Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016 Ran by Didier (administrator) on DIDIER-PC-ASUS (08-10-2016 17:47:19) Running from C:\Users\Didier\Desktop Loaded Profiles: Didier (Available Profiles: Didier) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Anglais (États-Unis) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe (Orange) C:\Users\Didier\AppData\Roaming\Orange\OrangeInside\OrangeInside.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe () C:\Program Files\Serviio\bin\ServiioService.exe () C:\Program Files\Serviio\bin\ServiioService.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\Didier\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files\Serviio\bin\ServiioConsole.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2042144 2016-04-14] (TomTom) HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\Run: [Dropbox Update] => C:\Users\Didier\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-706769772-126148547-2541344145-1001\...\MountPoints2: {ef33bf35-b20d-11e4-8eaf-0015af3c8af0} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.agora.intranoo.net/login/login.asp HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Didier\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.) Startup: C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-07] ShortcutTarget: Dropbox.lnk -> C:\Users\Didier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2014-04-19] ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{1155ECD3-A1E7-4081-858B-08B442CD6D91}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-706769772-126148547-2541344145-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://r.orange.fr/r/Oodc_IE_oi_v2?ref=O_OI_defaultPage_IE_odc BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-19] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-19] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-04-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-19] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-11-06] (RocketLife, LLP) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-706769772-126148547-2541344145-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Didier\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-18] (RocketLife, LLP) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) R2 Dedicarz Service; C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe [1970544 2014-09-15] () [File not signed] R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3755976 2015-07-01] (devolo AG) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) S2 Orange update Core Service; C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [734488 2016-08-29] (Orange SA) R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-21] () [File not signed] R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-07-01] (CACE Technologies) S3 cpuz135; \??\C:\Users\Didier\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-08 17:47 - 2016-10-08 17:48 - 00010730 _____ C:\Users\Didier\Desktop\FRST.txt 2016-10-08 17:46 - 2016-10-08 17:47 - 00000000 ____D C:\FRST 2016-10-08 16:51 - 2016-10-08 16:51 - 02405376 _____ (Farbar) C:\Users\Didier\Desktop\FRST64.exe 2016-10-08 12:44 - 2016-10-08 12:44 - 00026046 _____ C:\Users\Didier\Documents\cc_20161008_124428.reg 2016-10-07 11:30 - 2016-10-07 11:30 - 03874368 _____ C:\Users\Didier\Desktop\adwcleaner_6.021.exe 2016-10-07 02:15 - 2016-10-07 02:15 - 00000000 ____D C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-10-06 16:43 - 2016-10-06 16:43 - 00009764 _____ C:\Users\Didier\Desktop\JRT.txt 2016-10-06 16:34 - 2016-10-06 16:35 - 01631928 _____ (Malwarebytes) C:\Users\Didier\Desktop\JRT.exe 2016-10-06 15:04 - 2016-10-07 11:33 - 00000000 ____D C:\AdwCleaner 2016-09-27 09:56 - 2016-09-27 09:56 - 01557489 _____ C:\Users\Didier\Documents\Scan_Analyses_Sang_Lemaitre_Lucille.pdf 2016-09-22 18:07 - 2016-10-08 12:40 - 00099812 _____ C:\Users\Didier\Desktop\ZHPDiag.txt 2016-09-22 18:05 - 2016-10-08 12:34 - 00000827 _____ C:\Users\Didier\Desktop\ZHPDiag.lnk 2016-09-22 18:05 - 2016-09-22 18:05 - 02354176 _____ C:\Users\Didier\Downloads\ZHPDiag3.exe 2016-09-22 17:49 - 2016-10-07 11:14 - 00000837 _____ C:\Users\Didier\Desktop\ZHPCleaner.lnk 2016-09-20 11:37 - 2016-09-20 11:37 - 05221832 _____ C:\Users\Didier\Downloads\Philips-391893049-gc4851_32_dfu_fra.pdf 2016-09-17 13:49 - 2016-09-17 13:54 - 260746612 _____ C:\Users\Didier\Downloads\C3lineB3stS0ng.rar 2016-09-17 13:25 - 2016-09-17 13:27 - 84255686 _____ C:\Users\Didier\Downloads\1968 - cette annee la.rar ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-08 17:45 - 2016-02-01 19:21 - 00007664 _____ C:\Users\Didier\AppData\Local\Resmon.ResmonCfg 2016-10-08 17:42 - 2015-06-16 22:43 - 00001148 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-706769772-126148547-2541344145-1001Core.job 2016-10-08 17:28 - 2015-06-16 22:43 - 00001200 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-706769772-126148547-2541344145-1001UA.job 2016-10-08 17:24 - 2016-02-16 16:42 - 00000408 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job 2016-10-08 13:52 - 2009-07-14 06:45 - 00024432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-08 13:52 - 2009-07-14 06:45 - 00024432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-08 13:47 - 2014-04-18 19:50 - 00000000 ___RD C:\Users\Didier\Dropbox 2016-10-08 13:45 - 2014-04-19 17:22 - 00000111 _____ C:\.dir 2016-10-08 13:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-08 13:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-10-08 12:42 - 2014-06-07 19:13 - 00000000 ____D C:\Windows\Minidump 2016-10-08 12:38 - 2016-07-07 15:39 - 00000000 ____D C:\Users\Didier\AppData\Roaming\ZHP 2016-10-08 10:01 - 2014-04-15 18:52 - 00003964 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2250A788-FCB9-48D6-8563-57BC3E94FDDE} 2016-10-07 11:21 - 2016-07-07 15:51 - 00001551 _____ C:\Users\Didier\Desktop\ZHPCleaner.txt 2016-10-07 10:39 - 2016-07-06 19:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-10-07 02:15 - 2014-04-18 19:48 - 00000000 ____D C:\Users\Didier\AppData\Roaming\Dropbox 2016-10-01 14:37 - 2014-03-21 19:45 - 00755762 _____ C:\Windows\system32\perfh00C.dat 2016-10-01 14:37 - 2014-03-21 19:45 - 00154648 _____ C:\Windows\system32\perfc00C.dat 2016-10-01 14:37 - 2009-07-14 07:13 - 01698270 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-30 20:33 - 2015-06-16 22:43 - 00000000 ____D C:\Users\Didier\AppData\Local\Dropbox 2016-09-30 12:10 - 2014-09-22 17:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-09-30 12:10 - 2014-09-22 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-09-30 12:07 - 2014-09-22 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-28 21:10 - 2015-01-02 12:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-22 17:48 - 2014-03-21 16:45 - 00000000 ____D C:\Users\Didier 2016-09-22 17:45 - 2016-07-07 15:37 - 02399232 _____ C:\Users\Didier\Downloads\ZHPCleaner.exe 2016-09-22 11:16 - 2015-10-21 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange 2016-09-17 13:31 - 2016-01-05 20:32 - 00000000 ____D C:\Users\Didier\AppData\Roaming\WinRAR ==================== Files in the root of some directories ======= 2015-12-08 11:03 - 2015-12-08 11:03 - 1846968 _____ (CPUID) C:\Users\Didier\AppData\Roaming\siw_sdk.dll 2016-02-01 19:21 - 2016-10-08 17:45 - 0007664 _____ () C:\Users\Didier\AppData\Local\Resmon.ResmonCfg 2014-04-21 19:56 - 2014-04-21 19:56 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== C:\Users\Didier\AppData\Local\Temp\i4jdel0.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-10-08 14:26 ==================== End of FRST.txt ============================