Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2017
Exécuté par user (administrateur) sur USER-PC (07-08-2017 11:32:59)
Exécuté depuis C:\Users\user\Desktop
Profils chargés: user (Profils disponibles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpAgent.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-06-10] (RealtekSemiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-15] (IntelCorporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (SynapticsIncorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (MicrosoftCorporation)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-04-11] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-03] (Qualcomm®Atheros®)
HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\...\Run: [PCPrivacyShield] => "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized
Lsa: [Notification Packages] DPPassFilter scecli
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{06B2E39E-8E7F-4990-8C0A-671B5447CE88}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2358840052-3570567180-3096199387-1000 -> DefaultScope {8DFEFF11-DDED-437F-803B-51DA344B0290} URL =
SearchScopes: HKU\S-1-5-21-2358840052-3570567180-3096199387-1000 -> {8DFEFF11-DDED-437F-803B-51DA344B0290} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-03] (Qualcomm®Atheros®)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (MicrosoftCorp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (MicrosoftCorp.)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cs81s3ep.default-1478699082299 [2017-08-07]
FF Extension: (anonymoX) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cs81s3ep.default-1478699082299\Extensions\client@anonymox.net.xpi [2017-06-20]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: (Dell Data Protection
Security Tools) - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2016-06-05] [non signé]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => non trouvé(e)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-02-10] (DigitalPersona, Inc.)
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-08-03]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-25]
CHR Extension: (Google Docs hors connexion) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-25]
CHR Extension: (Dell Data Protection | Security Tools) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-06-05]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-05-25]
CHR HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-02-10]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-03] (Windows(R)Win7DDKprovider) [Fichier non signé]
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [248160 2014-04-11] (DellInc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-04-11] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-04-11] (Dell,Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-02-19] (DigitalPersona,Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-15] (IntelCorporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R)Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R)Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea,Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (IntelCorporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (MicrosoftCorporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (MicrosoftCorporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-06-10] (RealtekSemiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinksSAS)
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (SecurityInnovation,Inc.) [Fichier non signé]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (ValiditySensors,Inc.) [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-18] (MicrosoftCorporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [Fichier non signé]
R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{85612089-6EA2-452B-9DD1-83360FCD936D}
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] (AcerLaboratoriesInc.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-03] (QualcommAtheros)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] (CMDTechnology,Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-04-11] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-11] (IntelCorporation)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-07] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-18] (IntelCorporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (MicrosoftCorporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (MicrosoftCorporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-04-11] (DellInc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (SynapticsIncorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (SynapticsIncorporated)
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] (VIATechnologies,Inc.)
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] (VIATechnologiesInc.,Ltd)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-08-07 11:33 - 2017-08-07 11:33 - 000017811 _____ C:\Users\user\Desktop\FRST.txt
2017-08-07 11:32 - 2017-08-07 11:32 - 000000000 ____D C:\FRST
2017-08-07 11:29 - 2017-08-07 11:29 - 002381312 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-08-07 09:49 - 2017-08-07 09:49 - 000000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-08-05 15:50 - 2017-08-05 16:49 - 1266614272 _____ C:\Users\user\Downloads\Ascenseur.Pour.L.Echafaud-www.zone-telchargement.ws.avi.part
2017-08-04 15:38 - 2017-08-04 15:40 - 000000000 ____D C:\Users\user\Desktop\Fiche de paie AMnesty
2017-08-03 11:38 - 2017-08-03 11:38 - 000000618 _____ C:\Users\user\Desktop\Script ZHPFix.txt
2017-08-03 11:38 - 2017-08-03 11:38 - 000000000 ____D C:\Users\user\Desktop\Quarantine
2017-08-03 11:13 - 2017-08-03 11:47 - 000430412 _____ C:\Windows\ntbtlog.txt
2017-08-02 11:49 - 2017-08-02 11:49 - 000000000 ____D C:\Users\user\Downloads\Quarantine
2017-08-02 11:48 - 2017-08-02 11:48 - 000000000 ____D C:\Users\user\Desktop\Virus desinfection
2017-08-02 11:47 - 2017-08-02 11:47 - 003067264 _____ (Nicolas Coolman) C:\Users\user\Desktop\zhpfix_2017-6-13-1.exe
2017-08-01 12:22 - 2017-08-07 09:49 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-01 12:22 - 2017-08-01 12:22 - 000188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-01 12:22 - 2017-08-01 12:22 - 000113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-01 12:22 - 2017-08-01 12:22 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-01 12:22 - 2017-08-01 12:22 - 000044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-01 12:21 - 2017-08-01 18:40 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-01 12:21 - 2017-08-01 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-01 12:21 - 2017-08-01 12:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-01 12:21 - 2017-08-01 12:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-01 12:17 - 2017-08-01 12:17 - 064025992 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe
2017-08-01 11:57 - 2017-08-01 12:00 - 000000000 ____D C:\AdwCleaner
2017-08-01 11:57 - 2017-08-01 11:57 - 008185288 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_7.0.1.0.exe
2017-08-01 11:39 - 2017-08-01 11:39 - 002830208 _____ C:\Users\user\Downloads\zhpcleaner_2017.7.17.123(1).exe
2017-08-01 11:36 - 2017-08-01 11:36 - 002830208 _____ C:\Users\user\Downloads\zhpcleaner_2017.7.17.123.exe
2017-08-01 10:16 - 2017-08-03 11:45 - 000000000 ____D C:\Users\user\AppData\Roaming\ZHP
2017-08-01 10:16 - 2017-08-01 11:39 - 000000000 ____D C:\Users\user\AppData\Local\ZHP
2017-08-01 10:16 - 2017-08-01 10:16 - 002804096 _____ C:\Users\user\Downloads\ZHPDiag3.exe
2017-07-31 23:55 - 2017-07-31 23:55 - 001571211 _____ C:\Users\user\Downloads\arnaques_2015.pdf
2017-07-31 22:54 - 2017-07-31 22:54 - 000000000 ____D C:\Users\user\AppData\Local\PCPrivacyShield
2017-07-31 22:47 - 2017-07-31 22:47 - 000000000 ____D C:\Program Files (x86)\Citrix
2017-07-31 22:46 - 2017-07-31 22:46 - 000000000 ____D C:\Users\user\AppData\Local\GoToAssist Corporate
2017-07-31 22:21 - 2017-08-01 00:54 - 1189109375 _____ C:\Users\user\Downloads\take-shelter.vf.Dvdrip.zone-telechargement.ws.avi
2017-07-30 16:21 - 2017-07-30 16:21 - 000000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2017-07-16 11:47 - 2017-07-16 11:48 - 000000000 ____D C:\Users\user\Desktop\RemboursementWiko
2017-07-14 17:44 - 2017-07-14 17:44 - 000262144 ____N C:\Windows\Minidump\071417-18205-01.dmp
2017-07-14 13:47 - 2017-07-14 13:47 - 000282296 _____ C:\Windows\Minidump\071417-19375-01.dmp
2017-07-11 15:46 - 2017-07-11 15:46 - 000000000 ____D C:\Users\user\AppData\Local\Adobe_Systems_Incorporate
2017-07-11 15:45 - 2017-07-11 15:47 - 000000000 ____D C:\Users\user\Documents\My Digital Editions
2017-07-11 15:45 - 2017-07-11 15:45 - 000002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2017-07-11 15:45 - 2017-07-11 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-07-11 15:44 - 2017-07-11 15:44 - 008896664 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\ADE_4.5_Installer.exe
2017-07-11 10:05 - 2016-09-21 07:28 - 1470099712 _____ C:\Users\user\Downloads\Un+jour+sans+fin+TRUEFRENCH+DVDRIP+XVID+AC3-LKT.avi
2017-07-10 12:27 - 2017-07-10 12:27 - 000014335 _____ C:\Users\user\Downloads\67 - Raccourci.lnk
2017-07-10 12:26 - 2017-07-10 12:26 - 000014662 _____ C:\Users\user\Downloads\_09B8173RR1 - Raccourci.lnk
2017-07-10 12:15 - 2017-07-10 12:36 - 000884224 ___SH C:\Users\user\Downloads\Thumbs.db
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-08-07 11:32 - 2016-11-16 23:11 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-08-07 10:03 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-07 10:03 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-07 09:57 - 2013-12-18 17:01 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-08-07 09:51 - 2016-05-25 09:45 - 000000000 ___RD C:\Users\user\Google Drive
2017-08-07 09:49 - 2016-06-05 00:45 - 000131072 ___SH C:\CredSED.dat
2017-08-07 09:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Registration
2017-08-07 09:47 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-06 15:41 - 2016-05-28 18:22 - 000000000 ____D C:\Users\user\AppData\Roaming\AIMP
2017-08-03 11:39 - 2016-06-05 11:18 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-08-03 11:21 - 2016-12-17 19:37 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-07-31 22:31 - 2016-05-25 18:45 - 000000000 ____D C:\Julien
2017-07-30 16:26 - 2016-05-25 01:19 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-07-24 23:32 - 2009-07-14 07:08 - 000032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-18 16:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2017-07-14 17:44 - 2016-06-27 15:25 - 000000000 ____D C:\Windows\Minidump
2017-07-14 13:47 - 2016-06-27 15:25 - 536265803 _____ C:\Windows\MEMORY.DMP
2017-07-13 16:26 - 2016-05-25 18:44 - 000000000 ____D C:\Ecriture
2017-07-12 14:09 - 2013-12-18 16:30 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 14:09 - 2013-12-18 16:30 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 14:09 - 2013-12-18 16:30 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-12 14:09 - 2013-12-18 16:30 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-12 14:09 - 2013-12-18 16:30 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-11 15:47 - 2016-05-20 16:29 - 000000000 ____D C:\Users\user\AppData\Roaming\Adobe
2017-07-11 15:45 - 2013-12-18 17:09 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-07-10 12:18 - 2016-06-01 17:14 - 000000000 ____D C:\Users\user\Downloads\SINO31_Benales-Elements EP
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-08-01 01:12
==================== Fin de FRST.txt ============================
Exécuté par user (administrateur) sur USER-PC (07-08-2017 11:32:59)
Exécuté depuis C:\Users\user\Desktop
Profils chargés: user (Profils disponibles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpAgent.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-06-10] (RealtekSemiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-15] (IntelCorporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (SynapticsIncorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (MicrosoftCorporation)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-04-11] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-03] (Qualcomm®Atheros®)
HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\...\Run: [PCPrivacyShield] => "C:\Program Files (x86)\PC Privacy Shield\PCPrivacyShield.exe" minimized
Lsa: [Notification Packages] DPPassFilter scecli
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{06B2E39E-8E7F-4990-8C0A-671B5447CE88}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2358840052-3570567180-3096199387-1000 -> DefaultScope {8DFEFF11-DDED-437F-803B-51DA344B0290} URL =
SearchScopes: HKU\S-1-5-21-2358840052-3570567180-3096199387-1000 -> {8DFEFF11-DDED-437F-803B-51DA344B0290} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-03] (Qualcomm®Atheros®)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (MicrosoftCorp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (MicrosoftCorp.)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cs81s3ep.default-1478699082299 [2017-08-07]
FF Extension: (anonymoX) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cs81s3ep.default-1478699082299\Extensions\client@anonymox.net.xpi [2017-06-20]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: (Dell Data Protection
Security Tools) - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2016-06-05] [non signé]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => non trouvé(e)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-02-10] (DigitalPersona, Inc.)
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-08-03]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-25]
CHR Extension: (Google Docs hors connexion) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-25]
CHR Extension: (Dell Data Protection | Security Tools) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-06-05]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-05-25]
CHR HKU\S-1-5-21-2358840052-3570567180-3096199387-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-02-10]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-03] (Windows(R)Win7DDKprovider) [Fichier non signé]
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [248160 2014-04-11] (DellInc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-04-11] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-04-11] (Dell,Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-02-19] (DigitalPersona,Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-15] (IntelCorporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R)Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R)Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea,Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (IntelCorporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (MicrosoftCorporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (MicrosoftCorporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-06-10] (RealtekSemiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinksSAS)
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (SecurityInnovation,Inc.) [Fichier non signé]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (ValiditySensors,Inc.) [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-18] (MicrosoftCorporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [Fichier non signé]
R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{85612089-6EA2-452B-9DD1-83360FCD936D}
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] (AcerLaboratoriesInc.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-03] (QualcommAtheros)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] (CMDTechnology,Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-04-11] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-11] (IntelCorporation)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-07] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-18] (IntelCorporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (MicrosoftCorporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (MicrosoftCorporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-04-11] (DellInc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (SynapticsIncorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (SynapticsIncorporated)
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] (VIATechnologies,Inc.)
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] (VIATechnologiesInc.,Ltd)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-08-07 11:33 - 2017-08-07 11:33 - 000017811 _____ C:\Users\user\Desktop\FRST.txt
2017-08-07 11:32 - 2017-08-07 11:32 - 000000000 ____D C:\FRST
2017-08-07 11:29 - 2017-08-07 11:29 - 002381312 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-08-07 09:49 - 2017-08-07 09:49 - 000000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-08-05 15:50 - 2017-08-05 16:49 - 1266614272 _____ C:\Users\user\Downloads\Ascenseur.Pour.L.Echafaud-www.zone-telchargement.ws.avi.part
2017-08-04 15:38 - 2017-08-04 15:40 - 000000000 ____D C:\Users\user\Desktop\Fiche de paie AMnesty
2017-08-03 11:38 - 2017-08-03 11:38 - 000000618 _____ C:\Users\user\Desktop\Script ZHPFix.txt
2017-08-03 11:38 - 2017-08-03 11:38 - 000000000 ____D C:\Users\user\Desktop\Quarantine
2017-08-03 11:13 - 2017-08-03 11:47 - 000430412 _____ C:\Windows\ntbtlog.txt
2017-08-02 11:49 - 2017-08-02 11:49 - 000000000 ____D C:\Users\user\Downloads\Quarantine
2017-08-02 11:48 - 2017-08-02 11:48 - 000000000 ____D C:\Users\user\Desktop\Virus desinfection
2017-08-02 11:47 - 2017-08-02 11:47 - 003067264 _____ (Nicolas Coolman) C:\Users\user\Desktop\zhpfix_2017-6-13-1.exe
2017-08-01 12:22 - 2017-08-07 09:49 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-01 12:22 - 2017-08-01 12:22 - 000188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-01 12:22 - 2017-08-01 12:22 - 000113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-01 12:22 - 2017-08-01 12:22 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-01 12:22 - 2017-08-01 12:22 - 000044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-01 12:21 - 2017-08-01 18:40 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-01 12:21 - 2017-08-01 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-01 12:21 - 2017-08-01 12:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-01 12:21 - 2017-08-01 12:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-01 12:17 - 2017-08-01 12:17 - 064025992 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe
2017-08-01 11:57 - 2017-08-01 12:00 - 000000000 ____D C:\AdwCleaner
2017-08-01 11:57 - 2017-08-01 11:57 - 008185288 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_7.0.1.0.exe
2017-08-01 11:39 - 2017-08-01 11:39 - 002830208 _____ C:\Users\user\Downloads\zhpcleaner_2017.7.17.123(1).exe
2017-08-01 11:36 - 2017-08-01 11:36 - 002830208 _____ C:\Users\user\Downloads\zhpcleaner_2017.7.17.123.exe
2017-08-01 10:16 - 2017-08-03 11:45 - 000000000 ____D C:\Users\user\AppData\Roaming\ZHP
2017-08-01 10:16 - 2017-08-01 11:39 - 000000000 ____D C:\Users\user\AppData\Local\ZHP
2017-08-01 10:16 - 2017-08-01 10:16 - 002804096 _____ C:\Users\user\Downloads\ZHPDiag3.exe
2017-07-31 23:55 - 2017-07-31 23:55 - 001571211 _____ C:\Users\user\Downloads\arnaques_2015.pdf
2017-07-31 22:54 - 2017-07-31 22:54 - 000000000 ____D C:\Users\user\AppData\Local\PCPrivacyShield
2017-07-31 22:47 - 2017-07-31 22:47 - 000000000 ____D C:\Program Files (x86)\Citrix
2017-07-31 22:46 - 2017-07-31 22:46 - 000000000 ____D C:\Users\user\AppData\Local\GoToAssist Corporate
2017-07-31 22:21 - 2017-08-01 00:54 - 1189109375 _____ C:\Users\user\Downloads\take-shelter.vf.Dvdrip.zone-telechargement.ws.avi
2017-07-30 16:21 - 2017-07-30 16:21 - 000000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2017-07-16 11:47 - 2017-07-16 11:48 - 000000000 ____D C:\Users\user\Desktop\RemboursementWiko
2017-07-14 17:44 - 2017-07-14 17:44 - 000262144 ____N C:\Windows\Minidump\071417-18205-01.dmp
2017-07-14 13:47 - 2017-07-14 13:47 - 000282296 _____ C:\Windows\Minidump\071417-19375-01.dmp
2017-07-11 15:46 - 2017-07-11 15:46 - 000000000 ____D C:\Users\user\AppData\Local\Adobe_Systems_Incorporate
2017-07-11 15:45 - 2017-07-11 15:47 - 000000000 ____D C:\Users\user\Documents\My Digital Editions
2017-07-11 15:45 - 2017-07-11 15:45 - 000002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2017-07-11 15:45 - 2017-07-11 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-07-11 15:44 - 2017-07-11 15:44 - 008896664 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\ADE_4.5_Installer.exe
2017-07-11 10:05 - 2016-09-21 07:28 - 1470099712 _____ C:\Users\user\Downloads\Un+jour+sans+fin+TRUEFRENCH+DVDRIP+XVID+AC3-LKT.avi
2017-07-10 12:27 - 2017-07-10 12:27 - 000014335 _____ C:\Users\user\Downloads\67 - Raccourci.lnk
2017-07-10 12:26 - 2017-07-10 12:26 - 000014662 _____ C:\Users\user\Downloads\_09B8173RR1 - Raccourci.lnk
2017-07-10 12:15 - 2017-07-10 12:36 - 000884224 ___SH C:\Users\user\Downloads\Thumbs.db
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-08-07 11:32 - 2016-11-16 23:11 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-08-07 10:03 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-07 10:03 - 2009-07-14 06:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-07 09:57 - 2013-12-18 17:01 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-08-07 09:51 - 2016-05-25 09:45 - 000000000 ___RD C:\Users\user\Google Drive
2017-08-07 09:49 - 2016-06-05 00:45 - 000131072 ___SH C:\CredSED.dat
2017-08-07 09:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Registration
2017-08-07 09:47 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-06 15:41 - 2016-05-28 18:22 - 000000000 ____D C:\Users\user\AppData\Roaming\AIMP
2017-08-03 11:39 - 2016-06-05 11:18 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-08-03 11:21 - 2016-12-17 19:37 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-07-31 22:31 - 2016-05-25 18:45 - 000000000 ____D C:\Julien
2017-07-30 16:26 - 2016-05-25 01:19 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-07-24 23:32 - 2009-07-14 07:08 - 000032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-18 16:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2017-07-14 17:44 - 2016-06-27 15:25 - 000000000 ____D C:\Windows\Minidump
2017-07-14 13:47 - 2016-06-27 15:25 - 536265803 _____ C:\Windows\MEMORY.DMP
2017-07-13 16:26 - 2016-05-25 18:44 - 000000000 ____D C:\Ecriture
2017-07-12 14:09 - 2013-12-18 16:30 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 14:09 - 2013-12-18 16:30 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-12 14:09 - 2013-12-18 16:30 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-12 14:09 - 2013-12-18 16:30 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-12 14:09 - 2013-12-18 16:30 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-11 15:47 - 2016-05-20 16:29 - 000000000 ____D C:\Users\user\AppData\Roaming\Adobe
2017-07-11 15:45 - 2013-12-18 17:09 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-07-10 12:18 - 2016-06-01 17:14 - 000000000 ____D C:\Users\user\Downloads\SINO31_Benales-Elements EP
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-08-01 01:12
==================== Fin de FRST.txt ============================