Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2017
Exécuté par Procurement (administrateur) sur PC-HOME (16-08-2017 21:05:12)
Exécuté depuis C:\Users\Procurement\Desktop
Profils chargés: Procurement (Profils disponibles: Procurement)
Platform: Microsoft® Windows Vista™ Édition Intégrale Service Pack 2 (X86) Langue: Français (France)
Internet Explorer Version 9 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Creative Technology Ltd) C:\Windows\System32\CtHelper.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Piriform Ltd) C:\CCLeaner\ccleaner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [CTHelper] => CTHELPER.EXE*
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation)
HKLM\...\Run: [CTXFIREG] => C:\Windows\system32\CTxfiReg.exe [44032 2006-11-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [ECenter] => c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [155648 2006-09-28] (Creative Technology Ltd)
HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [273528 2011-10-24] (RealNetworks, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [213832 2017-07-18] (AVAST Software)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL*
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [CCleaner Monitoring] => C:\CCLeaner\CCleaner.exe [7658200 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\RunOnce: [SetDefaultMIDI] => MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'*
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0.lnk [2010-11-13]
ShortcutTarget: PHOTOfunSTUDIO 5.0.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{1BF2AB82-D763-4B0E-911A-B0D818277FCE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5FAAD006-3284-416A-A079-4F89B1E66281}: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{88202DBB-1DA2-44D1-A803-E57F2F72F342}: [DhcpNameServer] 212.27.40.241 212.27.40.240
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.fr/
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> {9D5BD211-422C-4164-9298-BB4186A30F31} URL = hxxp://www.bing.com/search?q={searchTerms}&mkt=fr-FR&form=MIAWB1
BHO: Pas de nom -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> Pas de fichier
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-07-18] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Toolbar: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: od9ml3yj.default
FF ProfilePath: C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default [2017-08-16]
FF Homepage: Mozilla\Firefox\Profiles\od9ml3yj.default -> about:home
FF Extension: (Ghostery) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\firefox@ghostery.com.xpi [2017-08-13]
FF Extension: (Qwant for Firefox) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\qwantcomforfirefox@jetpack.xpi [2017-07-13]
FF Extension: (Avast SafePrice) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\sp@avast.com.xpi [2017-05-31]
FF Extension: (Avast Online Security) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\wrc@avast.com.xpi [2017-05-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-24] [non signé]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2016-01-25] [non signé]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-10-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-10-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-10-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-10-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-10-24] (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-24]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-10] (Adobe Systems Incorporated) [Fichier non signé]
S3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\aswidsagent.exe [5815840 2017-07-18] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [263312 2017-07-18] (AVAST Software)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [Fichier non signé]
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [Fichier non signé]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [16936 2008-04-05] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-09-29] (Intel Corporation) [Fichier non signé]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Fichier non signé]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [Fichier non signé]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [Fichier non signé]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [Fichier non signé]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267008 2017-07-18] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-07-18] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-07-18] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-07-18] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-18] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-07-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123928 2017-08-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774320 2017-08-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-18] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-18] (AVAST Software)
R3 AVMNgBasM779; C:\Windows\System32\DRIVERS\AVerBas.sys [49280 2007-02-13] (AVerMedia TECHNOLOGIES, Inc.)
R3 AVMNgCapM779; C:\Windows\System32\DRIVERS\AVerCap.sys [219648 2007-02-13] (AVerMedia TECHNOLOGIES, Inc.)
R3 AVMNgTunM779; C:\Windows\System32\DRIVERS\AVerTun.sys [147584 2007-02-13] (AVerMedia TECHNOLOGIES, Inc.)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2006-11-29] (Creative Technology Ltd)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [Fichier non signé]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59936 2017-08-01] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [162240 2017-08-01] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-08-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-08-16] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64800 2017-08-15] (Malwarebytes)
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; c:\program files\dell support center\pcdsrvc.pkms [21744 2010-11-18] (PC-Doctor, Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [Fichier non signé]
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [82056 2016-03-23] (IBM Corp.)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-08-16 21:05 - 2017-08-16 21:06 - 000021853 _____ C:\Users\Procurement\Desktop\FRST.txt
2017-08-16 21:04 - 2017-08-16 21:05 - 000000000 ____D C:\FRST
2017-08-16 21:03 - 2017-08-16 21:03 - 001792512 _____ (Farbar) C:\Users\Procurement\Desktop\FRST.exe
2017-08-16 08:10 - 2017-08-16 08:10 - 000001471 _____ C:\Users\Procurement\Desktop\ZHPCleaner.txt
2017-08-16 07:53 - 2017-08-16 08:10 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\ZHP
2017-08-16 07:53 - 2017-08-16 07:53 - 002854784 _____ C:\Users\Procurement\Desktop\zhpcleaner_2017.8.15.140.exe
2017-08-16 07:53 - 2017-08-16 07:53 - 000000733 _____ C:\Users\Procurement\Desktop\ZHPCleaner.lnk
2017-08-15 18:44 - 2017-08-15 18:44 - 001790024 _____ (Malwarebytes) C:\Users\Procurement\Desktop\JRT.exe
2017-08-15 18:33 - 2017-08-15 18:36 - 000000000 ____D C:\AdwCleaner
2017-08-15 18:32 - 2017-08-15 18:32 - 008185288 _____ (Malwarebytes) C:\Users\Procurement\Desktop\adwcleaner_7.0.1.0.exe
2017-08-15 17:08 - 2017-08-15 18:57 - 000000000 ____D C:\Users\Procurement\AppData\Local\ZHP
2017-08-15 17:08 - 2017-08-15 18:55 - 000000723 _____ C:\Users\Procurement\Desktop\ZHPDiag.lnk
2017-08-15 17:06 - 2017-08-15 17:06 - 002812800 _____ C:\Users\Procurement\Desktop\zhpdiag_2017.8.15.140.exe
2017-08-15 16:25 - 2017-08-15 16:25 - 000144176 _____ C:\Windows\Minidump\Mini081517-01.dmp
2017-08-14 18:52 - 2017-08-14 18:52 - 000144176 _____ C:\Windows\Minidump\Mini081417-01.dmp
2017-08-13 18:25 - 2017-08-13 18:25 - 000144176 _____ C:\Windows\Minidump\Mini081317-03.dmp
2017-08-13 18:22 - 2017-08-13 18:22 - 000144176 _____ C:\Windows\Minidump\Mini081317-02.dmp
2017-08-13 18:14 - 2017-08-13 18:14 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\PeerNetworking
2017-08-13 15:23 - 2017-08-13 15:23 - 000144176 _____ C:\Windows\Minidump\Mini081317-01.dmp
2017-08-12 20:13 - 2017-08-12 20:13 - 000144176 _____ C:\Windows\Minidump\Mini081217-04.dmp
2017-08-12 20:10 - 2017-08-12 20:10 - 000144176 _____ C:\Windows\Minidump\Mini081217-03.dmp
2017-08-12 20:01 - 2017-08-12 20:01 - 000144176 _____ C:\Windows\Minidump\Mini081217-02.dmp
2017-08-12 19:51 - 2017-08-12 19:51 - 000144176 _____ C:\Windows\Minidump\Mini081217-01.dmp
2017-08-08 19:36 - 2017-08-08 19:36 - 000144176 _____ C:\Windows\Minidump\Mini080817-02.dmp
2017-08-08 18:39 - 2017-08-08 18:39 - 000144176 _____ C:\Windows\Minidump\Mini080817-01.dmp
2017-08-07 23:22 - 2017-08-07 23:31 - 000000000 ____D C:\Users\Procurement\Documents\Achat appart-NEW
2017-08-06 21:04 - 2017-08-06 21:04 - 000144176 _____ C:\Windows\Minidump\Mini080617-01.dmp
2017-08-04 19:40 - 2017-08-04 19:40 - 000144176 _____ C:\Windows\Minidump\Mini080417-02.dmp
2017-08-04 13:47 - 2017-08-04 13:47 - 000144176 _____ C:\Windows\Minidump\Mini080417-01.dmp
2017-08-02 19:28 - 2017-08-02 19:28 - 000144176 _____ C:\Windows\Minidump\Mini080217-01.dmp
2017-08-01 18:59 - 2017-08-01 18:59 - 000144176 _____ C:\Windows\Minidump\Mini080117-01.dmp
2017-08-01 18:58 - 2017-08-15 16:25 - 315235659 _____ C:\Windows\MEMORY.DMP
2017-08-01 14:39 - 2017-08-16 20:52 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-01 14:39 - 2017-08-15 16:21 - 000064800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-01 14:39 - 2017-08-15 16:21 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-01 14:39 - 2017-08-01 16:14 - 000162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-01 14:38 - 2017-08-01 15:59 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-08-01 14:38 - 2017-08-01 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-01 14:38 - 2017-08-01 14:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-01 14:38 - 2017-08-01 14:38 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-30 15:33 - 2017-07-30 15:33 - 000000000 ____D C:\Program Files\Common Files\Java
2017-07-18 23:19 - 2017-02-11 17:22 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-18 23:19 - 2016-08-03 17:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2017-07-18 23:19 - 2016-08-03 16:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-18 23:19 - 2016-08-03 16:20 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-18 22:49 - 2017-07-18 22:49 - 000303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-08-16 21:06 - 2011-03-04 13:01 - 000000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2017-08-16 21:03 - 2016-11-24 23:43 - 000000000 ____D C:\Users\Procurement\AppData\LocalLow\Mozilla
2017-08-16 21:03 - 2014-02-18 16:21 - 000000336 _____ C:\Windows\BRRBCOM.INI
2017-08-16 20:52 - 2006-11-02 15:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-16 20:52 - 2006-11-02 14:46 - 000003680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-16 20:52 - 2006-11-02 14:46 - 000003680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-16 08:24 - 2016-01-13 01:38 - 000001080 _____ C:\Windows\system32\settingsbkup.sfm
2017-08-16 08:24 - 2016-01-13 01:38 - 000001080 _____ C:\Windows\system32\settings.sfm
2017-08-16 08:24 - 2008-04-05 18:01 - 000064756 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
2017-08-16 08:24 - 2008-04-05 18:01 - 000053968 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
2017-08-16 08:24 - 2008-04-05 18:01 - 000053968 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
2017-08-16 08:24 - 2006-11-02 15:00 - 000032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-15 23:31 - 2010-05-01 20:59 - 000000000 ____D C:\Users\Procurement\AppData\Local\adslTV
2017-08-15 18:36 - 2010-02-28 15:58 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\Yahoo!
2017-08-15 16:25 - 2008-09-11 14:19 - 000000000 ____D C:\Windows\Minidump
2017-08-13 18:52 - 2007-06-03 00:10 - 000000000 ____D C:\doctemp
2017-08-13 15:12 - 2011-03-04 12:46 - 000000000 ____D C:\ProgramData\PCDr
2017-08-10 22:56 - 2014-01-12 17:36 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-08-10 22:56 - 2014-01-12 17:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-08-10 22:55 - 2007-06-02 16:30 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-09 18:58 - 2016-01-25 16:45 - 000774320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-08-09 18:58 - 2016-01-25 16:45 - 000123928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-08-08 18:53 - 2015-09-29 16:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-03 11:24 - 2012-12-05 00:03 - 000000000 ____D C:\Users\Procurement\Documents\AL
2017-08-02 19:48 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf
2017-07-30 22:16 - 2015-09-29 16:30 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\DVDVideoSoft
2017-07-30 15:58 - 2009-06-01 12:40 - 000000000 ____D C:\Users\Procurement\Documents\Divers
2017-07-30 15:34 - 2013-10-19 08:29 - 000000000 ____D C:\ProgramData\Oracle
2017-07-30 15:34 - 2013-10-19 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-30 15:34 - 2007-06-02 16:30 - 000000000 ____D C:\Program Files\Java
2017-07-30 15:32 - 2015-02-15 15:04 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-07-21 00:24 - 2008-03-18 23:37 - 000000000 ____D C:\Users\Procurement\Documents\Archives dossiers HA
2017-07-18 23:59 - 2012-11-02 15:26 - 000000000 ____D C:\Users\Procurement\Documents\Téléphonie mobile
2017-07-18 23:59 - 2009-03-07 17:57 - 000000000 ____D C:\Users\Procurement\Documents\Consulting
2017-07-18 23:47 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\rescache
2017-07-18 22:49 - 2017-03-01 23:33 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-07-18 22:49 - 2017-03-01 23:33 - 000267008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-07-18 22:49 - 2017-03-01 23:33 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-07-18 22:49 - 2017-03-01 23:33 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-07-18 22:49 - 2016-05-04 16:24 - 000039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-18 22:49 - 2015-07-28 16:57 - 000202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-07-18 22:49 - 2014-04-29 21:05 - 000042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-18 22:49 - 2013-05-08 11:24 - 000296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-18 22:49 - 2013-05-08 11:24 - 000070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-18 22:49 - 2008-06-20 21:12 - 000496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-18 22:49 - 2007-09-27 18:06 - 000070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-07-18 20:56 - 2007-07-21 13:19 - 000000000 ____D C:\CCLeaner
==================== Fichiers à la racine de certains dossiers =======
2017-08-13 18:14 - 2017-08-13 18:14 - 000024206 _____ () C:\Users\Procurement\AppData\Roaming\UserTile.png
2007-06-10 15:57 - 2008-08-14 12:07 - 000000000 _____ () C:\Users\Procurement\AppData\Roaming\wklnhst.dat
2012-01-31 22:20 - 2012-11-04 00:58 - 000000680 _____ () C:\Users\Procurement\AppData\Local\d3d9caps.dat
2007-06-10 14:00 - 2011-10-24 21:39 - 000037888 _____ () C:\Users\Procurement\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-30 11:51 - 2009-06-30 11:51 - 000004096 ____H () C:\Users\Procurement\AppData\Local\keyfile3.drm
2014-07-10 12:19 - 2014-07-10 12:19 - 000004191 _____ () C:\Users\Procurement\AppData\Local\recently-used.xbel
Certains fichiers dans TEMP:
====================
2017-08-01 15:48 - 2017-08-01 15:48 - 000000000 _____ () C:\Users\Procurement\AppData\Local\Temp\vkoagctv.dll
2017-08-02 19:26 - 2017-08-02 19:26 - 000000000 _____ () C:\Users\Procurement\AppData\Local\Temp\yp5domaj.dll
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-08-16 20:58
==================== Fin de FRST.txt ============================
Exécuté par Procurement (administrateur) sur PC-HOME (16-08-2017 21:05:12)
Exécuté depuis C:\Users\Procurement\Desktop
Profils chargés: Procurement (Profils disponibles: Procurement)
Platform: Microsoft® Windows Vista™ Édition Intégrale Service Pack 2 (X86) Langue: Français (France)
Internet Explorer Version 9 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Creative Technology Ltd) C:\Windows\System32\CtHelper.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Piriform Ltd) C:\CCLeaner\ccleaner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [CTHelper] => CTHELPER.EXE*
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation)
HKLM\...\Run: [CTXFIREG] => C:\Windows\system32\CTxfiReg.exe [44032 2006-11-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [ECenter] => c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [155648 2006-09-28] (Creative Technology Ltd)
HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [273528 2011-10-24] (RealNetworks, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [213832 2017-07-18] (AVAST Software)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL*
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [CCleaner Monitoring] => C:\CCLeaner\CCleaner.exe [7658200 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\RunOnce: [SetDefaultMIDI] => MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'*
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0.lnk [2010-11-13]
ShortcutTarget: PHOTOfunSTUDIO 5.0.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{1BF2AB82-D763-4B0E-911A-B0D818277FCE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5FAAD006-3284-416A-A079-4F89B1E66281}: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{88202DBB-1DA2-44D1-A803-E57F2F72F342}: [DhcpNameServer] 212.27.40.241 212.27.40.240
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.fr/
HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> {9D5BD211-422C-4164-9298-BB4186A30F31} URL = hxxp://www.bing.com/search?q={searchTerms}&mkt=fr-FR&form=MIAWB1
BHO: Pas de nom -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> Pas de fichier
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-07-18] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Toolbar: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: od9ml3yj.default
FF ProfilePath: C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default [2017-08-16]
FF Homepage: Mozilla\Firefox\Profiles\od9ml3yj.default -> about:home
FF Extension: (Ghostery) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\firefox@ghostery.com.xpi [2017-08-13]
FF Extension: (Qwant for Firefox) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\qwantcomforfirefox@jetpack.xpi [2017-07-13]
FF Extension: (Avast SafePrice) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\sp@avast.com.xpi [2017-05-31]
FF Extension: (Avast Online Security) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\wrc@avast.com.xpi [2017-05-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-24] [non signé]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2016-01-25] [non signé]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-10-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-10-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-10-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-10-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-10-24] (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-24]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-10] (Adobe Systems Incorporated) [Fichier non signé]
S3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\aswidsagent.exe [5815840 2017-07-18] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [263312 2017-07-18] (AVAST Software)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [Fichier non signé]
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [Fichier non signé]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [16936 2008-04-05] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-09-29] (Intel Corporation) [Fichier non signé]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Fichier non signé]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [Fichier non signé]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [Fichier non signé]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [Fichier non signé]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267008 2017-07-18] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-07-18] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-07-18] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-07-18] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-18] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-07-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123928 2017-08-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774320 2017-08-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-18] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-18] (AVAST Software)
R3 AVMNgBasM779; C:\Windows\System32\DRIVERS\AVerBas.sys [49280 2007-02-13] (AVerMedia TECHNOLOGIES, Inc.)
R3 AVMNgCapM779; C:\Windows\System32\DRIVERS\AVerCap.sys [219648 2007-02-13] (AVerMedia TECHNOLOGIES, Inc.)
R3 AVMNgTunM779; C:\Windows\System32\DRIVERS\AVerTun.sys [147584 2007-02-13] (AVerMedia TECHNOLOGIES, Inc.)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2006-11-29] (Creative Technology Ltd)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [Fichier non signé]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59936 2017-08-01] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [162240 2017-08-01] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-08-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-08-16] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64800 2017-08-15] (Malwarebytes)
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; c:\program files\dell support center\pcdsrvc.pkms [21744 2010-11-18] (PC-Doctor, Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [Fichier non signé]
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [82056 2016-03-23] (IBM Corp.)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-08-16 21:05 - 2017-08-16 21:06 - 000021853 _____ C:\Users\Procurement\Desktop\FRST.txt
2017-08-16 21:04 - 2017-08-16 21:05 - 000000000 ____D C:\FRST
2017-08-16 21:03 - 2017-08-16 21:03 - 001792512 _____ (Farbar) C:\Users\Procurement\Desktop\FRST.exe
2017-08-16 08:10 - 2017-08-16 08:10 - 000001471 _____ C:\Users\Procurement\Desktop\ZHPCleaner.txt
2017-08-16 07:53 - 2017-08-16 08:10 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\ZHP
2017-08-16 07:53 - 2017-08-16 07:53 - 002854784 _____ C:\Users\Procurement\Desktop\zhpcleaner_2017.8.15.140.exe
2017-08-16 07:53 - 2017-08-16 07:53 - 000000733 _____ C:\Users\Procurement\Desktop\ZHPCleaner.lnk
2017-08-15 18:44 - 2017-08-15 18:44 - 001790024 _____ (Malwarebytes) C:\Users\Procurement\Desktop\JRT.exe
2017-08-15 18:33 - 2017-08-15 18:36 - 000000000 ____D C:\AdwCleaner
2017-08-15 18:32 - 2017-08-15 18:32 - 008185288 _____ (Malwarebytes) C:\Users\Procurement\Desktop\adwcleaner_7.0.1.0.exe
2017-08-15 17:08 - 2017-08-15 18:57 - 000000000 ____D C:\Users\Procurement\AppData\Local\ZHP
2017-08-15 17:08 - 2017-08-15 18:55 - 000000723 _____ C:\Users\Procurement\Desktop\ZHPDiag.lnk
2017-08-15 17:06 - 2017-08-15 17:06 - 002812800 _____ C:\Users\Procurement\Desktop\zhpdiag_2017.8.15.140.exe
2017-08-15 16:25 - 2017-08-15 16:25 - 000144176 _____ C:\Windows\Minidump\Mini081517-01.dmp
2017-08-14 18:52 - 2017-08-14 18:52 - 000144176 _____ C:\Windows\Minidump\Mini081417-01.dmp
2017-08-13 18:25 - 2017-08-13 18:25 - 000144176 _____ C:\Windows\Minidump\Mini081317-03.dmp
2017-08-13 18:22 - 2017-08-13 18:22 - 000144176 _____ C:\Windows\Minidump\Mini081317-02.dmp
2017-08-13 18:14 - 2017-08-13 18:14 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\PeerNetworking
2017-08-13 15:23 - 2017-08-13 15:23 - 000144176 _____ C:\Windows\Minidump\Mini081317-01.dmp
2017-08-12 20:13 - 2017-08-12 20:13 - 000144176 _____ C:\Windows\Minidump\Mini081217-04.dmp
2017-08-12 20:10 - 2017-08-12 20:10 - 000144176 _____ C:\Windows\Minidump\Mini081217-03.dmp
2017-08-12 20:01 - 2017-08-12 20:01 - 000144176 _____ C:\Windows\Minidump\Mini081217-02.dmp
2017-08-12 19:51 - 2017-08-12 19:51 - 000144176 _____ C:\Windows\Minidump\Mini081217-01.dmp
2017-08-08 19:36 - 2017-08-08 19:36 - 000144176 _____ C:\Windows\Minidump\Mini080817-02.dmp
2017-08-08 18:39 - 2017-08-08 18:39 - 000144176 _____ C:\Windows\Minidump\Mini080817-01.dmp
2017-08-07 23:22 - 2017-08-07 23:31 - 000000000 ____D C:\Users\Procurement\Documents\Achat appart-NEW
2017-08-06 21:04 - 2017-08-06 21:04 - 000144176 _____ C:\Windows\Minidump\Mini080617-01.dmp
2017-08-04 19:40 - 2017-08-04 19:40 - 000144176 _____ C:\Windows\Minidump\Mini080417-02.dmp
2017-08-04 13:47 - 2017-08-04 13:47 - 000144176 _____ C:\Windows\Minidump\Mini080417-01.dmp
2017-08-02 19:28 - 2017-08-02 19:28 - 000144176 _____ C:\Windows\Minidump\Mini080217-01.dmp
2017-08-01 18:59 - 2017-08-01 18:59 - 000144176 _____ C:\Windows\Minidump\Mini080117-01.dmp
2017-08-01 18:58 - 2017-08-15 16:25 - 315235659 _____ C:\Windows\MEMORY.DMP
2017-08-01 14:39 - 2017-08-16 20:52 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-01 14:39 - 2017-08-15 16:21 - 000064800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-01 14:39 - 2017-08-15 16:21 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-01 14:39 - 2017-08-01 16:14 - 000162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-01 14:38 - 2017-08-01 15:59 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-08-01 14:38 - 2017-08-01 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-01 14:38 - 2017-08-01 14:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-01 14:38 - 2017-08-01 14:38 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-30 15:33 - 2017-07-30 15:33 - 000000000 ____D C:\Program Files\Common Files\Java
2017-07-18 23:19 - 2017-02-11 17:22 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-18 23:19 - 2016-08-03 17:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2017-07-18 23:19 - 2016-08-03 16:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-18 23:19 - 2016-08-03 16:20 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-18 22:49 - 2017-07-18 22:49 - 000303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-08-16 21:06 - 2011-03-04 13:01 - 000000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2017-08-16 21:03 - 2016-11-24 23:43 - 000000000 ____D C:\Users\Procurement\AppData\LocalLow\Mozilla
2017-08-16 21:03 - 2014-02-18 16:21 - 000000336 _____ C:\Windows\BRRBCOM.INI
2017-08-16 20:52 - 2006-11-02 15:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-16 20:52 - 2006-11-02 14:46 - 000003680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-16 20:52 - 2006-11-02 14:46 - 000003680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-16 08:24 - 2016-01-13 01:38 - 000001080 _____ C:\Windows\system32\settingsbkup.sfm
2017-08-16 08:24 - 2016-01-13 01:38 - 000001080 _____ C:\Windows\system32\settings.sfm
2017-08-16 08:24 - 2008-04-05 18:01 - 000064756 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
2017-08-16 08:24 - 2008-04-05 18:01 - 000053968 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
2017-08-16 08:24 - 2008-04-05 18:01 - 000053968 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
2017-08-16 08:24 - 2006-11-02 15:00 - 000032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-15 23:31 - 2010-05-01 20:59 - 000000000 ____D C:\Users\Procurement\AppData\Local\adslTV
2017-08-15 18:36 - 2010-02-28 15:58 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\Yahoo!
2017-08-15 16:25 - 2008-09-11 14:19 - 000000000 ____D C:\Windows\Minidump
2017-08-13 18:52 - 2007-06-03 00:10 - 000000000 ____D C:\doctemp
2017-08-13 15:12 - 2011-03-04 12:46 - 000000000 ____D C:\ProgramData\PCDr
2017-08-10 22:56 - 2014-01-12 17:36 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-08-10 22:56 - 2014-01-12 17:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-08-10 22:55 - 2007-06-02 16:30 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-09 18:58 - 2016-01-25 16:45 - 000774320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-08-09 18:58 - 2016-01-25 16:45 - 000123928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-08-08 18:53 - 2015-09-29 16:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-03 11:24 - 2012-12-05 00:03 - 000000000 ____D C:\Users\Procurement\Documents\AL
2017-08-02 19:48 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf
2017-07-30 22:16 - 2015-09-29 16:30 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\DVDVideoSoft
2017-07-30 15:58 - 2009-06-01 12:40 - 000000000 ____D C:\Users\Procurement\Documents\Divers
2017-07-30 15:34 - 2013-10-19 08:29 - 000000000 ____D C:\ProgramData\Oracle
2017-07-30 15:34 - 2013-10-19 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-30 15:34 - 2007-06-02 16:30 - 000000000 ____D C:\Program Files\Java
2017-07-30 15:32 - 2015-02-15 15:04 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-07-21 00:24 - 2008-03-18 23:37 - 000000000 ____D C:\Users\Procurement\Documents\Archives dossiers HA
2017-07-18 23:59 - 2012-11-02 15:26 - 000000000 ____D C:\Users\Procurement\Documents\Téléphonie mobile
2017-07-18 23:59 - 2009-03-07 17:57 - 000000000 ____D C:\Users\Procurement\Documents\Consulting
2017-07-18 23:47 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\rescache
2017-07-18 22:49 - 2017-03-01 23:33 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-07-18 22:49 - 2017-03-01 23:33 - 000267008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-07-18 22:49 - 2017-03-01 23:33 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-07-18 22:49 - 2017-03-01 23:33 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-07-18 22:49 - 2016-05-04 16:24 - 000039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-18 22:49 - 2015-07-28 16:57 - 000202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-07-18 22:49 - 2014-04-29 21:05 - 000042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-18 22:49 - 2013-05-08 11:24 - 000296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-18 22:49 - 2013-05-08 11:24 - 000070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-18 22:49 - 2008-06-20 21:12 - 000496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-18 22:49 - 2007-09-27 18:06 - 000070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-07-18 20:56 - 2007-07-21 13:19 - 000000000 ____D C:\CCLeaner
==================== Fichiers à la racine de certains dossiers =======
2017-08-13 18:14 - 2017-08-13 18:14 - 000024206 _____ () C:\Users\Procurement\AppData\Roaming\UserTile.png
2007-06-10 15:57 - 2008-08-14 12:07 - 000000000 _____ () C:\Users\Procurement\AppData\Roaming\wklnhst.dat
2012-01-31 22:20 - 2012-11-04 00:58 - 000000680 _____ () C:\Users\Procurement\AppData\Local\d3d9caps.dat
2007-06-10 14:00 - 2011-10-24 21:39 - 000037888 _____ () C:\Users\Procurement\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-30 11:51 - 2009-06-30 11:51 - 000004096 ____H () C:\Users\Procurement\AppData\Local\keyfile3.drm
2014-07-10 12:19 - 2014-07-10 12:19 - 000004191 _____ () C:\Users\Procurement\AppData\Local\recently-used.xbel
Certains fichiers dans TEMP:
====================
2017-08-01 15:48 - 2017-08-01 15:48 - 000000000 _____ () C:\Users\Procurement\AppData\Local\Temp\vkoagctv.dll
2017-08-02 19:26 - 2017-08-02 19:26 - 000000000 _____ () C:\Users\Procurement\AppData\Local\Temp\yp5domaj.dll
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-08-16 20:58
==================== Fin de FRST.txt ============================