Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by Didier (administrator) on DIDIER-PC-ASUS (08-10-2016 17:47:19)
Running from C:\Users\Didier\Desktop
Loaded Profiles: Didier (Available Profiles: Didier)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Anglais (États-Unis)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe
(Orange) C:\Users\Didier\AppData\Roaming\Orange\OrangeInside\OrangeInside.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\Didier\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2042144 2016-04-14] (TomTom)
HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [Dropbox Update] => C:\Users\Didier\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\MountPoints2: {ef33bf35-b20d-11e4-8eaf-0015af3c8af0} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.agora.intranoo.net/login/login.asp
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
Startup: C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Didier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2014-04-19]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1155ECD3-A1E7-4081-858B-08B442CD6D91}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-706769772-126148547-2541344145-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://r.orange.fr/r/Oodc_IE_oi_v2?ref=O_OI_defaultPage_IE_odc
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-19] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-19] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-06] (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-706769772-126148547-2541344145-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Didier\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-18] (RocketLife, LLP)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Dedicarz Service; C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe [1970544 2014-09-15] () [File not signed]
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3755976 2015-07-01] (devolo AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S2 Orange update Core Service; C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [734488 2016-08-29] (Orange SA)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-21] () [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-07-01] (CACE Technologies)
S3 cpuz135; \??\C:\Users\Didier\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-08 17:47 - 2016-10-08 17:48 - 00010730 _____ C:\Users\Didier\Desktop\FRST.txt
2016-10-08 17:46 - 2016-10-08 17:47 - 00000000 ____D C:\FRST
2016-10-08 16:51 - 2016-10-08 16:51 - 02405376 _____ (Farbar) C:\Users\Didier\Desktop\FRST64.exe
2016-10-08 12:44 - 2016-10-08 12:44 - 00026046 _____ C:\Users\Didier\Documents\cc_20161008_124428.reg
2016-10-07 11:30 - 2016-10-07 11:30 - 03874368 _____ C:\Users\Didier\Desktop\adwcleaner_6.021.exe
2016-10-07 02:15 - 2016-10-07 02:15 - 00000000 ____D C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-06 16:43 - 2016-10-06 16:43 - 00009764 _____ C:\Users\Didier\Desktop\JRT.txt
2016-10-06 16:34 - 2016-10-06 16:35 - 01631928 _____ (Malwarebytes) C:\Users\Didier\Desktop\JRT.exe
2016-10-06 15:04 - 2016-10-07 11:33 - 00000000 ____D C:\AdwCleaner
2016-09-27 09:56 - 2016-09-27 09:56 - 01557489 _____ C:\Users\Didier\Documents\Scan_Analyses_Sang_Lemaitre_Lucille.pdf
2016-09-22 18:07 - 2016-10-08 12:40 - 00099812 _____ C:\Users\Didier\Desktop\ZHPDiag.txt
2016-09-22 18:05 - 2016-10-08 12:34 - 00000827 _____ C:\Users\Didier\Desktop\ZHPDiag.lnk
2016-09-22 18:05 - 2016-09-22 18:05 - 02354176 _____ C:\Users\Didier\Downloads\ZHPDiag3.exe
2016-09-22 17:49 - 2016-10-07 11:14 - 00000837 _____ C:\Users\Didier\Desktop\ZHPCleaner.lnk
2016-09-20 11:37 - 2016-09-20 11:37 - 05221832 _____ C:\Users\Didier\Downloads\Philips-391893049-gc4851_32_dfu_fra.pdf
2016-09-17 13:49 - 2016-09-17 13:54 - 260746612 _____ C:\Users\Didier\Downloads\C3lineB3stS0ng.rar
2016-09-17 13:25 - 2016-09-17 13:27 - 84255686 _____ C:\Users\Didier\Downloads\1968 - cette annee la.rar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-08 17:45 - 2016-02-01 19:21 - 00007664 _____ C:\Users\Didier\AppData\Local\Resmon.ResmonCfg
2016-10-08 17:42 - 2015-06-16 22:43 - 00001148 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-706769772-126148547-2541344145-1001Core.job
2016-10-08 17:28 - 2015-06-16 22:43 - 00001200 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-706769772-126148547-2541344145-1001UA.job
2016-10-08 17:24 - 2016-02-16 16:42 - 00000408 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-10-08 13:52 - 2009-07-14 06:45 - 00024432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-08 13:52 - 2009-07-14 06:45 - 00024432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-08 13:47 - 2014-04-18 19:50 - 00000000 ___RD C:\Users\Didier\Dropbox
2016-10-08 13:45 - 2014-04-19 17:22 - 00000111 _____ C:\.dir
2016-10-08 13:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-08 13:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-10-08 12:42 - 2014-06-07 19:13 - 00000000 ____D C:\Windows\Minidump
2016-10-08 12:38 - 2016-07-07 15:39 - 00000000 ____D C:\Users\Didier\AppData\Roaming\ZHP
2016-10-08 10:01 - 2014-04-15 18:52 - 00003964 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2250A788-FCB9-48D6-8563-57BC3E94FDDE}
2016-10-07 11:21 - 2016-07-07 15:51 - 00001551 _____ C:\Users\Didier\Desktop\ZHPCleaner.txt
2016-10-07 10:39 - 2016-07-06 19:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-07 02:15 - 2014-04-18 19:48 - 00000000 ____D C:\Users\Didier\AppData\Roaming\Dropbox
2016-10-01 14:37 - 2014-03-21 19:45 - 00755762 _____ C:\Windows\system32\perfh00C.dat
2016-10-01 14:37 - 2014-03-21 19:45 - 00154648 _____ C:\Windows\system32\perfc00C.dat
2016-10-01 14:37 - 2009-07-14 07:13 - 01698270 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-30 20:33 - 2015-06-16 22:43 - 00000000 ____D C:\Users\Didier\AppData\Local\Dropbox
2016-09-30 12:10 - 2014-09-22 17:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-30 12:10 - 2014-09-22 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-30 12:07 - 2014-09-22 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-28 21:10 - 2015-01-02 12:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-22 17:48 - 2014-03-21 16:45 - 00000000 ____D C:\Users\Didier
2016-09-22 17:45 - 2016-07-07 15:37 - 02399232 _____ C:\Users\Didier\Downloads\ZHPCleaner.exe
2016-09-22 11:16 - 2015-10-21 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange
2016-09-17 13:31 - 2016-01-05 20:32 - 00000000 ____D C:\Users\Didier\AppData\Roaming\WinRAR
==================== Files in the root of some directories =======
2015-12-08 11:03 - 2015-12-08 11:03 - 1846968 _____ (CPUID) C:\Users\Didier\AppData\Roaming\siw_sdk.dll
2016-02-01 19:21 - 2016-10-08 17:45 - 0007664 _____ () C:\Users\Didier\AppData\Local\Resmon.ResmonCfg
2014-04-21 19:56 - 2014-04-21 19:56 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Didier\AppData\Local\Temp\i4jdel0.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-08 14:26
==================== End of FRST.txt ============================
Ran by Didier (administrator) on DIDIER-PC-ASUS (08-10-2016 17:47:19)
Running from C:\Users\Didier\Desktop
Loaded Profiles: Didier (Available Profiles: Didier)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Anglais (États-Unis)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe
(Orange) C:\Users\Didier\AppData\Roaming\Orange\OrangeInside\OrangeInside.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\Didier\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2042144 2016-04-14] (TomTom)
HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [Dropbox Update] => C:\Users\Didier\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\MountPoints2: {ef33bf35-b20d-11e4-8eaf-0015af3c8af0} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.agora.intranoo.net/login/login.asp
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
Startup: C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Didier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2014-04-19]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1155ECD3-A1E7-4081-858B-08B442CD6D91}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-706769772-126148547-2541344145-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://r.orange.fr/r/Oodc_IE_oi_v2?ref=O_OI_defaultPage_IE_odc
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-19] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-19] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-06] (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-706769772-126148547-2541344145-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Didier\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-18] (RocketLife, LLP)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Dedicarz Service; C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe [1970544 2014-09-15] () [File not signed]
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3755976 2015-07-01] (devolo AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S2 Orange update Core Service; C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [734488 2016-08-29] (Orange SA)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-21] () [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-07-01] (CACE Technologies)
S3 cpuz135; \??\C:\Users\Didier\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-08 17:47 - 2016-10-08 17:48 - 00010730 _____ C:\Users\Didier\Desktop\FRST.txt
2016-10-08 17:46 - 2016-10-08 17:47 - 00000000 ____D C:\FRST
2016-10-08 16:51 - 2016-10-08 16:51 - 02405376 _____ (Farbar) C:\Users\Didier\Desktop\FRST64.exe
2016-10-08 12:44 - 2016-10-08 12:44 - 00026046 _____ C:\Users\Didier\Documents\cc_20161008_124428.reg
2016-10-07 11:30 - 2016-10-07 11:30 - 03874368 _____ C:\Users\Didier\Desktop\adwcleaner_6.021.exe
2016-10-07 02:15 - 2016-10-07 02:15 - 00000000 ____D C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-06 16:43 - 2016-10-06 16:43 - 00009764 _____ C:\Users\Didier\Desktop\JRT.txt
2016-10-06 16:34 - 2016-10-06 16:35 - 01631928 _____ (Malwarebytes) C:\Users\Didier\Desktop\JRT.exe
2016-10-06 15:04 - 2016-10-07 11:33 - 00000000 ____D C:\AdwCleaner
2016-09-27 09:56 - 2016-09-27 09:56 - 01557489 _____ C:\Users\Didier\Documents\Scan_Analyses_Sang_Lemaitre_Lucille.pdf
2016-09-22 18:07 - 2016-10-08 12:40 - 00099812 _____ C:\Users\Didier\Desktop\ZHPDiag.txt
2016-09-22 18:05 - 2016-10-08 12:34 - 00000827 _____ C:\Users\Didier\Desktop\ZHPDiag.lnk
2016-09-22 18:05 - 2016-09-22 18:05 - 02354176 _____ C:\Users\Didier\Downloads\ZHPDiag3.exe
2016-09-22 17:49 - 2016-10-07 11:14 - 00000837 _____ C:\Users\Didier\Desktop\ZHPCleaner.lnk
2016-09-20 11:37 - 2016-09-20 11:37 - 05221832 _____ C:\Users\Didier\Downloads\Philips-391893049-gc4851_32_dfu_fra.pdf
2016-09-17 13:49 - 2016-09-17 13:54 - 260746612 _____ C:\Users\Didier\Downloads\C3lineB3stS0ng.rar
2016-09-17 13:25 - 2016-09-17 13:27 - 84255686 _____ C:\Users\Didier\Downloads\1968 - cette annee la.rar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-08 17:45 - 2016-02-01 19:21 - 00007664 _____ C:\Users\Didier\AppData\Local\Resmon.ResmonCfg
2016-10-08 17:42 - 2015-06-16 22:43 - 00001148 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-706769772-126148547-2541344145-1001Core.job
2016-10-08 17:28 - 2015-06-16 22:43 - 00001200 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-706769772-126148547-2541344145-1001UA.job
2016-10-08 17:24 - 2016-02-16 16:42 - 00000408 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-10-08 13:52 - 2009-07-14 06:45 - 00024432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-08 13:52 - 2009-07-14 06:45 - 00024432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-08 13:47 - 2014-04-18 19:50 - 00000000 ___RD C:\Users\Didier\Dropbox
2016-10-08 13:45 - 2014-04-19 17:22 - 00000111 _____ C:\.dir
2016-10-08 13:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-08 13:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-10-08 12:42 - 2014-06-07 19:13 - 00000000 ____D C:\Windows\Minidump
2016-10-08 12:38 - 2016-07-07 15:39 - 00000000 ____D C:\Users\Didier\AppData\Roaming\ZHP
2016-10-08 10:01 - 2014-04-15 18:52 - 00003964 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2250A788-FCB9-48D6-8563-57BC3E94FDDE}
2016-10-07 11:21 - 2016-07-07 15:51 - 00001551 _____ C:\Users\Didier\Desktop\ZHPCleaner.txt
2016-10-07 10:39 - 2016-07-06 19:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-07 02:15 - 2014-04-18 19:48 - 00000000 ____D C:\Users\Didier\AppData\Roaming\Dropbox
2016-10-01 14:37 - 2014-03-21 19:45 - 00755762 _____ C:\Windows\system32\perfh00C.dat
2016-10-01 14:37 - 2014-03-21 19:45 - 00154648 _____ C:\Windows\system32\perfc00C.dat
2016-10-01 14:37 - 2009-07-14 07:13 - 01698270 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-30 20:33 - 2015-06-16 22:43 - 00000000 ____D C:\Users\Didier\AppData\Local\Dropbox
2016-09-30 12:10 - 2014-09-22 17:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-30 12:10 - 2014-09-22 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-30 12:07 - 2014-09-22 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-28 21:10 - 2015-01-02 12:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-22 17:48 - 2014-03-21 16:45 - 00000000 ____D C:\Users\Didier
2016-09-22 17:45 - 2016-07-07 15:37 - 02399232 _____ C:\Users\Didier\Downloads\ZHPCleaner.exe
2016-09-22 11:16 - 2015-10-21 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange
2016-09-17 13:31 - 2016-01-05 20:32 - 00000000 ____D C:\Users\Didier\AppData\Roaming\WinRAR
==================== Files in the root of some directories =======
2015-12-08 11:03 - 2015-12-08 11:03 - 1846968 _____ (CPUID) C:\Users\Didier\AppData\Roaming\siw_sdk.dll
2016-02-01 19:21 - 2016-10-08 17:45 - 0007664 _____ () C:\Users\Didier\AppData\Local\Resmon.ResmonCfg
2014-04-21 19:56 - 2014-04-21 19:56 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Didier\AppData\Local\Temp\i4jdel0.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-08 14:26
==================== End of FRST.txt ============================