Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2017
Exécuté par Kevin (administrateur) sur KEVIN-HP (18-11-2017 17:05:22)
Exécuté depuis C:\Users\Kevin\Desktop\Downloads
Profils chargés: Kevin (Profils disponibles: Kevin)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1016992 2012-01-19] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-01-19] (Atheros Commnucations)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-04-07] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2833504 2017-08-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-04-27] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-10-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1193728 2017-02-15] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP: C:\Windows\SysWOW64\DeviceNP.dll [2012-01-31] (Hewlett-Packard Company)
HKU\S-1-5-21-3371516685-3177361789-1882240233-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3371516685-3177361789-1882240233-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
Lsa: [Notification Packages] DPPassFilter scecli
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9DB23168-C94B-4506-984A-6E162D4D5E0A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F20819CD-66B3-4030-B93D-206C9E0C9177}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3371516685-3177361789-1882240233-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://r.orange.fr/r/Oodc_IE_oi_v2?ref=O_OI_defaultPage_IE_odc
HKU\S-1-5-21-3371516685-3177361789-1882240233-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/9
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Pas de nom -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Pas de fichier
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-08-07] (Hewlett-Packard)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-06] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-01-19] (Atheros Commnucations)
BHO-x32: Programme d’aide de l’Assistant de connexion au compte Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-06] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
FireFox:
========
FF DefaultProfile: 39303g7p.default-1418587523234
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\39303g7p.default-1418587523234 [2017-11-18]
FF Homepage: Mozilla\Firefox\Profiles\39303g7p.default-1418587523234 -> http://google.fr/
FF Keyword.URL: Mozilla\Firefox\Profiles\39303g7p.default-1418587523234 -> http://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF Extension: (uBlock Origin) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\39303g7p.default-1418587523234\Extensions\uBlock0@raymondhill.net.xpi [2017-11-09]
FF Extension: (__MSG_appName__) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\39303g7p.default-1418587523234\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-10-26]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (Extension DigitalPersona) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-04-07] [Lagacy] [non signé]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-26] [Lagacy] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-16] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2016-01-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2016-01-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3371516685-3177361789-1882240233-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [Pas de fichier]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-01-19] (Atheros Commnucations) [Fichier non signé]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-01-31] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-18] (HP Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-11-11] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-11-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [Fichier non signé]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
S2 Orange update Core Service; C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [734432 2017-08-07] (Orange SA)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1719552 2017-02-15] (PDF Complete Inc)
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-02-03] (ArcSoft, Inc.)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros) [Fichier non signé]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R0 amdkmpfd; C:\windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [64312 2012-01-31] (Hewlett-Packard Company)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-18] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [110016 2017-11-18] (Malwarebytes)
R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [46008 2017-11-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-18] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [84256 2017-11-18] (Malwarebytes)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslac75cd77; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1201651E-039B-42DD-B009-CE5C30A6854D}\MpKslac75cd77.sys [58120 2017-11-18] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SPUVCbv; C:\windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-04-07] (Sunplus)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-18 17:03 - 2017-11-18 17:03 - 000202499 _____ C:\Users\Kevin\Desktop\ZHPDiag.txt
2017-11-18 16:54 - 2017-11-18 17:05 - 000000000 ____D C:\FRST
2017-11-18 16:51 - 2017-11-18 16:51 - 000000820 _____ C:\Users\Kevin\Desktop\ZHPDiag.lnk
2017-11-18 16:44 - 2017-11-18 16:45 - 000001078 _____ C:\windows\system32dbgraw.bmp
2017-11-18 16:16 - 2017-11-18 16:41 - 000110016 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-11-18 16:16 - 2017-11-18 16:41 - 000084256 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-11-18 16:16 - 2017-11-18 16:41 - 000046008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-11-18 16:16 - 2017-11-18 16:16 - 000193464 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2017-11-18 16:15 - 2017-11-18 16:15 - 000253880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2017-11-18 16:15 - 2017-11-18 16:15 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-18 16:15 - 2017-11-18 16:15 - 000001867 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2017-11-18 16:15 - 2017-11-18 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-18 16:15 - 2017-11-18 16:15 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-18 16:15 - 2017-11-01 08:54 - 000077432 _____ C:\windows\system32\Drivers\mbae64.sys
2017-11-18 16:14 - 2017-11-18 16:14 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-17 18:16 - 2017-11-17 18:16 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-17 18:16 - 2017-11-17 18:16 - 000000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2017-10-26 16:40 - 2017-11-17 18:16 - 000003872 _____ C:\windows\System32\Tasks\CCleaner Update
2017-10-21 11:29 - 2017-10-21 11:29 - 000001882 _____ C:\Users\Kevin\Documents\pim_installmgr.log.bak
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-18 16:57 - 2009-07-14 05:45 - 000031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-18 16:57 - 2009-07-14 05:45 - 000031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-18 16:56 - 2015-01-09 23:56 - 000000000 ____D C:\Users\Kevin\AppData\Roaming\ZHP
2017-11-18 16:56 - 2014-12-25 12:54 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-18 16:54 - 2017-07-27 18:14 - 000000000 ____D C:\Users\Kevin\AppData\Local\ZHP
2017-11-18 16:54 - 2017-04-12 07:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-18 16:50 - 2016-12-05 16:11 - 000000000 ____D C:\Users\Kevin\AppData\LocalLow\Mozilla
2017-11-18 16:48 - 2012-04-16 04:49 - 000747894 _____ C:\windows\system32\perfh00C.dat
2017-11-18 16:48 - 2012-04-16 04:49 - 000150386 _____ C:\windows\system32\perfc00C.dat
2017-11-18 16:48 - 2009-07-14 06:13 - 001669584 _____ C:\windows\system32\PerfStringBackup.INI
2017-11-18 16:48 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2017-11-18 16:39 - 2012-12-07 15:50 - 000001066 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-18 16:39 - 2012-12-07 15:50 - 000001062 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-18 16:39 - 2012-04-16 06:20 - 000000000 ____D C:\ProgramData\PDFC
2017-11-18 16:38 - 2017-08-06 09:24 - 000000332 _____ C:\windows\Tasks\HPCeeScheduleForKevin.job
2017-11-18 16:38 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-11-18 16:15 - 2015-04-25 11:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-18 16:15 - 2015-04-25 11:52 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-18 16:05 - 2015-04-25 11:04 - 000000000 ____D C:\AdwCleaner
2017-11-18 15:41 - 2017-08-06 09:24 - 000003186 _____ C:\windows\System32\Tasks\HPCeeScheduleForKevin
2017-11-18 15:40 - 2014-01-26 18:18 - 000000000 ____D C:\Program Files\HP
2017-11-18 15:40 - 2012-12-07 14:39 - 000000000 ____D C:\ProgramData\HP
2017-11-17 18:18 - 2016-11-18 11:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-17 18:18 - 2013-04-25 23:59 - 000000000 ____D C:\Users\Kevin\AppData\Roaming\Mozilla
2017-11-17 18:02 - 2012-12-07 14:01 - 000003936 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{FC99B37B-4523-49EB-AA72-2ACA802CB49B}
2017-11-16 18:35 - 2015-01-10 14:12 - 000004484 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-11-16 18:35 - 2013-12-17 18:39 - 000000000 ____D C:\windows\system32\Macromed
2017-11-16 18:35 - 2012-04-16 06:20 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-11-16 18:35 - 2012-04-16 06:20 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-16 18:35 - 2012-04-16 06:20 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-11-10 20:35 - 2014-12-11 18:03 - 000000000 ____D C:\windows\Minidump
2017-11-07 23:46 - 2015-08-31 16:01 - 000000000 ____D C:\Users\Kevin\Documents\Laurie
2017-10-28 11:08 - 2012-12-07 14:07 - 000000000 ____D C:\Users\Kevin\AppData\Local\Hewlett-Packard
2017-10-26 16:40 - 2013-02-10 13:54 - 000000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps
2017-10-26 16:40 - 2012-12-07 16:54 - 000000000 ____D C:\Program Files\CCleaner
2017-10-22 16:58 - 2012-12-07 14:02 - 000120128 _____ C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-22 16:56 - 2009-07-14 05:45 - 000442944 _____ C:\windows\system32\FNTCACHE.DAT
2017-10-21 12:02 - 2012-12-07 17:07 - 000000000 ____D C:\Users\Kevin\Documents\Logiciels
2017-10-21 11:55 - 2014-04-28 14:18 - 000000000 ____D C:\Program Files\PTC
2017-10-21 11:51 - 2017-02-06 15:39 - 000000000 ____D C:\Program Files (x86)\PTC
2017-10-21 11:49 - 2012-12-07 15:50 - 000000000 ____D C:\Users\Kevin\AppData\Local\Google
2017-10-21 11:49 - 2012-12-07 15:50 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-21 11:45 - 2014-04-28 14:15 - 000000000 ____D C:\ProgramData\PTC
2017-10-21 11:42 - 2015-11-10 13:34 - 000000000 ____D C:\Program Files (x86)\Dassault Systemes
2017-10-21 11:36 - 2015-11-10 13:33 - 000000000 ____D C:\ProgramData\DassaultSystemes
2017-10-21 11:34 - 2014-04-28 14:30 - 000000000 ____D C:\Users\Kevin\AppData\Local\PTC
2017-10-21 11:28 - 2014-07-21 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2017-10-21 11:28 - 2014-04-28 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC Creo
==================== Fichiers à la racine de certains dossiers =======
2016-01-18 09:38 - 2017-07-27 18:02 - 000340052 _____ () C:\Users\Kevin\ZHPCleaner.exe
2014-03-04 10:52 - 2014-06-23 14:36 - 000000000 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-04-06 23:40 - 2013-04-06 23:44 - 000001446 _____ () C:\Users\Kevin\AppData\Roaming\net.telestream.producer.xml
2013-09-27 00:00 - 2015-02-17 15:00 - 000000252 _____ () C:\Users\Kevin\AppData\Roaming\WB.CFG
2014-11-25 00:17 - 2017-04-03 10:28 - 000011264 _____ () C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-16 07:43 - 2016-09-16 07:43 - 000009376 _____ () C:\Users\Kevin\AppData\Local\recently-used.xbel
2017-09-16 14:48 - 2017-09-16 14:48 - 000000017 _____ () C:\Users\Kevin\AppData\Local\resmon.resmoncfg
2017-01-07 18:00 - 2017-01-07 18:00 - 000000000 _____ () C:\Users\Kevin\AppData\Local\{12D277C8-0F0B-45DF-8F7D-874A96327215}
Certains fichiers dans TEMP:
====================
2017-11-18 15:40 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Kevin\AppData\Local\Temp\TAInstaller.exe
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\windows\system32\wininit.exe => Le fichier est signé numériquement
C:\windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\windows\explorer.exe => Le fichier est signé numériquement
C:\windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\windows\system32\svchost.exe => Le fichier est signé numériquement
C:\windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\windows\system32\services.exe => Le fichier est signé numériquement
C:\windows\system32\User32.dll => Le fichier est signé numériquement
C:\windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\windows\system32\userinit.exe => Le fichier est signé numériquement
C:\windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-11-10 17:48
==================== Fin de FRST.txt ============================
Exécuté par Kevin (administrateur) sur KEVIN-HP (18-11-2017 17:05:22)
Exécuté depuis C:\Users\Kevin\Desktop\Downloads
Profils chargés: Kevin (Profils disponibles: Kevin)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1016992 2012-01-19] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-01-19] (Atheros Commnucations)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-04-07] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2833504 2017-08-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-04-27] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-10-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1193728 2017-02-15] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP: C:\Windows\SysWOW64\DeviceNP.dll [2012-01-31] (Hewlett-Packard Company)
HKU\S-1-5-21-3371516685-3177361789-1882240233-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3371516685-3177361789-1882240233-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
Lsa: [Notification Packages] DPPassFilter scecli
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9DB23168-C94B-4506-984A-6E162D4D5E0A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F20819CD-66B3-4030-B93D-206C9E0C9177}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3371516685-3177361789-1882240233-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://r.orange.fr/r/Oodc_IE_oi_v2?ref=O_OI_defaultPage_IE_odc
HKU\S-1-5-21-3371516685-3177361789-1882240233-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/9
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Pas de nom -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Pas de fichier
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-08-07] (Hewlett-Packard)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-06] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-01-19] (Atheros Commnucations)
BHO-x32: Programme d’aide de l’Assistant de connexion au compte Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-06] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
FireFox:
========
FF DefaultProfile: 39303g7p.default-1418587523234
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\39303g7p.default-1418587523234 [2017-11-18]
FF Homepage: Mozilla\Firefox\Profiles\39303g7p.default-1418587523234 -> http://google.fr/
FF Keyword.URL: Mozilla\Firefox\Profiles\39303g7p.default-1418587523234 -> http://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF Extension: (uBlock Origin) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\39303g7p.default-1418587523234\Extensions\uBlock0@raymondhill.net.xpi [2017-11-09]
FF Extension: (__MSG_appName__) - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\39303g7p.default-1418587523234\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-10-26]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (Extension DigitalPersona) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-04-07] [Lagacy] [non signé]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-26] [Lagacy] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-16] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2016-01-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2016-01-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3371516685-3177361789-1882240233-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [Pas de fichier]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-01-19] (Atheros Commnucations) [Fichier non signé]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-01-31] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-18] (HP Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-11-11] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-11-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [Fichier non signé]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
S2 Orange update Core Service; C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [734432 2017-08-07] (Orange SA)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1719552 2017-02-15] (PDF Complete Inc)
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-02-03] (ArcSoft, Inc.)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros) [Fichier non signé]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R0 amdkmpfd; C:\windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [64312 2012-01-31] (Hewlett-Packard Company)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-18] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [110016 2017-11-18] (Malwarebytes)
R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [46008 2017-11-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-18] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [84256 2017-11-18] (Malwarebytes)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslac75cd77; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1201651E-039B-42DD-B009-CE5C30A6854D}\MpKslac75cd77.sys [58120 2017-11-18] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SPUVCbv; C:\windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-04-07] (Sunplus)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-18 17:03 - 2017-11-18 17:03 - 000202499 _____ C:\Users\Kevin\Desktop\ZHPDiag.txt
2017-11-18 16:54 - 2017-11-18 17:05 - 000000000 ____D C:\FRST
2017-11-18 16:51 - 2017-11-18 16:51 - 000000820 _____ C:\Users\Kevin\Desktop\ZHPDiag.lnk
2017-11-18 16:44 - 2017-11-18 16:45 - 000001078 _____ C:\windows\system32dbgraw.bmp
2017-11-18 16:16 - 2017-11-18 16:41 - 000110016 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-11-18 16:16 - 2017-11-18 16:41 - 000084256 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-11-18 16:16 - 2017-11-18 16:41 - 000046008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-11-18 16:16 - 2017-11-18 16:16 - 000193464 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2017-11-18 16:15 - 2017-11-18 16:15 - 000253880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2017-11-18 16:15 - 2017-11-18 16:15 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-18 16:15 - 2017-11-18 16:15 - 000001867 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2017-11-18 16:15 - 2017-11-18 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-18 16:15 - 2017-11-18 16:15 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-18 16:15 - 2017-11-01 08:54 - 000077432 _____ C:\windows\system32\Drivers\mbae64.sys
2017-11-18 16:14 - 2017-11-18 16:14 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-17 18:16 - 2017-11-17 18:16 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-17 18:16 - 2017-11-17 18:16 - 000000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2017-10-26 16:40 - 2017-11-17 18:16 - 000003872 _____ C:\windows\System32\Tasks\CCleaner Update
2017-10-21 11:29 - 2017-10-21 11:29 - 000001882 _____ C:\Users\Kevin\Documents\pim_installmgr.log.bak
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-18 16:57 - 2009-07-14 05:45 - 000031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-18 16:57 - 2009-07-14 05:45 - 000031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-18 16:56 - 2015-01-09 23:56 - 000000000 ____D C:\Users\Kevin\AppData\Roaming\ZHP
2017-11-18 16:56 - 2014-12-25 12:54 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-18 16:54 - 2017-07-27 18:14 - 000000000 ____D C:\Users\Kevin\AppData\Local\ZHP
2017-11-18 16:54 - 2017-04-12 07:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-18 16:50 - 2016-12-05 16:11 - 000000000 ____D C:\Users\Kevin\AppData\LocalLow\Mozilla
2017-11-18 16:48 - 2012-04-16 04:49 - 000747894 _____ C:\windows\system32\perfh00C.dat
2017-11-18 16:48 - 2012-04-16 04:49 - 000150386 _____ C:\windows\system32\perfc00C.dat
2017-11-18 16:48 - 2009-07-14 06:13 - 001669584 _____ C:\windows\system32\PerfStringBackup.INI
2017-11-18 16:48 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2017-11-18 16:39 - 2012-12-07 15:50 - 000001066 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-18 16:39 - 2012-12-07 15:50 - 000001062 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-18 16:39 - 2012-04-16 06:20 - 000000000 ____D C:\ProgramData\PDFC
2017-11-18 16:38 - 2017-08-06 09:24 - 000000332 _____ C:\windows\Tasks\HPCeeScheduleForKevin.job
2017-11-18 16:38 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-11-18 16:15 - 2015-04-25 11:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-18 16:15 - 2015-04-25 11:52 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-18 16:05 - 2015-04-25 11:04 - 000000000 ____D C:\AdwCleaner
2017-11-18 15:41 - 2017-08-06 09:24 - 000003186 _____ C:\windows\System32\Tasks\HPCeeScheduleForKevin
2017-11-18 15:40 - 2014-01-26 18:18 - 000000000 ____D C:\Program Files\HP
2017-11-18 15:40 - 2012-12-07 14:39 - 000000000 ____D C:\ProgramData\HP
2017-11-17 18:18 - 2016-11-18 11:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-17 18:18 - 2013-04-25 23:59 - 000000000 ____D C:\Users\Kevin\AppData\Roaming\Mozilla
2017-11-17 18:02 - 2012-12-07 14:01 - 000003936 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{FC99B37B-4523-49EB-AA72-2ACA802CB49B}
2017-11-16 18:35 - 2015-01-10 14:12 - 000004484 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-11-16 18:35 - 2013-12-17 18:39 - 000000000 ____D C:\windows\system32\Macromed
2017-11-16 18:35 - 2012-04-16 06:20 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-11-16 18:35 - 2012-04-16 06:20 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-16 18:35 - 2012-04-16 06:20 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-11-10 20:35 - 2014-12-11 18:03 - 000000000 ____D C:\windows\Minidump
2017-11-07 23:46 - 2015-08-31 16:01 - 000000000 ____D C:\Users\Kevin\Documents\Laurie
2017-10-28 11:08 - 2012-12-07 14:07 - 000000000 ____D C:\Users\Kevin\AppData\Local\Hewlett-Packard
2017-10-26 16:40 - 2013-02-10 13:54 - 000000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps
2017-10-26 16:40 - 2012-12-07 16:54 - 000000000 ____D C:\Program Files\CCleaner
2017-10-22 16:58 - 2012-12-07 14:02 - 000120128 _____ C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-22 16:56 - 2009-07-14 05:45 - 000442944 _____ C:\windows\system32\FNTCACHE.DAT
2017-10-21 12:02 - 2012-12-07 17:07 - 000000000 ____D C:\Users\Kevin\Documents\Logiciels
2017-10-21 11:55 - 2014-04-28 14:18 - 000000000 ____D C:\Program Files\PTC
2017-10-21 11:51 - 2017-02-06 15:39 - 000000000 ____D C:\Program Files (x86)\PTC
2017-10-21 11:49 - 2012-12-07 15:50 - 000000000 ____D C:\Users\Kevin\AppData\Local\Google
2017-10-21 11:49 - 2012-12-07 15:50 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-21 11:45 - 2014-04-28 14:15 - 000000000 ____D C:\ProgramData\PTC
2017-10-21 11:42 - 2015-11-10 13:34 - 000000000 ____D C:\Program Files (x86)\Dassault Systemes
2017-10-21 11:36 - 2015-11-10 13:33 - 000000000 ____D C:\ProgramData\DassaultSystemes
2017-10-21 11:34 - 2014-04-28 14:30 - 000000000 ____D C:\Users\Kevin\AppData\Local\PTC
2017-10-21 11:28 - 2014-07-21 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2017-10-21 11:28 - 2014-04-28 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC Creo
==================== Fichiers à la racine de certains dossiers =======
2016-01-18 09:38 - 2017-07-27 18:02 - 000340052 _____ () C:\Users\Kevin\ZHPCleaner.exe
2014-03-04 10:52 - 2014-06-23 14:36 - 000000000 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-04-06 23:40 - 2013-04-06 23:44 - 000001446 _____ () C:\Users\Kevin\AppData\Roaming\net.telestream.producer.xml
2013-09-27 00:00 - 2015-02-17 15:00 - 000000252 _____ () C:\Users\Kevin\AppData\Roaming\WB.CFG
2014-11-25 00:17 - 2017-04-03 10:28 - 000011264 _____ () C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-16 07:43 - 2016-09-16 07:43 - 000009376 _____ () C:\Users\Kevin\AppData\Local\recently-used.xbel
2017-09-16 14:48 - 2017-09-16 14:48 - 000000017 _____ () C:\Users\Kevin\AppData\Local\resmon.resmoncfg
2017-01-07 18:00 - 2017-01-07 18:00 - 000000000 _____ () C:\Users\Kevin\AppData\Local\{12D277C8-0F0B-45DF-8F7D-874A96327215}
Certains fichiers dans TEMP:
====================
2017-11-18 15:40 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Kevin\AppData\Local\Temp\TAInstaller.exe
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\windows\system32\wininit.exe => Le fichier est signé numériquement
C:\windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\windows\explorer.exe => Le fichier est signé numériquement
C:\windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\windows\system32\svchost.exe => Le fichier est signé numériquement
C:\windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\windows\system32\services.exe => Le fichier est signé numériquement
C:\windows\system32\User32.dll => Le fichier est signé numériquement
C:\windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\windows\system32\userinit.exe => Le fichier est signé numériquement
C:\windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-11-10 17:48
==================== Fin de FRST.txt ============================