Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
Exécuté par berni_000 (administrateur) sur ORDINA13 (11-09-2017 22:07:49)
Exécuté depuis C:\Users\berni_000\Downloads
Profils chargés: berni_000 (Profils disponibles: an-ichat & berni_000 & saby-_000)
Platform: Windows 10 Pro Version 1607 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(© 2015 Microsoft Corporation) C:\Users\berni_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17032.10331.0_x64__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe\CompanionApp.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [MessageSCC] => C:\Ordina13 help\Assurance.exe [243346 2014-05-28] (XnView, hxxp://www.xnview.com)
HKLM\...\Run: [ModernUI] => C:\Windows\System32\Attrib.exe [20480 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167488 2013-09-16] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1692148296-4129977814-3349130404-1013\...\Run: [BingSvc] => C:\Users\berni_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1692148296-4129977814-3349130404-1013\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1692148296-4129977814-3349130404-1013\...\MountPoints2: {dd6f14a4-a023-11e6-82be-1458d010ac94} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1692148296-4129977814-3349130404-1013\...\MountPoints2: {dd6f14db-a023-11e6-82be-1458d010ac94} - "E:\HiSuiteDownLoader.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-06-01]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{1833b269-f6f3-4c82-b0c1-3cd1864ea634}: [DhcpNameServer] 212.27.40.241 212.27.40.240
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1692148296-4129977814-3349130404-1013\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-26] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-26] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 8haqgq8g.default-1504859143673
FF ProfilePath: C:\Users\berni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8haqgq8g.default-1504859143673 [2017-09-11]
FF Extension: (YouTube Plus) - C:\Users\berni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8haqgq8g.default-1504859143673\Extensions\particle@particlecore.github.io.xpi [2017-09-08]
FF Extension: (Video DownloadHelper) - C:\Users\berni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8haqgq8g.default-1504859143673\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-09-09]
FF Extension: (Adblock Plus) - C:\Users\berni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8haqgq8g.default-1504859143673\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-09-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-09-08] ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-02-15] () [Fichier non signé]
S3 ALG; C:\WINDOWS\System32\alg.exe [95744 2016-07-16] (Microsoft Corporation)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-15] (Advanced Micro Devices, Inc.) [Fichier non signé]
S4 AppVClient; C:\WINDOWS\system32\AppVClient.exe [822624 2016-12-14] (Microsoft Corporation)
R2 CDPUserSvc_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [644608 2016-07-16] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [Fichier non signé]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Fichier non signé]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MessagingService_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 MessagingService_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2016-07-16] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [65024 2016-07-16] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [58368 2016-07-16] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Fichier non signé]
R2 OneSyncSvc_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 PimIndexMaintenanceSvc_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Fichier non signé]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2016-07-16] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-10-28] (Realtek Semiconductor)
R2 SamSs; C:\WINDOWS\system32\lsass.exe [57400 2016-09-25] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1312768 2017-03-04] (Microsoft Corporation)
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2016-07-16] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [792576 2017-03-04] (Microsoft Corporation)
S2 sppsvc; C:\WINDOWS\system32\sppsvc.exe [5622088 2016-10-15] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S4 UevAgentService; C:\WINDOWS\system32\AgentService.exe [1227264 2016-07-17] (Microsoft Corporation)
S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [42496 2016-07-16] (Microsoft Corporation)
S3 UnistoreSvc_5427d; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 UnistoreSvc_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 UserDataSvc_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 UserDataSvc_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 vds; C:\WINDOWS\System32\vds.exe [649216 2017-03-04] (Microsoft Corporation)
S3 VSS; C:\WINDOWS\system32\vssvc.exe [1443328 2017-03-04] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
S3 WpnUserService_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 WpnUserService_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [Fichier non signé]
S4 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [903680 2017-03-04] (Microsoft Corporation)
S4 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [773120 2017-03-04] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Dr.Fone pour Android\DriverInstall.exe" [X]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2014-05-19] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R1 MpKsl1759db1b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5CA2D0B-EEDC-44FA-A801-CB5F1F75EB5E}\MpKsl1759db1b.sys [44928 2017-09-09] (Microsoft Corporation)
R1 MpKsl5a34897a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5637D13-AFF0-4EF4-A5EA-CD601F22DFEE}\MpKsl5a34897a.sys [44928 2017-09-11] (Microsoft Corporation)
R1 MpKsl6777ae07; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65E874A5-20FE-4505-A2B2-FCC2FE2A9C88}\MpKsl6777ae07.sys [44928 2017-09-10] (Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-16] (Apple Inc.) [Fichier non signé]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [Fichier non signé]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 aspnet_state; pas de ImagePath
S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-09-11 22:07 - 2017-09-11 22:09 - 000021012 _____ C:\Users\berni_000\Downloads\FRST.txt
2017-09-11 22:07 - 2017-09-11 22:07 - 000000000 ____D C:\FRST
2017-09-11 22:06 - 2017-09-11 22:06 - 002397184 _____ (Farbar) C:\Users\berni_000\Downloads\FRST64.exe
2017-09-10 16:58 - 2017-09-10 16:58 - 002879360 _____ C:\Users\berni_000\ZHPCleaner.exe
2017-09-09 19:31 - 2017-04-21 23:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-09-09 19:31 - 2017-04-21 23:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-09-09 19:31 - 2017-04-21 23:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-09-09 19:31 - 2017-04-11 20:27 - 000690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-09-09 19:31 - 2017-03-15 20:15 - 000485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-09-09 19:30 - 2017-04-21 23:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-09-09 19:30 - 2017-04-11 20:27 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-09-09 19:30 - 2017-03-15 20:15 - 000987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-09-09 14:25 - 2017-09-09 14:25 - 000000000 ____D C:\Users\berni_000\dwhelper
2017-09-09 12:45 - 2017-09-09 12:45 - 020616704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-09-08 18:20 - 2017-09-08 23:06 - 000000000 ____D C:\Users\saby-_000\AppData\LocalLow\Mozilla
2017-09-08 15:17 - 2017-08-04 07:31 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 001214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-09-08 15:17 - 2017-08-04 07:31 - 000034656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-09-08 15:17 - 2017-08-04 06:26 - 000192864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-09-08 10:25 - 2017-09-08 10:25 - 000000000 ____D C:\Users\berni_000\Desktop\Anciennes données de Firefox
2017-09-08 10:23 - 2017-09-11 22:07 - 000000000 ____D C:\Users\berni_000\AppData\LocalLow\Mozilla
2017-09-08 10:22 - 2017-09-08 10:22 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-08 10:22 - 2017-09-08 10:22 - 000001000 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-08 10:21 - 2017-09-08 10:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-08 10:18 - 2017-09-08 10:19 - 000245928 _____ (Mozilla) C:\Users\berni_000\Downloads\Firefox Installer.exe
2017-09-08 10:13 - 2017-09-08 10:14 - 000195346 _____ C:\Users\berni_000\Downloads\wu170509.diagcab
2017-09-08 10:08 - 2017-09-08 10:08 - 000000000 ___HD C:\$SysReset
2017-09-07 23:39 - 2017-09-07 23:39 - 000000000 ____D C:\Users\saby-_000\AppData\Local\tkdata
2017-09-07 23:20 - 2017-09-07 23:20 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1692148296-4129977814-3349130404-1014
2017-09-07 23:15 - 2017-09-07 23:15 - 000000000 ____D C:\Users\saby-_000\AppData\Roaming\Skype
2017-09-07 23:00 - 2017-09-08 22:34 - 000000000 ____D C:\Users\saby-_000\AppData\Local\ConnectedDevicesPlatform
2017-09-07 22:59 - 2017-09-07 22:59 - 000000020 ___SH C:\Users\saby-_000\ntuser.ini
2017-09-07 21:18 - 2017-09-07 21:31 - 000007881 _____ C:\Users\berni_000\Desktop\ZHPCleaner.txt
2017-09-07 20:39 - 2017-09-10 16:58 - 000000788 _____ C:\Users\berni_000\Desktop\ZHPCleaner.lnk
2017-09-07 20:39 - 2017-09-10 16:56 - 000000000 ____D C:\Users\berni_000\AppData\Roaming\ZHP
2017-09-07 20:39 - 2017-09-07 20:39 - 000000000 ____D C:\Users\berni_000\AppData\Local\ZHP
2017-09-07 20:37 - 2017-09-07 20:37 - 002876800 _____ C:\Users\berni_000\Downloads\ZHPCleaner.exe
2017-09-07 19:18 - 2017-09-07 19:34 - 008182736 _____ (Malwarebytes) C:\Users\berni_000\Downloads\adwcleaner_7.0.2.1.exe
2017-09-07 18:34 - 2017-09-07 18:34 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-09-07 18:34 - 2017-09-07 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-09-07 18:34 - 2017-09-07 18:34 - 000000000 ____D C:\Program Files\VS Revo Group
2017-09-07 18:32 - 2017-09-07 18:32 - 007178424 _____ (VS Revo Group ) C:\Users\berni_000\Downloads\revosetup.exe
2017-09-04 22:00 - 2017-09-04 22:00 - 000003572 _____ C:\WINDOWS\System32\Tasks\{F5F558E4-DD3C-46EE-9A83-579F4F654F69}
2017-09-03 15:29 - 2017-09-03 15:29 - 000000000 ____D C:\Users\berni_000\AppData\Local\TempTaskUpdateDetection30F5E6B8-4AA0-4307-8392-64A24FA62AC3
2017-08-24 21:52 - 2017-08-24 21:52 - 000000000 ____D C:\Users\berni_000\AppData\Local\TempTaskUpdateDetection30780173-A625-4593-9837-D8212F1271D6
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-09-11 21:52 - 2016-09-25 15:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-11 21:45 - 2016-07-16 13:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-11 21:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-11 21:17 - 2016-08-26 09:58 - 000000000 ____D C:\Users\berni_000\AppData\Roaming\Skype
2017-09-11 21:11 - 2016-09-25 16:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-10 18:59 - 2016-09-25 15:29 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-09-10 18:59 - 2016-07-16 08:04 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-09-10 18:39 - 2017-07-11 04:01 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-10 18:32 - 2016-09-25 16:21 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-10 16:58 - 2016-09-25 15:35 - 000000000 ____D C:\Users\berni_000
2017-09-10 15:02 - 2016-07-16 13:45 - 000000000 ____D C:\WINDOWS\INF
2017-09-09 22:54 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-09-09 21:00 - 2014-12-22 15:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-09-09 18:38 - 2013-08-22 15:25 - 000000202 _____ C:\WINDOWS\win.ini
2017-09-09 14:09 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\Globalization
2017-09-09 12:48 - 2014-12-27 21:58 - 000136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-09 12:46 - 2016-12-01 23:56 - 000004718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-09-09 12:45 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-09 12:45 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-08 23:54 - 2016-02-11 01:50 - 000000000 ____D C:\Users\berni_000\AppData\Roaming\Apple Computer
2017-09-08 23:54 - 2016-02-11 01:49 - 000000000 ____D C:\ProgramData\Apple Computer
2017-09-08 23:34 - 2016-02-11 01:46 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-09-08 23:11 - 2016-07-16 13:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-08 23:08 - 2015-06-01 11:52 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-09-08 22:34 - 2014-05-22 22:25 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-09-08 22:25 - 2016-09-25 15:35 - 000000000 ____D C:\Users\saby-_000
2017-09-08 22:22 - 2014-05-26 14:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-08 21:57 - 2016-11-03 16:35 - 000091408 ____H C:\Users\berni_000\AppData\Local\IconCache.db.backup
2017-09-08 18:12 - 2014-05-24 14:35 - 005362978 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2017-09-08 17:56 - 2016-09-25 16:15 - 000004558 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-09-08 17:52 - 2017-08-07 22:22 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1692148296-4129977814-3349130404-1013
2017-09-08 17:52 - 2015-10-28 01:50 - 000002469 _____ C:\Users\berni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-08 17:52 - 2015-05-31 20:26 - 000000000 ___RD C:\Users\berni_000\OneDrive
2017-09-08 17:46 - 2014-05-23 09:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-08 17:36 - 2014-05-23 09:49 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-08 17:14 - 2016-02-11 01:46 - 000000000 ____D C:\ProgramData\Apple
2017-09-08 14:16 - 2016-09-06 23:23 - 000000000 ____D C:\Users\saby-_000\AppData\Roaming\Apple Computer
2017-09-08 13:22 - 2015-10-30 13:19 - 000000000 ____D C:\Users\berni_000\AppData\Local\ElevatedDiagnostics
2017-09-08 12:22 - 2015-05-30 21:37 - 000000000 ____D C:\Users\saby-_000\AppData\Local\Packages
2017-09-08 10:29 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-08 00:08 - 2015-05-30 21:47 - 000000000 __SHD C:\Users\saby-_000\AppData\LocalLow\EmieUserList
2017-09-08 00:08 - 2015-05-30 21:47 - 000000000 __SHD C:\Users\saby-_000\AppData\LocalLow\EmieSiteList
2017-09-08 00:08 - 2015-05-30 21:47 - 000000000 __SHD C:\Users\saby-_000\AppData\Local\EmieUserList
2017-09-08 00:08 - 2015-05-30 21:47 - 000000000 __SHD C:\Users\saby-_000\AppData\Local\EmieSiteList
2017-09-07 23:20 - 2016-09-06 23:26 - 000002469 _____ C:\Users\saby-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-07 23:20 - 2016-09-06 23:23 - 000000000 ____D C:\Users\saby-_000\AppData\Local\MicrosoftEdge
2017-09-07 23:20 - 2015-05-30 21:45 - 000000000 ___RD C:\Users\saby-_000\OneDrive
2017-09-07 23:10 - 2016-09-06 23:23 - 000000000 ____D C:\Users\saby-_000\AppData\Local\Dropbox
2017-09-07 23:00 - 2015-09-10 07:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-07 21:31 - 2014-12-22 13:38 - 000000000 ____D C:\Users\an-ichat\Downloads\Microsoft Office Professional Plus 2013 VL Edition x86 x64 FR
2017-09-07 20:35 - 2016-05-30 23:51 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-07 20:33 - 2016-05-30 23:50 - 000000000 ____D C:\Users\berni_000\AppData\Local\Google
2017-09-07 20:04 - 2016-10-14 22:51 - 000000000 ____D C:\Program Files (x86)\Wondershare
2017-09-07 19:55 - 2016-10-01 13:55 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-07 19:54 - 2016-12-02 00:12 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-07 19:51 - 2014-12-20 00:48 - 000000000 ____D C:\AdwCleaner
2017-09-07 19:37 - 2016-07-16 08:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-07 18:45 - 2016-12-02 00:17 - 000000000 ____D C:\Users\berni_000\AppData\Local\tkdata
2017-09-04 21:49 - 2016-09-25 15:35 - 000000000 ____D C:\Users\an-ichat
2017-09-04 19:56 - 2014-12-27 21:57 - 000001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-09-04 19:56 - 2014-12-27 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-09-04 19:56 - 2014-12-27 21:57 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-08-31 22:36 - 2016-10-01 13:58 - 000000000 ____D C:\Program Files (x86)\Opera
2017-08-24 22:26 - 2017-01-01 00:47 - 000000000 ____D C:\ProgramData\Skype
2017-08-24 22:09 - 2017-06-08 02:36 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-08-24 22:09 - 2016-10-01 14:04 - 000146696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150360538360907
2017-08-24 22:08 - 2016-10-01 14:04 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150360537857803
==================== Fichiers à la racine de certains dossiers =======
2015-06-01 14:19 - 2016-08-18 10:21 - 000002865 _____ () C:\ProgramData\hpzinstall.log
Fichiers à déplacer ou supprimer:
====================
C:\Users\berni_000\ZHPCleaner.exe
C:\Windows\Tasks\{C396A1CC-B22B-42CD-823B-8DCEF7B822CC}.job
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-09-09 16:27
==================== Fin de FRST.txt ============================
Exécuté par berni_000 (administrateur) sur ORDINA13 (11-09-2017 22:07:49)
Exécuté depuis C:\Users\berni_000\Downloads
Profils chargés: berni_000 (Profils disponibles: an-ichat & berni_000 & saby-_000)
Platform: Windows 10 Pro Version 1607 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(© 2015 Microsoft Corporation) C:\Users\berni_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17032.10331.0_x64__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe\CompanionApp.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [MessageSCC] => C:\Ordina13 help\Assurance.exe [243346 2014-05-28] (XnView, hxxp://www.xnview.com)
HKLM\...\Run: [ModernUI] => C:\Windows\System32\Attrib.exe [20480 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167488 2013-09-16] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1692148296-4129977814-3349130404-1013\...\Run: [BingSvc] => C:\Users\berni_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1692148296-4129977814-3349130404-1013\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1692148296-4129977814-3349130404-1013\...\MountPoints2: {dd6f14a4-a023-11e6-82be-1458d010ac94} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1692148296-4129977814-3349130404-1013\...\MountPoints2: {dd6f14db-a023-11e6-82be-1458d010ac94} - "E:\HiSuiteDownLoader.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-06-01]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{1833b269-f6f3-4c82-b0c1-3cd1864ea634}: [DhcpNameServer] 212.27.40.241 212.27.40.240
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1692148296-4129977814-3349130404-1013\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-26] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-26] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 8haqgq8g.default-1504859143673
FF ProfilePath: C:\Users\berni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8haqgq8g.default-1504859143673 [2017-09-11]
FF Extension: (YouTube Plus) - C:\Users\berni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8haqgq8g.default-1504859143673\Extensions\particle@particlecore.github.io.xpi [2017-09-08]
FF Extension: (Video DownloadHelper) - C:\Users\berni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8haqgq8g.default-1504859143673\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-09-09]
FF Extension: (Adblock Plus) - C:\Users\berni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8haqgq8g.default-1504859143673\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-09-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-09-08] ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-02-15] () [Fichier non signé]
S3 ALG; C:\WINDOWS\System32\alg.exe [95744 2016-07-16] (Microsoft Corporation)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-15] (Advanced Micro Devices, Inc.) [Fichier non signé]
S4 AppVClient; C:\WINDOWS\system32\AppVClient.exe [822624 2016-12-14] (Microsoft Corporation)
R2 CDPUserSvc_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [644608 2016-07-16] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [Fichier non signé]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Fichier non signé]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MessagingService_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 MessagingService_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2016-07-16] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [65024 2016-07-16] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [58368 2016-07-16] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Fichier non signé]
R2 OneSyncSvc_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 PimIndexMaintenanceSvc_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Fichier non signé]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2016-07-16] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-10-28] (Realtek Semiconductor)
R2 SamSs; C:\WINDOWS\system32\lsass.exe [57400 2016-09-25] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1312768 2017-03-04] (Microsoft Corporation)
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2016-07-16] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [792576 2017-03-04] (Microsoft Corporation)
S2 sppsvc; C:\WINDOWS\system32\sppsvc.exe [5622088 2016-10-15] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S4 UevAgentService; C:\WINDOWS\system32\AgentService.exe [1227264 2016-07-17] (Microsoft Corporation)
S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [42496 2016-07-16] (Microsoft Corporation)
S3 UnistoreSvc_5427d; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 UnistoreSvc_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 UserDataSvc_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 UserDataSvc_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 vds; C:\WINDOWS\System32\vds.exe [649216 2017-03-04] (Microsoft Corporation)
S3 VSS; C:\WINDOWS\system32\vssvc.exe [1443328 2017-03-04] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
S3 WpnUserService_5427d; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 WpnUserService_5427d; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [Fichier non signé]
S4 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [903680 2017-03-04] (Microsoft Corporation)
S4 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [773120 2017-03-04] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Dr.Fone pour Android\DriverInstall.exe" [X]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2014-05-19] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R1 MpKsl1759db1b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5CA2D0B-EEDC-44FA-A801-CB5F1F75EB5E}\MpKsl1759db1b.sys [44928 2017-09-09] (Microsoft Corporation)
R1 MpKsl5a34897a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5637D13-AFF0-4EF4-A5EA-CD601F22DFEE}\MpKsl5a34897a.sys [44928 2017-09-11] (Microsoft Corporation)
R1 MpKsl6777ae07; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65E874A5-20FE-4505-A2B2-FCC2FE2A9C88}\MpKsl6777ae07.sys [44928 2017-09-10] (Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-16] (Apple Inc.) [Fichier non signé]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [Fichier non signé]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 aspnet_state; pas de ImagePath
S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-09-11 22:07 - 2017-09-11 22:09 - 000021012 _____ C:\Users\berni_000\Downloads\FRST.txt
2017-09-11 22:07 - 2017-09-11 22:07 - 000000000 ____D C:\FRST
2017-09-11 22:06 - 2017-09-11 22:06 - 002397184 _____ (Farbar) C:\Users\berni_000\Downloads\FRST64.exe
2017-09-10 16:58 - 2017-09-10 16:58 - 002879360 _____ C:\Users\berni_000\ZHPCleaner.exe
2017-09-09 19:31 - 2017-04-21 23:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-09-09 19:31 - 2017-04-21 23:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-09-09 19:31 - 2017-04-21 23:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-09-09 19:31 - 2017-04-11 20:27 - 000690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-09-09 19:31 - 2017-03-15 20:15 - 000485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-09-09 19:30 - 2017-04-21 23:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-09-09 19:30 - 2017-04-11 20:27 - 000993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-09-09 19:30 - 2017-03-15 20:15 - 000987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-09-09 14:25 - 2017-09-09 14:25 - 000000000 ____D C:\Users\berni_000\dwhelper
2017-09-09 12:45 - 2017-09-09 12:45 - 020616704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-09-08 18:20 - 2017-09-08 23:06 - 000000000 ____D C:\Users\saby-_000\AppData\LocalLow\Mozilla
2017-09-08 15:17 - 2017-08-04 07:31 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 001214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-09-08 15:17 - 2017-08-04 07:31 - 000096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-09-08 15:17 - 2017-08-04 07:31 - 000034656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-09-08 15:17 - 2017-08-04 06:26 - 000192864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-09-08 10:25 - 2017-09-08 10:25 - 000000000 ____D C:\Users\berni_000\Desktop\Anciennes données de Firefox
2017-09-08 10:23 - 2017-09-11 22:07 - 000000000 ____D C:\Users\berni_000\AppData\LocalLow\Mozilla
2017-09-08 10:22 - 2017-09-08 10:22 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-08 10:22 - 2017-09-08 10:22 - 000001000 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-08 10:21 - 2017-09-08 10:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-08 10:18 - 2017-09-08 10:19 - 000245928 _____ (Mozilla) C:\Users\berni_000\Downloads\Firefox Installer.exe
2017-09-08 10:13 - 2017-09-08 10:14 - 000195346 _____ C:\Users\berni_000\Downloads\wu170509.diagcab
2017-09-08 10:08 - 2017-09-08 10:08 - 000000000 ___HD C:\$SysReset
2017-09-07 23:39 - 2017-09-07 23:39 - 000000000 ____D C:\Users\saby-_000\AppData\Local\tkdata
2017-09-07 23:20 - 2017-09-07 23:20 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1692148296-4129977814-3349130404-1014
2017-09-07 23:15 - 2017-09-07 23:15 - 000000000 ____D C:\Users\saby-_000\AppData\Roaming\Skype
2017-09-07 23:00 - 2017-09-08 22:34 - 000000000 ____D C:\Users\saby-_000\AppData\Local\ConnectedDevicesPlatform
2017-09-07 22:59 - 2017-09-07 22:59 - 000000020 ___SH C:\Users\saby-_000\ntuser.ini
2017-09-07 21:18 - 2017-09-07 21:31 - 000007881 _____ C:\Users\berni_000\Desktop\ZHPCleaner.txt
2017-09-07 20:39 - 2017-09-10 16:58 - 000000788 _____ C:\Users\berni_000\Desktop\ZHPCleaner.lnk
2017-09-07 20:39 - 2017-09-10 16:56 - 000000000 ____D C:\Users\berni_000\AppData\Roaming\ZHP
2017-09-07 20:39 - 2017-09-07 20:39 - 000000000 ____D C:\Users\berni_000\AppData\Local\ZHP
2017-09-07 20:37 - 2017-09-07 20:37 - 002876800 _____ C:\Users\berni_000\Downloads\ZHPCleaner.exe
2017-09-07 19:18 - 2017-09-07 19:34 - 008182736 _____ (Malwarebytes) C:\Users\berni_000\Downloads\adwcleaner_7.0.2.1.exe
2017-09-07 18:34 - 2017-09-07 18:34 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-09-07 18:34 - 2017-09-07 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-09-07 18:34 - 2017-09-07 18:34 - 000000000 ____D C:\Program Files\VS Revo Group
2017-09-07 18:32 - 2017-09-07 18:32 - 007178424 _____ (VS Revo Group ) C:\Users\berni_000\Downloads\revosetup.exe
2017-09-04 22:00 - 2017-09-04 22:00 - 000003572 _____ C:\WINDOWS\System32\Tasks\{F5F558E4-DD3C-46EE-9A83-579F4F654F69}
2017-09-03 15:29 - 2017-09-03 15:29 - 000000000 ____D C:\Users\berni_000\AppData\Local\TempTaskUpdateDetection30F5E6B8-4AA0-4307-8392-64A24FA62AC3
2017-08-24 21:52 - 2017-08-24 21:52 - 000000000 ____D C:\Users\berni_000\AppData\Local\TempTaskUpdateDetection30780173-A625-4593-9837-D8212F1271D6
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-09-11 21:52 - 2016-09-25 15:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-11 21:45 - 2016-07-16 13:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-11 21:21 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-11 21:17 - 2016-08-26 09:58 - 000000000 ____D C:\Users\berni_000\AppData\Roaming\Skype
2017-09-11 21:11 - 2016-09-25 16:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-10 18:59 - 2016-09-25 15:29 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-09-10 18:59 - 2016-07-16 08:04 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-09-10 18:39 - 2017-07-11 04:01 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-10 18:32 - 2016-09-25 16:21 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-10 16:58 - 2016-09-25 15:35 - 000000000 ____D C:\Users\berni_000
2017-09-10 15:02 - 2016-07-16 13:45 - 000000000 ____D C:\WINDOWS\INF
2017-09-09 22:54 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-09-09 21:00 - 2014-12-22 15:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-09-09 18:38 - 2013-08-22 15:25 - 000000202 _____ C:\WINDOWS\win.ini
2017-09-09 14:09 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\Globalization
2017-09-09 12:48 - 2014-12-27 21:58 - 000136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-09 12:46 - 2016-12-01 23:56 - 000004718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-09-09 12:45 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-09 12:45 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-08 23:54 - 2016-02-11 01:50 - 000000000 ____D C:\Users\berni_000\AppData\Roaming\Apple Computer
2017-09-08 23:54 - 2016-02-11 01:49 - 000000000 ____D C:\ProgramData\Apple Computer
2017-09-08 23:34 - 2016-02-11 01:46 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-09-08 23:11 - 2016-07-16 13:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-08 23:08 - 2015-06-01 11:52 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-09-08 22:34 - 2014-05-22 22:25 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-09-08 22:25 - 2016-09-25 15:35 - 000000000 ____D C:\Users\saby-_000
2017-09-08 22:22 - 2014-05-26 14:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-08 21:57 - 2016-11-03 16:35 - 000091408 ____H C:\Users\berni_000\AppData\Local\IconCache.db.backup
2017-09-08 18:12 - 2014-05-24 14:35 - 005362978 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2017-09-08 17:56 - 2016-09-25 16:15 - 000004558 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-09-08 17:52 - 2017-08-07 22:22 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1692148296-4129977814-3349130404-1013
2017-09-08 17:52 - 2015-10-28 01:50 - 000002469 _____ C:\Users\berni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-08 17:52 - 2015-05-31 20:26 - 000000000 ___RD C:\Users\berni_000\OneDrive
2017-09-08 17:46 - 2014-05-23 09:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-08 17:36 - 2014-05-23 09:49 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-08 17:14 - 2016-02-11 01:46 - 000000000 ____D C:\ProgramData\Apple
2017-09-08 14:16 - 2016-09-06 23:23 - 000000000 ____D C:\Users\saby-_000\AppData\Roaming\Apple Computer
2017-09-08 13:22 - 2015-10-30 13:19 - 000000000 ____D C:\Users\berni_000\AppData\Local\ElevatedDiagnostics
2017-09-08 12:22 - 2015-05-30 21:37 - 000000000 ____D C:\Users\saby-_000\AppData\Local\Packages
2017-09-08 10:29 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-08 00:08 - 2015-05-30 21:47 - 000000000 __SHD C:\Users\saby-_000\AppData\LocalLow\EmieUserList
2017-09-08 00:08 - 2015-05-30 21:47 - 000000000 __SHD C:\Users\saby-_000\AppData\LocalLow\EmieSiteList
2017-09-08 00:08 - 2015-05-30 21:47 - 000000000 __SHD C:\Users\saby-_000\AppData\Local\EmieUserList
2017-09-08 00:08 - 2015-05-30 21:47 - 000000000 __SHD C:\Users\saby-_000\AppData\Local\EmieSiteList
2017-09-07 23:20 - 2016-09-06 23:26 - 000002469 _____ C:\Users\saby-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-07 23:20 - 2016-09-06 23:23 - 000000000 ____D C:\Users\saby-_000\AppData\Local\MicrosoftEdge
2017-09-07 23:20 - 2015-05-30 21:45 - 000000000 ___RD C:\Users\saby-_000\OneDrive
2017-09-07 23:10 - 2016-09-06 23:23 - 000000000 ____D C:\Users\saby-_000\AppData\Local\Dropbox
2017-09-07 23:00 - 2015-09-10 07:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-07 21:31 - 2014-12-22 13:38 - 000000000 ____D C:\Users\an-ichat\Downloads\Microsoft Office Professional Plus 2013 VL Edition x86 x64 FR
2017-09-07 20:35 - 2016-05-30 23:51 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-07 20:33 - 2016-05-30 23:50 - 000000000 ____D C:\Users\berni_000\AppData\Local\Google
2017-09-07 20:04 - 2016-10-14 22:51 - 000000000 ____D C:\Program Files (x86)\Wondershare
2017-09-07 19:55 - 2016-10-01 13:55 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-07 19:54 - 2016-12-02 00:12 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-07 19:51 - 2014-12-20 00:48 - 000000000 ____D C:\AdwCleaner
2017-09-07 19:37 - 2016-07-16 08:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-07 18:45 - 2016-12-02 00:17 - 000000000 ____D C:\Users\berni_000\AppData\Local\tkdata
2017-09-04 21:49 - 2016-09-25 15:35 - 000000000 ____D C:\Users\an-ichat
2017-09-04 19:56 - 2014-12-27 21:57 - 000001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-09-04 19:56 - 2014-12-27 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-09-04 19:56 - 2014-12-27 21:57 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-08-31 22:36 - 2016-10-01 13:58 - 000000000 ____D C:\Program Files (x86)\Opera
2017-08-24 22:26 - 2017-01-01 00:47 - 000000000 ____D C:\ProgramData\Skype
2017-08-24 22:09 - 2017-06-08 02:36 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-08-24 22:09 - 2016-10-01 14:04 - 000146696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150360538360907
2017-08-24 22:08 - 2016-10-01 14:04 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150360537857803
==================== Fichiers à la racine de certains dossiers =======
2015-06-01 14:19 - 2016-08-18 10:21 - 000002865 _____ () C:\ProgramData\hpzinstall.log
Fichiers à déplacer ou supprimer:
====================
C:\Users\berni_000\ZHPCleaner.exe
C:\Windows\Tasks\{C396A1CC-B22B-42CD-823B-8DCEF7B822CC}.job
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-09-09 16:27
==================== Fin de FRST.txt ============================