Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2017 Exécuté par user (administrateur) sur USER-PC (07-08-2017 11:32:59) Exécuté depuis C:\Users\user\Desktop Profils chargés: user (Profils disponibles: user) Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe (DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (DigitalPersona, Inc.) C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe (DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpAgent.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-06-10] (RealtekSemiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-15] (IntelCorporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (SynapticsIncorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (MicrosoftCorporation) HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-04-11] () HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe, Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-03] (Qualcomm®Atheros®) HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google) HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\...\Run: [PCPrivacyShield] => "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized Lsa: [Notification Packages] DPPassFilter scecli GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{06B2E39E-8E7F-4990-8C0A-671B5447CE88}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2358840052-3570567180-3096199387-1000 -> DefaultScope {8DFEFF11-DDED-437F-803B-51DA344B0290} URL = SearchScopes: HKU\S-1-5-21-2358840052-3570567180-3096199387-1000 -> {8DFEFF11-DDED-437F-803B-51DA344B0290} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-03] (Qualcomm®Atheros®) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (MicrosoftCorp.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (MicrosoftCorp.) FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cs81s3ep.default-1478699082299 [2017-08-07] FF Extension: (anonymoX) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cs81s3ep.default-1478699082299\Extensions\client@anonymox.net.xpi [2017-06-20] FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome FF Extension: (Dell Data Protection Security Tools) - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2016-06-05] [non signé] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => non trouvé(e) FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] () FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-02-10] (DigitalPersona, Inc.) Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-08-03] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-25] CHR Extension: (Google Docs hors connexion) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-25] CHR Extension: (Dell Data Protection | Security Tools) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-06-05] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14] CHR HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-05-25] CHR HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-02-10] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-03] (Windows(R)Win7DDKprovider) [Fichier non signé] R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [248160 2014-04-11] (DellInc.) R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-04-11] () R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-04-11] (Dell,Inc.) R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-02-19] (DigitalPersona,Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-15] (IntelCorporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R)Corporation) [Fichier non signé] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R)Corporation) S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea,Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (IntelCorporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (MicrosoftCorporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (MicrosoftCorporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-06-10] (RealtekSemiconductor) S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] () R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinksSAS) S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (SecurityInnovation,Inc.) [Fichier non signé] R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (ValiditySensors,Inc.) [Fichier non signé] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-18] (MicrosoftCorporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [Fichier non signé] R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{85612089-6EA2-452B-9DD1-83360FCD936D} ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] (AcerLaboratoriesInc.) R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-03] (QualcommAtheros) S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] (CMDTechnology,Inc.) R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-04-11] () R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-11] (IntelCorporation) S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] () R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-07] (Malwarebytes) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-18] (IntelCorporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (MicrosoftCorporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (MicrosoftCorporation) S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] () R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-04-11] (DellInc.) S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (SynapticsIncorporated) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (SynapticsIncorporated) S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] (VIATechnologies,Inc.) S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] (VIATechnologiesInc.,Ltd) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-08-07 11:33 - 2017-08-07 11:33 - 000017811 _____ C:\Users\user\Desktop\FRST.txt 2017-08-07 11:32 - 2017-08-07 11:32 - 000000000 ____D C:\FRST 2017-08-07 11:29 - 2017-08-07 11:29 - 002381312 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2017-08-07 09:49 - 2017-08-07 09:49 - 000000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-08-05 15:50 - 2017-08-05 16:49 - 1266614272 _____ C:\Users\user\Downloads\Ascenseur.Pour.L.Echafaud-www.zone-telchargement.ws.avi.part 2017-08-04 15:38 - 2017-08-04 15:40 - 000000000 ____D C:\Users\user\Desktop\Fiche de paie AMnesty 2017-08-03 11:38 - 2017-08-03 11:38 - 000000618 _____ C:\Users\user\Desktop\Script ZHPFix.txt 2017-08-03 11:38 - 2017-08-03 11:38 - 000000000 ____D C:\Users\user\Desktop\Quarantine 2017-08-03 11:13 - 2017-08-03 11:47 - 000430412 _____ C:\Windows\ntbtlog.txt 2017-08-02 11:49 - 2017-08-02 11:49 - 000000000 ____D C:\Users\user\Downloads\Quarantine 2017-08-02 11:48 - 2017-08-02 11:48 - 000000000 ____D C:\Users\user\Desktop\Virus desinfection 2017-08-02 11:47 - 2017-08-02 11:47 - 003067264 _____ (Nicolas Coolman) C:\Users\user\Desktop\zhpfix_2017-6-13-1.exe 2017-08-01 12:22 - 2017-08-07 09:49 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-01 12:22 - 2017-08-01 12:22 - 000188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-08-01 12:22 - 2017-08-01 12:22 - 000113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-08-01 12:22 - 2017-08-01 12:22 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-08-01 12:22 - 2017-08-01 12:22 - 000044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-08-01 12:21 - 2017-08-01 18:40 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-08-01 12:21 - 2017-08-01 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-01 12:21 - 2017-08-01 12:21 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-01 12:21 - 2017-08-01 12:21 - 000000000 ____D C:\Program Files\Malwarebytes 2017-08-01 12:17 - 2017-08-01 12:17 - 064025992 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe 2017-08-01 11:57 - 2017-08-01 12:00 - 000000000 ____D C:\AdwCleaner 2017-08-01 11:57 - 2017-08-01 11:57 - 008185288 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_7.0.1.0.exe 2017-08-01 11:39 - 2017-08-01 11:39 - 002830208 _____ C:\Users\user\Downloads\zhpcleaner_2017.7.17.123(1).exe 2017-08-01 11:36 - 2017-08-01 11:36 - 002830208 _____ C:\Users\user\Downloads\zhpcleaner_2017.7.17.123.exe 2017-08-01 10:16 - 2017-08-03 11:45 - 000000000 ____D C:\Users\user\AppData\Roaming\ZHP 2017-08-01 10:16 - 2017-08-01 11:39 - 000000000 ____D C:\Users\user\AppData\Local\ZHP 2017-08-01 10:16 - 2017-08-01 10:16 - 002804096 _____ C:\Users\user\Downloads\ZHPDiag3.exe 2017-07-31 23:55 - 2017-07-31 23:55 - 001571211 _____ C:\Users\user\Downloads\arnaques_2015.pdf 2017-07-31 22:54 - 2017-07-31 22:54 - 000000000 ____D C:\Users\user\AppData\Local\PCPrivacyShield 2017-07-31 22:47 - 2017-07-31 22:47 - 000000000 ____D C:\Program Files (x86)\Citrix 2017-07-31 22:46 - 2017-07-31 22:46 - 000000000 ____D C:\Users\user\AppData\Local\GoToAssist Corporate 2017-07-31 22:21 - 2017-08-01 00:54 - 1189109375 _____ C:\Users\user\Downloads\take-shelter.vf.Dvdrip.zone-telechargement.ws.avi 2017-07-30 16:21 - 2017-07-30 16:21 - 000000000 ____D C:\Users\user\AppData\Roaming\dvdcss 2017-07-16 11:47 - 2017-07-16 11:48 - 000000000 ____D C:\Users\user\Desktop\RemboursementWiko 2017-07-14 17:44 - 2017-07-14 17:44 - 000262144 ____N C:\Windows\Minidump\071417-18205-01.dmp 2017-07-14 13:47 - 2017-07-14 13:47 - 000282296 _____ C:\Windows\Minidump\071417-19375-01.dmp 2017-07-11 15:46 - 2017-07-11 15:46 - 000000000 ____D C:\Users\user\AppData\Local\Adobe_Systems_Incorporate 2017-07-11 15:45 - 2017-07-11 15:47 - 000000000 ____D C:\Users\user\Documents\My Digital Editions 2017-07-11 15:45 - 2017-07-11 15:45 - 000002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk 2017-07-11 15:45 - 2017-07-11 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2017-07-11 15:44 - 2017-07-11 15:44 - 008896664 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\ADE_4.5_Installer.exe 2017-07-11 10:05 - 2016-09-21 07:28 - 1470099712 _____ C:\Users\user\Downloads\Un+jour+sans+fin+TRUEFRENCH+DVDRIP+XVID+AC3-LKT.avi 2017-07-10 12:27 - 2017-07-10 12:27 - 000014335 _____ C:\Users\user\Downloads\67 - Raccourci.lnk 2017-07-10 12:26 - 2017-07-10 12:26 - 000014662 _____ C:\Users\user\Downloads\_09B8173RR1 - Raccourci.lnk 2017-07-10 12:15 - 2017-07-10 12:36 - 000884224 ___SH C:\Users\user\Downloads\Thumbs.db ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-08-07 11:32 - 2016-11-16 23:11 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla 2017-08-07 10:03 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-07 10:03 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-07 09:57 - 2013-12-18 17:01 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-08-07 09:51 - 2016-05-25 09:45 - 000000000 ___RD C:\Users\user\Google Drive 2017-08-07 09:49 - 2016-06-05 00:45 - 000131072 ___SH C:\CredSED.dat 2017-08-07 09:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Registration 2017-08-07 09:47 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-06 15:41 - 2016-05-28 18:22 - 000000000 ____D C:\Users\user\AppData\Roaming\AIMP 2017-08-03 11:39 - 2016-06-05 11:18 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps 2017-08-03 11:21 - 2016-12-17 19:37 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics 2017-07-31 22:31 - 2016-05-25 18:45 - 000000000 ____D C:\Julien 2017-07-30 16:26 - 2016-05-25 01:19 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc 2017-07-24 23:32 - 2009-07-14 07:08 - 000032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-07-18 16:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF 2017-07-14 17:44 - 2016-06-27 15:25 - 000000000 ____D C:\Windows\Minidump 2017-07-14 13:47 - 2016-06-27 15:25 - 536265803 _____ C:\Windows\MEMORY.DMP 2017-07-13 16:26 - 2016-05-25 18:44 - 000000000 ____D C:\Ecriture 2017-07-12 14:09 - 2013-12-18 16:30 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-07-12 14:09 - 2013-12-18 16:30 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-07-12 14:09 - 2013-12-18 16:30 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-07-12 14:09 - 2013-12-18 16:30 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-07-12 14:09 - 2013-12-18 16:30 - 000000000 ____D C:\Windows\system32\Macromed 2017-07-11 15:47 - 2016-05-20 16:29 - 000000000 ____D C:\Users\user\AppData\Roaming\Adobe 2017-07-11 15:45 - 2013-12-18 17:09 - 000000000 ____D C:\Program Files (x86)\Adobe 2017-07-10 12:18 - 2016-06-01 17:14 - 000000000 ____D C:\Users\user\Downloads\SINO31_Benales-Elements EP ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-08-01 01:12 ==================== Fin de FRST.txt ============================