Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2017 Exécuté par Procurement (administrateur) sur PC-HOME (16-08-2017 21:05:12) Exécuté depuis C:\Users\Procurement\Desktop Profils chargés: Procurement (Profils disponibles: Procurement) Platform: Microsoft® Windows Vista™ Édition Intégrale Service Pack 2 (X86) Langue: Français (France) Internet Explorer Version 9 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Creative Technology Ltd) C:\Windows\System32\CtHelper.exe (Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Piriform Ltd) C:\CCLeaner\ccleaner.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [CTHelper] => CTHELPER.EXE* HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE* HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation) HKLM\...\Run: [CTXFIREG] => C:\Windows\system32\CTxfiReg.exe [44032 2006-11-28] (Creative Technology Ltd) HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions) HKLM\...\Run: [ECenter] => c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( ) HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation) HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [155648 2006-09-28] (Creative Technology Ltd) HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.) HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [273528 2011-10-24] (RealNetworks, Inc.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [213832 2017-07-18] (AVAST Software) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.) HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL* HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [CCleaner Monitoring] => C:\CCLeaner\CCleaner.exe [7658200 2017-06-30] (Piriform Ltd) HKU\S-1-5-21-2053072289-921579757-2824353075-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" HKU\S-1-5-18\...\RunOnce: [SetDefaultMIDI] => MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'* Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0.lnk [2010-11-13] ShortcutTarget: PHOTOfunSTUDIO 5.0.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240 Tcpip\..\Interfaces\{1BF2AB82-D763-4B0E-911A-B0D818277FCE}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{5FAAD006-3284-416A-A079-4F89B1E66281}: [DhcpNameServer] 212.27.40.241 212.27.40.240 Tcpip\..\Interfaces\{88202DBB-1DA2-44D1-A803-E57F2F72F342}: [DhcpNameServer] 212.27.40.241 212.27.40.240 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.fr/ HKU\S-1-5-21-2053072289-921579757-2824353075-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms} SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms} SearchScopes: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms} SearchScopes: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms} SearchScopes: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> {9D5BD211-422C-4164-9298-BB4186A30F31} URL = hxxp://www.bing.com/search?q={searchTerms}&mkt=fr-FR&form=MIAWB1 BHO: Pas de nom -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> Pas de fichier BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-07-18] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation) Toolbar: HKU\.DEFAULT -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier Toolbar: HKU\S-1-5-21-2053072289-921579757-2824353075-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: od9ml3yj.default FF ProfilePath: C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default [2017-08-16] FF Homepage: Mozilla\Firefox\Profiles\od9ml3yj.default -> about:home FF Extension: (Ghostery) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\firefox@ghostery.com.xpi [2017-08-13] FF Extension: (Qwant for Firefox) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\qwantcomforfirefox@jetpack.xpi [2017-07-13] FF Extension: (Avast SafePrice) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\sp@avast.com.xpi [2017-05-31] FF Extension: (Avast Online Security) - C:\Users\Procurement\AppData\Roaming\Mozilla\Firefox\Profiles\od9ml3yj.default\Extensions\wrc@avast.com.xpi [2017-05-31] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-24] [non signé] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2016-01-25] [non signé] FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-10-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-10-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-10-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-10-24] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-10-24] (RealNetworks, Inc.) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\adslTV\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-24] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-10] (Adobe Systems Incorporated) [Fichier non signé] S3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\aswidsagent.exe [5815840 2017-07-18] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [263312 2017-07-18] (AVAST Software) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [Fichier non signé] R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [Fichier non signé] S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] () S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [16936 2008-04-05] (Citrix Online, a division of Citrix Systems, Inc.) R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-09-29] (Intel Corporation) [Fichier non signé] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Fichier non signé] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes) R3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [Fichier non signé] R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [Fichier non signé] S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [Fichier non signé] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) U4 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X] S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X] ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267008 2017-07-18] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-07-18] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-07-18] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-07-18] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-18] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-07-18] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123928 2017-08-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-18] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-18] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774320 2017-08-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-18] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-18] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-18] (AVAST Software) R3 AVMNgBasM779; C:\Windows\System32\DRIVERS\AVerBas.sys [49280 2007-02-13] (AVerMedia TECHNOLOGIES, Inc.) R3 AVMNgCapM779; C:\Windows\System32\DRIVERS\AVerCap.sys [219648 2007-02-13] (AVerMedia TECHNOLOGIES, Inc.) R3 AVMNgTunM779; C:\Windows\System32\DRIVERS\AVerTun.sys [147584 2007-02-13] (AVerMedia TECHNOLOGIES, Inc.) S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2006-11-29] (Creative Technology Ltd) S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [Fichier non signé] R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59936 2017-08-01] () R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [162240 2017-08-01] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-08-15] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-08-16] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64800 2017-08-15] (Malwarebytes) S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; c:\program files\dell support center\pcdsrvc.pkms [21744 2010-11-18] (PC-Doctor, Inc.) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [Fichier non signé] R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [82056 2016-03-23] (IBM Corp.) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-08-16 21:05 - 2017-08-16 21:06 - 000021853 _____ C:\Users\Procurement\Desktop\FRST.txt 2017-08-16 21:04 - 2017-08-16 21:05 - 000000000 ____D C:\FRST 2017-08-16 21:03 - 2017-08-16 21:03 - 001792512 _____ (Farbar) C:\Users\Procurement\Desktop\FRST.exe 2017-08-16 08:10 - 2017-08-16 08:10 - 000001471 _____ C:\Users\Procurement\Desktop\ZHPCleaner.txt 2017-08-16 07:53 - 2017-08-16 08:10 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\ZHP 2017-08-16 07:53 - 2017-08-16 07:53 - 002854784 _____ C:\Users\Procurement\Desktop\zhpcleaner_2017.8.15.140.exe 2017-08-16 07:53 - 2017-08-16 07:53 - 000000733 _____ C:\Users\Procurement\Desktop\ZHPCleaner.lnk 2017-08-15 18:44 - 2017-08-15 18:44 - 001790024 _____ (Malwarebytes) C:\Users\Procurement\Desktop\JRT.exe 2017-08-15 18:33 - 2017-08-15 18:36 - 000000000 ____D C:\AdwCleaner 2017-08-15 18:32 - 2017-08-15 18:32 - 008185288 _____ (Malwarebytes) C:\Users\Procurement\Desktop\adwcleaner_7.0.1.0.exe 2017-08-15 17:08 - 2017-08-15 18:57 - 000000000 ____D C:\Users\Procurement\AppData\Local\ZHP 2017-08-15 17:08 - 2017-08-15 18:55 - 000000723 _____ C:\Users\Procurement\Desktop\ZHPDiag.lnk 2017-08-15 17:06 - 2017-08-15 17:06 - 002812800 _____ C:\Users\Procurement\Desktop\zhpdiag_2017.8.15.140.exe 2017-08-15 16:25 - 2017-08-15 16:25 - 000144176 _____ C:\Windows\Minidump\Mini081517-01.dmp 2017-08-14 18:52 - 2017-08-14 18:52 - 000144176 _____ C:\Windows\Minidump\Mini081417-01.dmp 2017-08-13 18:25 - 2017-08-13 18:25 - 000144176 _____ C:\Windows\Minidump\Mini081317-03.dmp 2017-08-13 18:22 - 2017-08-13 18:22 - 000144176 _____ C:\Windows\Minidump\Mini081317-02.dmp 2017-08-13 18:14 - 2017-08-13 18:14 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\PeerNetworking 2017-08-13 15:23 - 2017-08-13 15:23 - 000144176 _____ C:\Windows\Minidump\Mini081317-01.dmp 2017-08-12 20:13 - 2017-08-12 20:13 - 000144176 _____ C:\Windows\Minidump\Mini081217-04.dmp 2017-08-12 20:10 - 2017-08-12 20:10 - 000144176 _____ C:\Windows\Minidump\Mini081217-03.dmp 2017-08-12 20:01 - 2017-08-12 20:01 - 000144176 _____ C:\Windows\Minidump\Mini081217-02.dmp 2017-08-12 19:51 - 2017-08-12 19:51 - 000144176 _____ C:\Windows\Minidump\Mini081217-01.dmp 2017-08-08 19:36 - 2017-08-08 19:36 - 000144176 _____ C:\Windows\Minidump\Mini080817-02.dmp 2017-08-08 18:39 - 2017-08-08 18:39 - 000144176 _____ C:\Windows\Minidump\Mini080817-01.dmp 2017-08-07 23:22 - 2017-08-07 23:31 - 000000000 ____D C:\Users\Procurement\Documents\Achat appart-NEW 2017-08-06 21:04 - 2017-08-06 21:04 - 000144176 _____ C:\Windows\Minidump\Mini080617-01.dmp 2017-08-04 19:40 - 2017-08-04 19:40 - 000144176 _____ C:\Windows\Minidump\Mini080417-02.dmp 2017-08-04 13:47 - 2017-08-04 13:47 - 000144176 _____ C:\Windows\Minidump\Mini080417-01.dmp 2017-08-02 19:28 - 2017-08-02 19:28 - 000144176 _____ C:\Windows\Minidump\Mini080217-01.dmp 2017-08-01 18:59 - 2017-08-01 18:59 - 000144176 _____ C:\Windows\Minidump\Mini080117-01.dmp 2017-08-01 18:58 - 2017-08-15 16:25 - 315235659 _____ C:\Windows\MEMORY.DMP 2017-08-01 14:39 - 2017-08-16 20:52 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-01 14:39 - 2017-08-15 16:21 - 000064800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-08-01 14:39 - 2017-08-15 16:21 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-08-01 14:39 - 2017-08-01 16:14 - 000162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-08-01 14:38 - 2017-08-01 15:59 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys 2017-08-01 14:38 - 2017-08-01 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-01 14:38 - 2017-08-01 14:38 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-01 14:38 - 2017-08-01 14:38 - 000000000 ____D C:\Program Files\Malwarebytes 2017-07-30 15:33 - 2017-07-30 15:33 - 000000000 ____D C:\Program Files\Common Files\Java 2017-07-18 23:19 - 2017-02-11 17:22 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-07-18 23:19 - 2016-08-03 17:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2017-07-18 23:19 - 2016-08-03 16:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-07-18 23:19 - 2016-08-03 16:20 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-07-18 22:49 - 2017-07-18 22:49 - 000303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-08-16 21:06 - 2011-03-04 13:01 - 000000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2017-08-16 21:03 - 2016-11-24 23:43 - 000000000 ____D C:\Users\Procurement\AppData\LocalLow\Mozilla 2017-08-16 21:03 - 2014-02-18 16:21 - 000000336 _____ C:\Windows\BRRBCOM.INI 2017-08-16 20:52 - 2006-11-02 15:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-16 20:52 - 2006-11-02 14:46 - 000003680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-16 20:52 - 2006-11-02 14:46 - 000003680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-16 08:24 - 2016-01-13 01:38 - 000001080 _____ C:\Windows\system32\settingsbkup.sfm 2017-08-16 08:24 - 2016-01-13 01:38 - 000001080 _____ C:\Windows\system32\settings.sfm 2017-08-16 08:24 - 2008-04-05 18:01 - 000064756 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx 2017-08-16 08:24 - 2008-04-05 18:01 - 000053968 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx 2017-08-16 08:24 - 2008-04-05 18:01 - 000053968 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx 2017-08-16 08:24 - 2006-11-02 15:00 - 000032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-08-15 23:31 - 2010-05-01 20:59 - 000000000 ____D C:\Users\Procurement\AppData\Local\adslTV 2017-08-15 18:36 - 2010-02-28 15:58 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\Yahoo! 2017-08-15 16:25 - 2008-09-11 14:19 - 000000000 ____D C:\Windows\Minidump 2017-08-13 18:52 - 2007-06-03 00:10 - 000000000 ____D C:\doctemp 2017-08-13 15:12 - 2011-03-04 12:46 - 000000000 ____D C:\ProgramData\PCDr 2017-08-10 22:56 - 2014-01-12 17:36 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-08-10 22:56 - 2014-01-12 17:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-08-10 22:55 - 2007-06-02 16:30 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-09 18:58 - 2016-01-25 16:45 - 000774320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2017-08-09 18:58 - 2016-01-25 16:45 - 000123928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2017-08-08 18:53 - 2015-09-29 16:33 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-08-03 11:24 - 2012-12-05 00:03 - 000000000 ____D C:\Users\Procurement\Documents\AL 2017-08-02 19:48 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf 2017-07-30 22:16 - 2015-09-29 16:30 - 000000000 ____D C:\Users\Procurement\AppData\Roaming\DVDVideoSoft 2017-07-30 15:58 - 2009-06-01 12:40 - 000000000 ____D C:\Users\Procurement\Documents\Divers 2017-07-30 15:34 - 2013-10-19 08:29 - 000000000 ____D C:\ProgramData\Oracle 2017-07-30 15:34 - 2013-10-19 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-07-30 15:34 - 2007-06-02 16:30 - 000000000 ____D C:\Program Files\Java 2017-07-30 15:32 - 2015-02-15 15:04 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2017-07-21 00:24 - 2008-03-18 23:37 - 000000000 ____D C:\Users\Procurement\Documents\Archives dossiers HA 2017-07-18 23:59 - 2012-11-02 15:26 - 000000000 ____D C:\Users\Procurement\Documents\Téléphonie mobile 2017-07-18 23:59 - 2009-03-07 17:57 - 000000000 ____D C:\Users\Procurement\Documents\Consulting 2017-07-18 23:47 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\rescache 2017-07-18 22:49 - 2017-03-01 23:33 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys 2017-07-18 22:49 - 2017-03-01 23:33 - 000267008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys 2017-07-18 22:49 - 2017-03-01 23:33 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys 2017-07-18 22:49 - 2017-03-01 23:33 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys 2017-07-18 22:49 - 2016-05-04 16:24 - 000039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-07-18 22:49 - 2015-07-28 16:57 - 000202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2017-07-18 22:49 - 2014-04-29 21:05 - 000042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-07-18 22:49 - 2013-05-08 11:24 - 000296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2017-07-18 22:49 - 2013-05-08 11:24 - 000070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-07-18 22:49 - 2008-06-20 21:12 - 000496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-07-18 22:49 - 2007-09-27 18:06 - 000070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2017-07-18 20:56 - 2007-07-21 13:19 - 000000000 ____D C:\CCLeaner ==================== Fichiers à la racine de certains dossiers ======= 2017-08-13 18:14 - 2017-08-13 18:14 - 000024206 _____ () C:\Users\Procurement\AppData\Roaming\UserTile.png 2007-06-10 15:57 - 2008-08-14 12:07 - 000000000 _____ () C:\Users\Procurement\AppData\Roaming\wklnhst.dat 2012-01-31 22:20 - 2012-11-04 00:58 - 000000680 _____ () C:\Users\Procurement\AppData\Local\d3d9caps.dat 2007-06-10 14:00 - 2011-10-24 21:39 - 000037888 _____ () C:\Users\Procurement\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-06-30 11:51 - 2009-06-30 11:51 - 000004096 ____H () C:\Users\Procurement\AppData\Local\keyfile3.drm 2014-07-10 12:19 - 2014-07-10 12:19 - 000004191 _____ () C:\Users\Procurement\AppData\Local\recently-used.xbel Certains fichiers dans TEMP: ==================== 2017-08-01 15:48 - 2017-08-01 15:48 - 000000000 _____ () C:\Users\Procurement\AppData\Local\Temp\vkoagctv.dll 2017-08-02 19:26 - 2017-08-02 19:26 - 000000000 _____ () C:\Users\Procurement\AppData\Local\Temp\yp5domaj.dll ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-08-16 20:58 ==================== Fin de FRST.txt ============================