files\Edu App\updateEduApp.exe [469224 2015-06-02] ()
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R4 Util Edu App; C:\Program Files\Edu App\bin\utilEduApp.exe [469224 2015-06-02] ()
R2 xubigomo; C:\Users\Christiane\AppData\Roaming\71D14820-1432744906-11D5-8276-F46D04DA54E2\hnsr6990.tmp [334848 2015-05-27] () [File not signed]
R2 zeminoxy; C:\Users\Christiane\AppData\Roaming\71D14820-1432744906-11D5-8276-F46D04DA54E2\jnsm5295.tmp [306176 2015-05-27] () [File not signed]
2015-06-02 16:20 - 2015-06-02 16:20 - 00613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nslF999.tmp
2015-06-02 16:15 - 2015-06-02 17:29 - 00000000 ____D () C:\Program Files\Edu App
2015-05-29 16:01 - 2015-05-29 16:01 - 00613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsk74A8.tmp
2015-05-29 15:56 - 2015-05-29 15:56 - 00000000 _____ () C:\Windows\system32\Number of results
2015-05-28 20:06 - 2015-05-28 20:06 - 00613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsb8C88.tmp
2015-05-28 19:57 - 2015-05-28 20:18 - 00000000 ____D () C:\Users\Christiane\Documents\MaxComputerCleaner
2015-05-28 19:57 - 2015-05-28 19:57 - 00000000 ____D () C:\Users\Christiane\AppData\Local\Max_Computer_Cleaner
2015-05-28 19:56 - 2015-05-28 19:56 - 00000000 ____D () C:\Program Files\MaxComputerCleaner_v17.569
2015-05-28 19:56 - 2015-05-28 19:56 - 00000000 ____D () C:\Program Files\MaxComputerCleaner
2015-05-28 10:05 - 2015-05-28 10:05 - 00613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsyA356.tmp
2015-05-28 08:54 - 2015-05-28 08:54 - 00000000 ____D () C:\Users\Christiane\AppData\Local\Crossbrowse
2015-05-27 19:20 - 2015-06-02 16:44 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-05-27 19:20 - 2015-06-02 16:24 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-05-27 19:20 - 2015-06-02 16:24 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-05-27 19:15 - 2015-05-27 19:15 - 00613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nstC962.tmp
2015-05-27 19:15 - 2015-05-27 19:15 - 00000000 __SHD () C:\Users\Christiane\AppData\Roaming\AnyProtectEx
2015-05-27 18:45 - 2015-05-27 18:45 - 00000000 ____D () C:\Users\Christiane\AppData\Local\71D14820-1432752345-11D5-8276-F46D04DA54E2
2015-05-27 18:41 - 2015-06-01 09:26 - 00000000 ____D () C:\Users\Christiane\AppData\Roaming\71D14820-1432744906-11D5-8276-F46D04DA54E2
2015-05-27 18:34 - 2015-05-27 18:34 - 00000000 ____D () C:\Users\Christiane\AppData\Local\Boxore
2015-05-27 18:34 - 2015-05-27 18:34 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-05-27 18:31 - 2015-05-27 19:37 - 00000000 ____D () C:\Program Files\Software
2015-05-27 18:31 - 2015-05-27 18:31 - 00000000 ____D () C:\Users\Christiane\AppData\Local\Software
2015-06-02 15:37 - 2012-08-14 15:47 - 00000334 _____ () C:\Windows\Tasks\SpeedUpMyPC.job
2015-06-02 15:37 - 2012-05-08 11:13 - 00000338 _____ () C:\Windows\Tasks\DriverScanner.job
2008-09-21 12:29 - 2008-09-26 11:38 - 0000097 _____ () C:\Users\Christiane\AppData\Local\avbviuj.bat
2008-12-30 15:18 - 2009-01-01 10:56 - 0000096 _____ () C:\Users\Christiane\AppData\Local\beftwq.bat
2009-12-29 16:08 - 2010-01-04 08:43 - 0000095 _____ () C:\Users\Christiane\AppData\Local\bexbocm.bat
2009-12-29 16:08 - 2010-01-04 10:22 - 0003422 _____ () C:\Users\Christiane\AppData\Local\bexbocm.dat
2009-08-02 09:36 - 2014-08-12 11:03 - 0008296 _____ () C:\Users\Christiane\AppData\Local\d3d9caps.dat
2009-12-09 17:06 - 2009-12-11 10:50 - 0000095 _____ () C:\Users\Christiane\AppData\Local\etrigxg.bat
2015-05-28 20:06 - 2015-05-28 20:06 - 0613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsb8C88.tmp
2015-05-29 16:01 - 2015-05-29 16:01 - 0613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsk74A8.tmp
2015-06-02 16:20 - 2015-06-02 16:20 - 0613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nslF999.tmp
2015-05-27 19:15 - 2015-05-27 19:15 - 0613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nstC962.tmp
2015-05-28 10:05 - 2015-05-28 10:05 - 0613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsyA356.tmp

Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur



puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :


0
runisarosac
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Christiane (administrator) on PC-DE-BUREAU on 02-06-2015 23:45:17
Running from C:\Users\Christiane\Downloads
Loaded Profiles: Christiane & UpdatusUser (Available Profiles: Christiane & UpdatusUser)
Platform: Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86) OS Language: Français (France)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Users\Christiane\AppData\Roaming\71D14820-1432744906-11D5-8276-F46D04DA54E2\hnsr6990.tmp
() C:\Users\Christiane\AppData\Roaming\71D14820-1432744906-11D5-8276-F46D04DA54E2\jnsm5295.tmp
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(PixArt Imaging Incorporation) C:\Windows\Philips\SPC220NC\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Monitor] => C:\Windows\Philips\SPC220NC\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1683360 2010-05-24] (VIA)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-05-05] (DivX, LLC)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [SOSUAUI] => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup)
HKLM\...\Run: [SMessaging] => C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup)
HKLM\...\Run: [AccountCreatorRunner] => C:\Program Files\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-843996202-2701723349-1085836052-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-843996202-2701723349-1085836052-1000\...\Run: [Facebook Update] => "C:\Users\Christiane\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-843996202-2701723349-1085836052-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-843996202-2701723349-1085836052-1000\...\Run: [orangeinside] => C:\Users\Christiane\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1557064 2014-11-07] (Orange)
HKU\S-1-5-21-843996202-2701723349-1085836052-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-843996202-2701723349-1085836052-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [302448 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-18\...\MountPoints2: {437b3378-8039-11de-b034-001e903fb7c9} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2010-11-14]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-04-26] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christiane\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christiane\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christiane\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-843996202-2701723349-1085836052-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.windows.fr/ie8/msn/bienvenue
HKU\S-1-5-21-843996202-2701723349-1085836052-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-843996202-2701723349-1085836052-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-843996202-2701723349-1085836052-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-843996202-2701723349-1085836052-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-843996202-2701723349-1085836052-1000 -> {814C76CB-2623-43F4-AAD0-58A0E5190A20} URL = http://r.orange.fr/r/Omoteur_home?ref=O_OI_hook_openSearchIE&module=orange&bhv=web_fr&kw={searchTerms}
SearchScopes: HKU\S-1-5-21-843996202-2701723349-1085836052-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-843996202-2701723349-1085836052-1000 -> {dec6d58c-0490-497d-970a-fca45aebe8e9} URL =
SearchScopes: HKU\S-1-5-21-843996202-2701723349-1085836052-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-843996202-2701723349-1085836052-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: BHO Barre de Confiance -> {988B07F5-7392-455A-8A1F-64935CB8B6ED} -> C:\Program Files\Barre de Confiance\TAPBar.dll [2012-07-09] (Euro-Information)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Toolbar: HKLM - No Name - {D3028143-6145-4318-99D3-3EDCE54A95A9} - No File
Toolbar: HKLM - Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\Barre de Confiance\TAPBar.dll [2012-07-09] (Euro-Information)
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-843996202-2701723349-1085836052-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-843996202-2701723349-1085836052-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-843996202-2701723349-1085836052-1000 -> No Name - {D3028143-6145-4318-99D3-3EDCE54A95A9} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254

FireFox:
========
FF ProfilePath: C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\sbyqjpbr.default-1419096858175
FF DefaultSearchEngine: Google Default
FF DefaultSearchUrl: https://fr.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: hxxp://www.orange.fr/portail
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-843996202-2701723349-1085836052-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Christiane\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKU\S-1-5-21-843996202-2701723349-1085836052-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Christiane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-03-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-03-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-03-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-03-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-03-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-03-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-03-26] (Apple Inc.)
FF SearchPlugin: C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\sbyqjpbr.default-1419096858175\searchplugins\google-default.xml [2015-05-27]
FF SearchPlugin: C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\sbyqjpbr.default-1419096858175\searchplugins\orange.xml [2014-10-08]
FF SearchPlugin: C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\sbyqjpbr.default-1419096858175\searchplugins\yahoo-avast.xml [2015-05-28]
FF Extension: Menu contextuel Orange - C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\sbyqjpbr.default-1419096858175\Extensions\***@*** [2015-03-05]
FF Extension: German Spelling Dictionary - C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\sbyqjpbr.default-1419096858175\Extensions\***@*** [2015-02-01]
FF Extension: Lightbeam - C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\sbyqjpbr.default-1419096858175\Extensions\***@*** [2015-01-26]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\sbyqjpbr.default-1419096858175\Extensions\***@*** [2015-02-06]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2009-12-21]
FF HKLM\...\Firefox\Extensions: [***@***] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-04-01]
FF HKLM\...\Firefox\Extensions: [***@***] - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-11]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-04-26] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [107448 2015-04-26] (Avast Software s.r.o.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
S2 gupdate1c9c415fb36170; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-12-12] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 kigopepi; C:\Users\Christiane\AppData\Roaming\71D14820-1432744906-11D5-8276-F46D04DA54E2\nsgABB.tmp [353280 2015-06-02] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [3453712 2009-12-16] (INCA Internet Co., Ltd.) [File not signed]
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
S2 Orange update Core Service; C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe [728088 2015-02-02] (Orange SA)
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 xubigomo; C:\Users\Christiane\AppData\Roaming\71D14820-1432744906-11D5-8276-F46D04DA54E2\hnsr6990.tmp [334848 2015-05-27] () [File not signed]
R2 zeminoxy; C:\Users\Christiane\AppData\Roaming\71D14820-1432744906-11D5-8276-F46D04DA54E2\jnsm5295.tmp [306176 2015-05-27] () [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X]
S3 MozillaMaintenance; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-26] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-04-26] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-26] (Avast Software s.r.o.)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2010-09-07] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [253600 2015-04-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-26] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [35144 2014-07-06] (The OpenVPN Project)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-26] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-26] ()
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29832 2008-10-22] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [15248 2012-08-03] (PenMount)
S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [329728 2007-05-11] (Ralink Technology Corp.)
S3 SilverLink; C:\Windows\System32\Drivers\SilvrLnk.sys [21456 2004-01-28] (Texas Instruments Incorporated)
S3 SPC220NC; C:\Windows\System32\DRIVERS\SPC220NC.SYS [507136 2007-01-09] (PixArt Imaging Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-04-21] () [File not signed]
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2008-06-13] (Symantec Corporation)
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1149552 2011-06-27] (VIA Technologies, Inc.)
U3 aeg4hxyo; C:\Windows\system32\Drivers\aeg4hxyo.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 BT; No ImagePath
S0 BtHidBus; No ImagePath
S3 catchme; No ImagePath
S3 cpuz132; No ImagePath
S3 IntcAzAudAddService; No ImagePath
S3 IpInIp; No ImagePath
S3 IvtBtBUs; No ImagePath
S3 MBAMSwissArmy; No ImagePath
S3 nmwcd; No ImagePath
S3 nmwcdc; No ImagePath
S3 nmwcdnsu; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 taphss6; No ImagePath
S2 VBoxAswDrv; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [X]
S3 VComm; No ImagePath
S3 VcommMgr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 23:41 - 2015-06-02 23:41 - 00004525 _____ () C:\Users\Christiane\Desktop\fixlist.txt
2015-06-02 18:25 - 2015-06-02 18:25 - 00048861 _____ () C:\Users\Christiane\Desktop\FRST.txt
2015-06-02 18:17 - 2015-06-02 18:24 - 00000019 _____ () C:\Users\Christiane\Downloads\Addition.txt
2015-06-02 18:15 - 2015-06-02 23:45 - 00027935 _____ () C:\Users\Christiane\Downloads\FRST.txt
2015-06-02 18:14 - 2015-06-02 23:45 - 00000000 ____D () C:\FRST
2015-06-02 18:13 - 2015-06-02 18:14 - 01147392 _____ (Farbar) C:\Users\Christiane\Downloads\FRST.exe
2015-06-02 18:06 - 2015-06-02 18:37 - 00000000 ____D () C:\AdwCleaner
2015-06-02 18:05 - 2015-06-02 18:06 - 02231296 _____ () C:\Users\Christiane\Downloads\adwcleaner_4.206.exe
2015-06-02 17:13 - 2015-06-02 17:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-06-02 16:20 - 2015-06-02 16:20 - 00613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nslF999.tmp
2015-06-01 16:49 - 2015-04-15 11:45 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-06-01 16:49 - 2015-04-15 11:45 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-06-01 16:49 - 2015-04-15 11:44 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-06-01 16:48 - 2015-04-15 11:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-05-29 16:01 - 2015-05-29 16:01 - 00613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsk74A8.tmp
2015-05-29 15:56 - 2015-05-29 15:56 - 00000000 _____ () C:\Windows\system32\Number of results
2015-05-28 20:31 - 2015-05-28 20:31 - 00000755 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-28 20:06 - 2015-05-28 20:06 - 00613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsb8C88.tmp
2015-05-28 19:56 - 2015-05-28 19:56 - 00000000 ____D () C:\Program Files\MaxComputerCleaner_v17.569
2015-05-28 10:05 - 2015-05-28 10:05 - 00613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsyA356.tmp
2015-05-27 19:19 - 2015-05-27 19:19 - 00000000 ____D () C:\Windows\system32\Flash
2015-05-27 19:15 - 2015-05-27 19:15 - 00613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nstC962.tmp
2015-05-27 18:41 - 2015-06-02 19:41 - 00000000 ____D () C:\Users\Christiane\AppData\Roaming\71D14820-1432744906-11D5-8276-F46D04DA54E2
2015-05-27 18:31 - 2015-05-27 19:37 - 00000000 ____D () C:\Program Files\Software
2015-05-27 18:31 - 2015-05-27 18:31 - 00000000 ____D () C:\Users\Christiane\AppData\Local\Software
2015-05-27 18:29 - 2015-05-27 18:29 - 00551928 _____ () C:\Users\Christiane\Downloads\Setup(3).exe
2015-05-27 18:28 - 2015-05-27 18:28 - 00551928 _____ () C:\Users\Christiane\Downloads\Setup(1).exe
2015-05-25 19:53 - 2015-05-25 19:53 - 00000000 ____D () C:\Program Files\avast software
2015-05-20 15:37 - 2015-05-20 15:37 - 03682308 _____ () C:\Users\Christiane\Desktop\Nouveau dossier.zip
2015-05-20 13:32 - 2015-05-20 13:33 - 00000000 ____D () C:\Users\Christiane\AppData\Local\{135D3484-E820-4AA6-8581-9409E6D771A9}
2015-05-15 13:41 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-15 13:37 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-15 13:37 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-15 13:37 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-15 13:37 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-15 13:37 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-15 13:37 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-15 13:37 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-15 13:37 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-15 13:37 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-15 13:37 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-15 13:34 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 13:04 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 10:37 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 10:37 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 10:37 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 10:37 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 10:37 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 10:37 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 10:37 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 10:37 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 10:37 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 10:37 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 10:37 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 10:37 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 10:37 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-14 10:37 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 10:37 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 10:37 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 10:37 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 10:37 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 10:37 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 10:37 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-14 10:37 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-14 10:37 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-06 19:54 - 2015-05-06 19:54 - 00000000 ____D () C:\Users\Christiane\AppData\Local\{257F992D-DF78-4545-A0A6-D2C4C81A3AFD}
2015-05-06 05:26 - 2015-05-06 05:26 - 00341512 _____ (DivX, LLC) C:\Windows\system32\DivXControlPanelApplet.cpl
2015-05-05 18:06 - 2015-05-05 18:06 - 00000000 ____D () C:\Users\Christiane\AppData\Local\{DE6B9910-1D4A-449F-8194-DF7A7C02B2B5}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 23:16 - 2009-06-30 15:03 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-02 23:09 - 2015-02-01 18:21 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-02 22:53 - 2014-07-18 19:06 - 00000466 _____ () C:\Windows\Tasks\Online Backup Update Notifier.job
2015-06-02 22:50 - 2010-03-04 09:44 - 01133045 _____ () C:\Windows\WindowsUpdate.log
2015-06-02 22:49 - 2013-03-17 09:52 - 00002000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 22:49 - 2013-03-17 09:52 - 00002000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 22:44 - 2009-06-30 15:03 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 22:43 - 2014-07-21 13:23 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-06-02 22:42 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 18:59 - 2006-11-02 15:01 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-02 18:40 - 2011-06-09 21:53 - 01140050 _____ () C:\Windows\PFRO.log
2015-06-02 18:30 - 2008-09-17 19:41 - 00000350 _____ () C:\Windows\Tasks\Extension de garantie-Christiane.job
2015-06-02 17:29 - 2006-11-02 12:23 - 00000364 _____ () C:\Windows\win.ini
2015-06-02 16:11 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-06-02 16:10 - 2013-01-22 11:23 - 00000948 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-843996202-2701723349-1085836052-1000UA.job
2015-06-02 16:10 - 2013-01-22 11:23 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-843996202-2701723349-1085836052-1000Core.job
2015-06-02 16:08 - 2008-09-24 09:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-06-01 19:09 - 2014-07-18 19:10 - 00000504 _____ () C:\Windows\Tasks\Malwarebytes Secure Backup - ***@***
2015-06-01 16:51 - 2010-05-18 11:09 - 00000000 ____D () C:\ProgramData\DivX
2015-06-01 16:51 - 2009-11-10 13:07 - 00000000 ____D () C:\Program Files\DivX
2015-06-01 16:51 - 2008-10-26 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-06-01 16:50 - 2009-04-23 15:11 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2015-06-01 16:48 - 2013-09-26 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-01 08:46 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-06-01 08:21 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-01 08:21 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-29 00:42 - 2008-09-24 09:31 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-05-28 10:06 - 2012-07-01 11:52 - 00000000 ____D () C:\Users\Christiane\AppData\Local\DoNotTrackPlus
2015-05-27 22:36 - 2014-07-21 13:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-27 22:27 - 2015-01-11 18:50 - 00000000 ____D () C:\Program Files\OCAD 11.5.6
2015-05-27 18:44 - 2008-09-17 19:40 - 00000912 _____ () C:\Users\Christiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-22 13:57 - 2014-06-19 21:52 - 00000000 ____D () C:\Users\Christiane\AppData\Local\Adobe
2015-05-22 13:56 - 2015-02-01 18:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-22 13:56 - 2015-02-01 18:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-18 21:00 - 2006-11-02 12:33 - 01572058 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 21:25 - 2013-12-12 19:20 - 00000000 ____D () C:\Users\Christiane\Desktop\Nouveau dossier (2)
2015-05-15 21:25 - 2013-07-28 21:43 - 00000000 ____D () C:\Users\Christiane\Downloads\messaging.php_fichiers
2015-05-15 21:25 - 2009-12-23 00:11 - 00000000 ____D () C:\Users\Christiane\Desktop\photos famille
2015-05-15 19:40 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-15 19:25 - 2006-11-02 14:47 - 00466528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 19:23 - 2008-12-18 14:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 15:00 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-15 14:57 - 2011-11-27 11:25 - 00000000 ____D () C:\Users\Christiane\berawecka le bon_fichiers
2015-05-15 14:53 - 2008-09-17 21:47 - 00000000 ____D () C:\Users\Christiane\Documents\animaux
2015-05-15 14:01 - 2013-10-16 13:17 - 00000000 ____D () C:\Users\Christiane\photo
2015-05-15 13:57 - 2013-11-26 09:17 - 00000000 ____D () C:\Users\Christiane\Documents\doc caro
2015-05-15 13:55 - 2015-03-11 23:39 - 00000000 ____D () C:\Users\Christiane\Downloads\journal - Copie
2015-05-15 13:55 - 2011-08-02 23:08 - 00000000 ____D () C:\Users\Christiane\Desktop\OpenOffice.org 3.3 (fr) Installation Files
2015-05-15 13:43 - 2012-12-14 20:01 - 00000000 ____D () C:\Users\Christiane\Documents\vacances 2012
2015-05-15 13:41 - 2008-06-03 18:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 13:33 - 2014-12-18 20:36 - 00000000 ____D () C:\Users\Christiane\Desktop\(3) Espace Assistance_fichiers
2015-05-15 13:33 - 2013-08-14 18:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-15 13:28 - 2013-06-10 10:43 - 00000000 ____D () C:\Users\Christiane\Desktop\docs papa
2015-05-15 13:25 - 2008-09-17 19:37 - 00000000 ____D () C:\Users\Christiane
2015-05-15 13:22 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-15 13:14 - 2010-10-21 09:33 - 00000000 ____D () C:\Users\Christiane\AppData\Local\Windows Live
2015-05-15 13:01 - 2010-06-05 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2009-05-16 23:31 - 2009-05-16 23:31 - 0000775 _____ () C:\Program Files\Mega Bloc Notes.lnk
2010-12-04 14:48 - 2010-12-04 14:48 - 0000760 _____ () C:\Users\Christiane\AppData\Roaming\setup_ldm.iss
2011-10-19 09:31 - 2011-10-19 09:31 - 0000043 _____ () C:\Users\Christiane\AppData\Roaming\stats.txt
2008-09-17 21:28 - 2008-05-01 01:06 - 0025572 _____ () C:\Users\Christiane\AppData\Roaming\UserTile.png
2008-09-20 21:31 - 2015-02-20 14:15 - 0016754 _____ () C:\Users\Christiane\AppData\Roaming\wklnhst.dat
2008-09-21 12:29 - 2008-09-26 11:38 - 0000097 _____ () C:\Users\Christiane\AppData\Local\avbviuj.bat
2008-12-30 15:18 - 2009-01-01 10:56 - 0000096 _____ () C:\Users\Christiane\AppData\Local\beftwq.bat
2009-12-29 16:08 - 2010-01-04 08:43 - 0000095 _____ () C:\Users\Christiane\AppData\Local\bexbocm.bat
2009-12-29 16:08 - 2010-01-04 10:22 - 0003422 _____ () C:\Users\Christiane\AppData\Local\bexbocm.dat
2009-08-02 09:36 - 2014-08-12 11:03 - 0008296 _____ () C:\Users\Christiane\AppData\Local\d3d9caps.dat
2008-09-19 14:30 - 2013-03-31 19:45 - 0214016 _____ () C:\Users\Christiane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-09 17:06 - 2009-12-11 10:50 - 0000095 _____ () C:\Users\Christiane\AppData\Local\etrigxg.bat
2010-06-18 09:19 - 2010-06-18 09:19 - 0000036 _____ () C:\Users\Christiane\AppData\Local\housecall.guid.cache
2015-05-28 20:06 - 2015-05-28 20:06 - 0613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsb8C88.tmp
2015-05-29 16:01 - 2015-05-29 16:01 - 0613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsk74A8.tmp
2015-06-02 16:20 - 2015-06-02 16:20 - 0613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nslF999.tmp
2015-05-27 19:15 - 2015-05-27 19:15 - 0613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nstC962.tmp
2015-05-28 10:05 - 2015-05-28 10:05 - 0613255 _____ (CMI Limited) C:\Users\Christiane\AppData\Local\nsyA356.tmp
2015-03-11 23:37 - 2015-03-11 23:37 - 0001034 _____ () C:\Users\Christiane\AppData\Local\recently-used.xbel
2009-08-01 19:07 - 2011-08-11 19:49 - 0007285 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe


Some files in TEMP:
====================
C:\Users\Christiane\AppData\Local\temp\Quarantine.exe
C:\Users\Christiane\AppData\Local\temp\sqlite3.dll
C:\Users\Christiane\AppData\Local\temp\Widestream6-setup-1.exe
C:\Users\Christiane\AppData\Local\temp\Widestream6-setup-2.exe
C:\Users\Christiane\AppData\Local\temp\Widestream6-setup-3.exe
C:\Users\Christiane\AppData\Local\temp\Widestream6-setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-02 19:54

==================== End of log ============================
0
runisarosac
 
merci beaucoup
0
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
Tu as refait un scan, semble-t-il et pas une correction.
En tout cas le dernier rapport, c'est une analyse.
0
Runisarosac > Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention  
 
J'ai un probleme de compréhension je pense, j'ai tout fait jusqu'a relancer FRSt et quand je clic sur fix j'ai ce message : no fislist.txt found. The fixlist txt should be in the same folder/directory the tool is located ???
0
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
C'est expliqué dans le tuto.
fixlist.txt n'est pas dans le même dossier que le programme FRST.
0