Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 18-06-2017 01
Exécuté par JOAQUIM (administrateur) sur JOAQUIM-PC (19-06-2017 15:38:36)
Exécuté depuis C:\Users\JOAQUIM\Desktop
Profils chargés: JOAQUIM & (Profils disponibles: JOAQUIM & Jennifer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Safe Mode (with Networking)
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Ai Squared ) C:\Program Files (x86)\ZoomText 10\x64\ZtUac64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-27] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-12-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [OPTENET_GUI] => C:\Program Files (x86)\Bouygues Telecom\Controle Parental\bin\OPTGui.exe [1708616 2016-04-15] (Bouygues Telecom)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-03-30] (Copyright (c) 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-29] (Raptr, Inc)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153723720\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\Run: [SymphonyPreLoad] => "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\MountPoints2: {111fca4b-59cd-11e2-b6a2-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\MountPoints2: {1282cfc7-5998-11e2-9d54-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\MountPoints2: {630686bf-0d0f-11e4-80ff-902b3455e76e} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\MountPoints2: {b1c90ac8-a384-11e3-bcc7-902b3455e76e} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\Run: [SymphonyPreLoad] => "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\MountPoints2: {111fca4b-59cd-11e2-b6a2-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\MountPoints2: {1282cfc7-5998-11e2-9d54-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\MountPoints2: {630686bf-0d0f-11e4-80ff-902b3455e76e} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\MountPoints2: {b1c90ac8-a384-11e3-bcc7-902b3455e76e} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043\...\Run: [ZoomText] => C:\Program Files (x86)\ZoomText 10\Zt.exe [5063808 2013-10-31] (Ai Squared )
HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043\...\Run: [HydraVisionDesktopManager] => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043\...\Run: [SymphonyPreLoad] => "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-06-18]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\JOAQUIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - .lnk [2016-01-26]
ShortcutTarget: Alertes de surveillance de l'encre - .lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\JOAQUIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 1510 series.lnk [2017-06-19]
ShortcutTarget: Alertes de surveillance de l'encre - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => Pas de fichier
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => Pas de fichier
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4180A212-E878-4883-9D7C-9B33D4BB4363}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A87AF912-B64A-404A-8BB0-0E42036D5C6E}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={6D288332-2B50-4909-9F03-B495D8C543AA}&mid=2bb195de326847d2a270416272b10e9d-1c17013fcdf9ff5bef370152384bb9a3f0e9dacc&lang=fr&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-30 19:45:42&v=19.6.0.592&pid=safeguard&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6D288332-2B50-4909-9F03-B495D8C543AA}&mid=2bb195de326847d2a270416272b10e9d-1c17013fcdf9ff5bef370152384bb9a3f0e9dacc&lang=fr&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-30 19:45:42&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6D288332-2B50-4909-9F03-B495D8C543AA}&mid=2bb195de326847d2a270416272b10e9d-1c17013fcdf9ff5bef370152384bb9a3f0e9dacc&lang=fr&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-30 19:45:42&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Pas de fichier
Toolbar: HKU\S-1-5-21-2304044684-3080147234-1012366806-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Toolbar: HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\JOAQUIM\AppData\Roaming\Mozilla\Firefox\Profiles\xj02mmij.default [2017-06-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xj02mmij.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xj02mmij.default -> Google
FF Keyword.URL: Mozilla\Firefox\Profiles\xj02mmij.default ->
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2304044684-3080147234-1012366806-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-01-02] ()
FF Plugin HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-01-02] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\zt_config.js [2013-06-11]
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-19]
CHR Extension: (Google Docs) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-18]
CHR Extension: (Google Drive) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-18]
CHR Extension: (YouTube) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-18]
CHR Extension: (Google Docs hors connexion) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-18]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-18]
CHR Extension: (Gmail) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-18]
CHR Extension: (Chrome Media Router) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-18]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
S2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [Fichier non signé]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Fichier non signé]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 nvda; C:\Program Files (x86)\NVDA\nvda_service.exe [40040 2012-12-13] (NV Access Limited)
S2 OPTENET_FILTER; C:\Program Files (x86)\Bouygues Telecom\Controle Parental\bin\optproxy.exe [715288 2016-04-15] (Bouygues Telecom)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-05] (Electronic Arts)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-03-30] (Copyright (c) 2017 Plays.tv, LLC)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-31] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-05-31] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-06] ()
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZoomText Helper Service; C:\Program Files (x86)\ZoomText 10\ZoomTextHelperService.exe [17024 2013-10-31] (Ai Squared )
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S1 Ai2Chroniker; C:\Windows\System32\DRIVERS\Ai2Chroniker.sys [14016 2013-11-15] (Ai Squared )
S3 Ai2Mmpd; C:\Windows\System32\DRIVERS\Ai2Mmpd.sys [12992 2013-11-15] (Ai Squared )
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-20] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-19] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-07] (Intel Corporation)
S1 NetworkX; C:\Windows\system32\ckldrv.sys [27904 2007-05-18] ()
S1 OptMon; C:\Windows\system32\drivers\OptMon64.sys [108432 2015-11-03] (Optenet)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-06-19 15:38 - 2017-06-19 15:39 - 00024167 _____ C:\Users\JOAQUIM\Desktop\FRST.txt
2017-06-19 15:38 - 2017-06-19 15:38 - 02439680 _____ (Farbar) C:\Users\JOAQUIM\Desktop\FRST64.exe
2017-06-18 21:35 - 2017-06-18 21:36 - 00000000 ____D C:\Users\JOAQUIM\Desktop\Adios les virus
2017-06-18 20:49 - 2017-06-18 20:49 - 03061760 _____ (Nicolas Coolman) C:\Users\JOAQUIM\Desktop\zhpfix_2017.exe
2017-06-18 20:49 - 2017-06-18 20:49 - 00000000 ____D C:\Users\JOAQUIM\Desktop\Quarantine
2017-06-18 17:27 - 2017-06-18 17:27 - 01663672 _____ (Malwarebytes) C:\Users\JOAQUIM\Desktop\JRT.exe
2017-06-18 17:15 - 2017-06-19 15:36 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-18 17:15 - 2017-06-18 17:15 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-18 17:15 - 2017-06-18 17:15 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-18 17:15 - 2017-06-18 17:15 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-18 17:15 - 2017-06-18 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-18 17:15 - 2017-06-18 17:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-18 17:15 - 2017-05-31 11:09 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-18 17:05 - 2017-06-18 17:05 - 64025992 _____ (Malwarebytes ) C:\Users\JOAQUIM\Desktop\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe
2017-06-18 17:04 - 2017-06-18 17:04 - 04110280 _____ C:\Users\JOAQUIM\Desktop\adwcleaner_6.047 (1).exe
2017-06-18 14:41 - 2017-06-18 17:14 - 00000000 ____D C:\AdwCleaner
2017-06-18 14:41 - 2017-06-18 14:41 - 04110280 _____ C:\Users\JOAQUIM\Desktop\adwcleaner_6.047.exe
2017-06-18 14:32 - 2017-06-18 14:32 - 02794880 _____ C:\Users\JOAQUIM\Desktop\ZHPCleaner.exe
2017-06-18 14:32 - 2017-06-18 14:32 - 00000794 _____ C:\Users\JOAQUIM\Desktop\ZHPCleaner.lnk
2017-06-18 14:31 - 2017-06-18 14:31 - 02771456 _____ C:\Users\JOAQUIM\Desktop\zhpcleaner_2017.05.14.81.exe
2017-06-18 14:26 - 2017-06-18 21:14 - 00000000 ____D C:\Users\JOAQUIM\AppData\Roaming\ZHP
2017-06-18 14:26 - 2017-06-18 14:49 - 00000784 _____ C:\Users\JOAQUIM\Desktop\ZHPDiag.lnk
2017-06-18 14:26 - 2017-06-18 14:29 - 00000000 ____D C:\Users\JOAQUIM\AppData\Local\ZHP
2017-06-18 14:25 - 2017-06-18 14:25 - 02750848 _____ C:\Users\JOAQUIM\Desktop\ZHPDiag3.exe
2017-06-18 14:00 - 2017-06-18 14:06 - 00000000 ____D C:\Users\JOAQUIM\AppData\Roaming\TP-LINK
2017-06-18 14:00 - 2017-06-18 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2017-06-18 14:00 - 2017-06-18 14:00 - 00000000 ____D C:\Program Files (x86)\TP-LINK
2017-06-18 13:59 - 2015-07-06 19:16 - 00008143 _____ C:\Windows\system32\athrextx.cat
2017-06-18 13:59 - 2013-11-21 11:24 - 04028928 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2017-06-18 13:59 - 2013-11-21 11:24 - 04028928 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2017-06-18 13:12 - 2017-06-18 13:16 - 00000000 ____D C:\AVG_Remover
2017-06-18 13:07 - 2017-06-18 13:07 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-18 12:40 - 2017-06-18 12:40 - 10016794 _____ C:\Users\JOAQUIM\Downloads\DriversCloudx64_10_0_4_0.zip
2017-06-18 12:40 - 2017-06-18 12:40 - 00234112 _____ C:\Users\JOAQUIM\Downloads\DriversCloud_Win (1).exe
2017-06-18 12:39 - 2017-06-18 12:39 - 00234112 _____ C:\Users\JOAQUIM\Downloads\DriversCloud_Win.exe
2017-06-18 12:00 - 2017-06-18 12:00 - 00000000 ____D C:\Windows\pss
2017-06-17 18:24 - 2017-06-17 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pingu - Le CD-Rom des petits pingouins
2017-06-17 18:24 - 2017-06-17 18:24 - 00000000 ____D C:\Program Files (x86)\Hachette Multimédia
2017-06-17 18:24 - 1998-10-07 13:08 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUn040c.exe
2017-06-17 18:24 - 1997-02-12 03:17 - 00039952 ____R (JourneyWare Media) C:\Windows\SysWOW64\Pingu.scr
2017-06-13 18:01 - 2017-06-13 18:01 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2017-06-13 17:22 - 2017-06-13 17:22 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOAQUIM-PC-Windows-7-Home-Premium-(64-bit).dat
2017-06-13 17:22 - 2017-06-13 17:22 - 00000000 ____D C:\RegBackup
2017-06-13 17:09 - 2017-06-13 17:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-06-13 17:08 - 2017-06-13 17:09 - 00190798 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-06-13 15:42 - 2017-06-19 15:38 - 00000000 ____D C:\FRST
2017-06-13 14:47 - 2017-06-18 17:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-13 09:44 - 2017-06-18 14:00 - 00000000 ____D C:\ProgramData\TP-LINK
2017-06-07 16:36 - 2017-06-18 09:20 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2017-06-07 13:51 - 2013-07-18 07:54 - 00129224 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C62x64.sys
2017-05-23 08:17 - 2017-06-18 09:12 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-06-19 15:40 - 2011-04-12 11:16 - 00697944 _____ C:\Windows\system32\perfh00C.dat
2017-06-19 15:40 - 2011-04-12 11:16 - 00132454 _____ C:\Windows\system32\perfc00C.dat
2017-06-19 15:40 - 2009-07-14 07:13 - 01572850 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-19 15:36 - 2013-09-19 13:05 - 01056758 _____ C:\Windows\ntbtlog.txt
2017-06-19 15:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-19 13:33 - 2013-01-25 15:29 - 00000000 ____D C:\Users\JOAQUIM\AppData\Roaming\Skype
2017-06-18 22:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-18 21:39 - 2015-06-29 14:30 - 00000000 ____D C:\Users\JOAQUIM\AppData\Local\TeamSpeak 3 Client
2017-06-18 21:36 - 2016-08-18 18:12 - 00000000 ____D C:\Users\JOAQUIM\Desktop\réunion prépa
2017-06-18 21:33 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-18 21:33 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-18 21:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-06-18 20:41 - 2009-07-14 07:08 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-18 17:13 - 2013-02-11 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-18 17:02 - 2017-03-31 20:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-18 14:19 - 2013-01-08 22:18 - 00000000 ____D C:\Users\JOAQUIM\AppData\Local\ElevatedDiagnostics
2017-06-18 14:00 - 2013-01-08 18:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-18 13:13 - 2015-06-22 09:43 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-18 12:12 - 2013-01-08 19:07 - 00000000 ____D C:\Program Files\AVAST Software
2017-06-18 12:03 - 2014-02-15 16:09 - 00000000 ____D C:\Users\JOAQUIM\Documents\Fichiers
2017-06-17 19:07 - 2013-01-08 15:39 - 00000000 ____D C:\Users\JOAQUIM
2017-06-17 18:50 - 2013-01-08 20:26 - 00000000 ____D C:\Users\JOAQUIM\AppData\Local\CrashDumps
2017-06-17 18:24 - 2009-07-14 04:34 - 00000573 _____ C:\Windows\win.ini
2017-06-13 18:30 - 2013-01-08 15:40 - 00130824 _____ C:\Users\JOAQUIM\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-13 18:26 - 2009-07-14 06:45 - 00510344 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-07 16:32 - 2013-05-28 09:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-07 16:32 - 2013-01-08 18:49 - 00000000 ____D C:\Program Files\Intel
2017-06-05 12:43 - 2015-05-25 22:53 - 00000000 ____D C:\Users\JOAQUIM\Documents\vente wow
==================== Fichiers à la racine de certains dossiers =======
2013-08-17 07:10 - 2013-03-14 11:17 - 6533200 _____ (AVAST Software) C:\Program Files\AVAST
2014-06-30 19:45 - 2014-07-02 17:16 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-19 22:06 - 2013-10-20 09:06 - 0000094 _____ () C:\Users\JOAQUIM\AppData\Roaming\WB.CFG
2013-10-19 22:06 - 2013-10-20 09:06 - 0000006 _____ () C:\Users\JOAQUIM\AppData\Roaming\WBPU-TTL.DAT
2015-02-05 20:02 - 2015-02-05 20:02 - 0000017 _____ () C:\Users\JOAQUIM\AppData\Local\resmon.resmoncfg
2015-09-03 08:08 - 2015-09-03 08:08 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-06-13 16:00
==================== Fin de FRST.txt ============================
Exécuté par JOAQUIM (administrateur) sur JOAQUIM-PC (19-06-2017 15:38:36)
Exécuté depuis C:\Users\JOAQUIM\Desktop
Profils chargés: JOAQUIM & (Profils disponibles: JOAQUIM & Jennifer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Safe Mode (with Networking)
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Ai Squared ) C:\Program Files (x86)\ZoomText 10\x64\ZtUac64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-27] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-12-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [OPTENET_GUI] => C:\Program Files (x86)\Bouygues Telecom\Controle Parental\bin\OPTGui.exe [1708616 2016-04-15] (Bouygues Telecom)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-03-30] (Copyright (c) 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-29] (Raptr, Inc)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153723720\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\Run: [SymphonyPreLoad] => "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\MountPoints2: {111fca4b-59cd-11e2-b6a2-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\MountPoints2: {1282cfc7-5998-11e2-9d54-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\MountPoints2: {630686bf-0d0f-11e4-80ff-902b3455e76e} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\...\MountPoints2: {b1c90ac8-a384-11e3-bcc7-902b3455e76e} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\Run: [SymphonyPreLoad] => "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\MountPoints2: {111fca4b-59cd-11e2-b6a2-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\MountPoints2: {1282cfc7-5998-11e2-9d54-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\MountPoints2: {630686bf-0d0f-11e4-80ff-902b3455e76e} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\...\MountPoints2: {b1c90ac8-a384-11e3-bcc7-902b3455e76e} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043\...\Run: [ZoomText] => C:\Program Files (x86)\ZoomText 10\Zt.exe [5063808 2013-10-31] (Ai Squared )
HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043\...\Run: [HydraVisionDesktopManager] => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043\...\Run: [SymphonyPreLoad] => "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-06-18]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\JOAQUIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - .lnk [2016-01-26]
ShortcutTarget: Alertes de surveillance de l'encre - .lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\JOAQUIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 1510 series.lnk [2017-06-19]
ShortcutTarget: Alertes de surveillance de l'encre - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => Pas de fichier
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => Pas de fichier
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4180A212-E878-4883-9D7C-9B33D4BB4363}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A87AF912-B64A-404A-8BB0-0E42036D5C6E}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={6D288332-2B50-4909-9F03-B495D8C543AA}&mid=2bb195de326847d2a270416272b10e9d-1c17013fcdf9ff5bef370152384bb9a3f0e9dacc&lang=fr&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-30 19:45:42&v=19.6.0.592&pid=safeguard&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6D288332-2B50-4909-9F03-B495D8C543AA}&mid=2bb195de326847d2a270416272b10e9d-1c17013fcdf9ff5bef370152384bb9a3f0e9dacc&lang=fr&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-30 19:45:42&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2304044684-3080147234-1012366806-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153725043 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6D288332-2B50-4909-9F03-B495D8C543AA}&mid=2bb195de326847d2a270416272b10e9d-1c17013fcdf9ff5bef370152384bb9a3f0e9dacc&lang=fr&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-30 19:45:42&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Pas de fichier
Toolbar: HKU\S-1-5-21-2304044684-3080147234-1012366806-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Toolbar: HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\JOAQUIM\AppData\Roaming\Mozilla\Firefox\Profiles\xj02mmij.default [2017-06-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xj02mmij.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xj02mmij.default -> Google
FF Keyword.URL: Mozilla\Firefox\Profiles\xj02mmij.default ->
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2304044684-3080147234-1012366806-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-01-02] ()
FF Plugin HKU\S-1-5-21-2304044684-3080147234-1012366806-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06192017153724398: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-01-02] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\zt_config.js [2013-06-11]
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-19]
CHR Extension: (Google Docs) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-18]
CHR Extension: (Google Drive) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-18]
CHR Extension: (YouTube) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-18]
CHR Extension: (Google Docs hors connexion) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-18]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-18]
CHR Extension: (Gmail) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-18]
CHR Extension: (Chrome Media Router) - C:\Users\JOAQUIM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-18]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
S2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [Fichier non signé]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Fichier non signé]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 nvda; C:\Program Files (x86)\NVDA\nvda_service.exe [40040 2012-12-13] (NV Access Limited)
S2 OPTENET_FILTER; C:\Program Files (x86)\Bouygues Telecom\Controle Parental\bin\optproxy.exe [715288 2016-04-15] (Bouygues Telecom)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-05] (Electronic Arts)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-03-30] (Copyright (c) 2017 Plays.tv, LLC)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-31] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-05-31] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-06] ()
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZoomText Helper Service; C:\Program Files (x86)\ZoomText 10\ZoomTextHelperService.exe [17024 2013-10-31] (Ai Squared )
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S1 Ai2Chroniker; C:\Windows\System32\DRIVERS\Ai2Chroniker.sys [14016 2013-11-15] (Ai Squared )
S3 Ai2Mmpd; C:\Windows\System32\DRIVERS\Ai2Mmpd.sys [12992 2013-11-15] (Ai Squared )
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-20] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-19] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-07] (Intel Corporation)
S1 NetworkX; C:\Windows\system32\ckldrv.sys [27904 2007-05-18] ()
S1 OptMon; C:\Windows\system32\drivers\OptMon64.sys [108432 2015-11-03] (Optenet)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-06-19 15:38 - 2017-06-19 15:39 - 00024167 _____ C:\Users\JOAQUIM\Desktop\FRST.txt
2017-06-19 15:38 - 2017-06-19 15:38 - 02439680 _____ (Farbar) C:\Users\JOAQUIM\Desktop\FRST64.exe
2017-06-18 21:35 - 2017-06-18 21:36 - 00000000 ____D C:\Users\JOAQUIM\Desktop\Adios les virus
2017-06-18 20:49 - 2017-06-18 20:49 - 03061760 _____ (Nicolas Coolman) C:\Users\JOAQUIM\Desktop\zhpfix_2017.exe
2017-06-18 20:49 - 2017-06-18 20:49 - 00000000 ____D C:\Users\JOAQUIM\Desktop\Quarantine
2017-06-18 17:27 - 2017-06-18 17:27 - 01663672 _____ (Malwarebytes) C:\Users\JOAQUIM\Desktop\JRT.exe
2017-06-18 17:15 - 2017-06-19 15:36 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-18 17:15 - 2017-06-18 17:15 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-18 17:15 - 2017-06-18 17:15 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-18 17:15 - 2017-06-18 17:15 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-18 17:15 - 2017-06-18 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-18 17:15 - 2017-06-18 17:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-18 17:15 - 2017-05-31 11:09 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-18 17:05 - 2017-06-18 17:05 - 64025992 _____ (Malwarebytes ) C:\Users\JOAQUIM\Desktop\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe
2017-06-18 17:04 - 2017-06-18 17:04 - 04110280 _____ C:\Users\JOAQUIM\Desktop\adwcleaner_6.047 (1).exe
2017-06-18 14:41 - 2017-06-18 17:14 - 00000000 ____D C:\AdwCleaner
2017-06-18 14:41 - 2017-06-18 14:41 - 04110280 _____ C:\Users\JOAQUIM\Desktop\adwcleaner_6.047.exe
2017-06-18 14:32 - 2017-06-18 14:32 - 02794880 _____ C:\Users\JOAQUIM\Desktop\ZHPCleaner.exe
2017-06-18 14:32 - 2017-06-18 14:32 - 00000794 _____ C:\Users\JOAQUIM\Desktop\ZHPCleaner.lnk
2017-06-18 14:31 - 2017-06-18 14:31 - 02771456 _____ C:\Users\JOAQUIM\Desktop\zhpcleaner_2017.05.14.81.exe
2017-06-18 14:26 - 2017-06-18 21:14 - 00000000 ____D C:\Users\JOAQUIM\AppData\Roaming\ZHP
2017-06-18 14:26 - 2017-06-18 14:49 - 00000784 _____ C:\Users\JOAQUIM\Desktop\ZHPDiag.lnk
2017-06-18 14:26 - 2017-06-18 14:29 - 00000000 ____D C:\Users\JOAQUIM\AppData\Local\ZHP
2017-06-18 14:25 - 2017-06-18 14:25 - 02750848 _____ C:\Users\JOAQUIM\Desktop\ZHPDiag3.exe
2017-06-18 14:00 - 2017-06-18 14:06 - 00000000 ____D C:\Users\JOAQUIM\AppData\Roaming\TP-LINK
2017-06-18 14:00 - 2017-06-18 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2017-06-18 14:00 - 2017-06-18 14:00 - 00000000 ____D C:\Program Files (x86)\TP-LINK
2017-06-18 13:59 - 2015-07-06 19:16 - 00008143 _____ C:\Windows\system32\athrextx.cat
2017-06-18 13:59 - 2013-11-21 11:24 - 04028928 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2017-06-18 13:59 - 2013-11-21 11:24 - 04028928 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2017-06-18 13:12 - 2017-06-18 13:16 - 00000000 ____D C:\AVG_Remover
2017-06-18 13:07 - 2017-06-18 13:07 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-18 12:40 - 2017-06-18 12:40 - 10016794 _____ C:\Users\JOAQUIM\Downloads\DriversCloudx64_10_0_4_0.zip
2017-06-18 12:40 - 2017-06-18 12:40 - 00234112 _____ C:\Users\JOAQUIM\Downloads\DriversCloud_Win (1).exe
2017-06-18 12:39 - 2017-06-18 12:39 - 00234112 _____ C:\Users\JOAQUIM\Downloads\DriversCloud_Win.exe
2017-06-18 12:00 - 2017-06-18 12:00 - 00000000 ____D C:\Windows\pss
2017-06-17 18:24 - 2017-06-17 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pingu - Le CD-Rom des petits pingouins
2017-06-17 18:24 - 2017-06-17 18:24 - 00000000 ____D C:\Program Files (x86)\Hachette Multimédia
2017-06-17 18:24 - 1998-10-07 13:08 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUn040c.exe
2017-06-17 18:24 - 1997-02-12 03:17 - 00039952 ____R (JourneyWare Media) C:\Windows\SysWOW64\Pingu.scr
2017-06-13 18:01 - 2017-06-13 18:01 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2017-06-13 17:22 - 2017-06-13 17:22 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOAQUIM-PC-Windows-7-Home-Premium-(64-bit).dat
2017-06-13 17:22 - 2017-06-13 17:22 - 00000000 ____D C:\RegBackup
2017-06-13 17:09 - 2017-06-13 17:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-06-13 17:08 - 2017-06-13 17:09 - 00190798 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-06-13 15:42 - 2017-06-19 15:38 - 00000000 ____D C:\FRST
2017-06-13 14:47 - 2017-06-18 17:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-13 09:44 - 2017-06-18 14:00 - 00000000 ____D C:\ProgramData\TP-LINK
2017-06-07 16:36 - 2017-06-18 09:20 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2017-06-07 13:51 - 2013-07-18 07:54 - 00129224 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C62x64.sys
2017-05-23 08:17 - 2017-06-18 09:12 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-06-19 15:40 - 2011-04-12 11:16 - 00697944 _____ C:\Windows\system32\perfh00C.dat
2017-06-19 15:40 - 2011-04-12 11:16 - 00132454 _____ C:\Windows\system32\perfc00C.dat
2017-06-19 15:40 - 2009-07-14 07:13 - 01572850 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-19 15:36 - 2013-09-19 13:05 - 01056758 _____ C:\Windows\ntbtlog.txt
2017-06-19 15:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-19 13:33 - 2013-01-25 15:29 - 00000000 ____D C:\Users\JOAQUIM\AppData\Roaming\Skype
2017-06-18 22:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-18 21:39 - 2015-06-29 14:30 - 00000000 ____D C:\Users\JOAQUIM\AppData\Local\TeamSpeak 3 Client
2017-06-18 21:36 - 2016-08-18 18:12 - 00000000 ____D C:\Users\JOAQUIM\Desktop\réunion prépa
2017-06-18 21:33 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-18 21:33 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-18 21:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-06-18 20:41 - 2009-07-14 07:08 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-18 17:13 - 2013-02-11 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-18 17:02 - 2017-03-31 20:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-18 14:19 - 2013-01-08 22:18 - 00000000 ____D C:\Users\JOAQUIM\AppData\Local\ElevatedDiagnostics
2017-06-18 14:00 - 2013-01-08 18:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-18 13:13 - 2015-06-22 09:43 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-18 12:12 - 2013-01-08 19:07 - 00000000 ____D C:\Program Files\AVAST Software
2017-06-18 12:03 - 2014-02-15 16:09 - 00000000 ____D C:\Users\JOAQUIM\Documents\Fichiers
2017-06-17 19:07 - 2013-01-08 15:39 - 00000000 ____D C:\Users\JOAQUIM
2017-06-17 18:50 - 2013-01-08 20:26 - 00000000 ____D C:\Users\JOAQUIM\AppData\Local\CrashDumps
2017-06-17 18:24 - 2009-07-14 04:34 - 00000573 _____ C:\Windows\win.ini
2017-06-13 18:30 - 2013-01-08 15:40 - 00130824 _____ C:\Users\JOAQUIM\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-13 18:26 - 2009-07-14 06:45 - 00510344 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-07 16:32 - 2013-05-28 09:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-07 16:32 - 2013-01-08 18:49 - 00000000 ____D C:\Program Files\Intel
2017-06-05 12:43 - 2015-05-25 22:53 - 00000000 ____D C:\Users\JOAQUIM\Documents\vente wow
==================== Fichiers à la racine de certains dossiers =======
2013-08-17 07:10 - 2013-03-14 11:17 - 6533200 _____ (AVAST Software) C:\Program Files\AVAST
2014-06-30 19:45 - 2014-07-02 17:16 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-19 22:06 - 2013-10-20 09:06 - 0000094 _____ () C:\Users\JOAQUIM\AppData\Roaming\WB.CFG
2013-10-19 22:06 - 2013-10-20 09:06 - 0000006 _____ () C:\Users\JOAQUIM\AppData\Roaming\WBPU-TTL.DAT
2015-02-05 20:02 - 2015-02-05 20:02 - 0000017 _____ () C:\Users\JOAQUIM\AppData\Local\resmon.resmoncfg
2015-09-03 08:08 - 2015-09-03 08:08 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-06-13 16:00
==================== Fin de FRST.txt ============================