Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2020
Exécuté par gilles (administrateur) sur GILLES-PC-PORTA (SAMSUNG ELECTRONICS CO., LTD. R530/R730/P530) (19-10-2020 12:42:50)
Exécuté depuis C:\Users\gilles\Desktop
Profils chargés: gilles
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
() [Fichier non signé] C:\Windows\SysWOW64\Rezip.exe
(ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(CyberLink -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) [Fichier non signé] C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer Networking Ltd. -> Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Samsung Electronics CO., LTD. -> SEC) [Fichier non signé] C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) [Fichier non signé] C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {3bea72d1-bee8-11e7-bfc8-e8113211957f} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {3bea72dc-bee8-11e7-bfc8-e8113211957f} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {8910044a-1eab-11e0-8129-806e6f6e6963} - E:\InstallNavi.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {a1de5e0b-bfc4-11e8-b2a2-e8113211957f} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {e20959cb-a3e2-11e8-b50f-e8113211957f} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKLM\...\Print\Monitors\EPSON Stylus DX5000 Series 64MonitorBE: C:\windows\system32\E_ILMBVE.DLL [126976 2006-08-10] (SEIKO EPSON CORPORATION) [Fichier non signé]
HKLM\...\Print\Monitors\EPSON XP-205 207 Series 64MonitorBE: C:\windows\system32\E_ILMILE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\windows\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [Fichier non signé]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2020-05-01]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {0461C555-85C6-422C-869B-A8B58E84D94B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-06-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CCE6EB3-01C8-4B30-83CA-82B43544AD59} - System32\Tasks\{9D96D448-D360-42ED-BC3B-85F9198EDFBF} => C:\windows\system32\pcalua.exe -a "C:\Users\gilles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBZQI3PI\tvpc[1].exe" -d C:\Users\gilles\Desktop
Task: {19CEC215-20C1-44CF-996A-C04025F27310} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {19CEC215-20C1-44CF-996A-C04025F27310} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {19CEC215-20C1-44CF-996A-C04025F27310} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {2249D971-1987-447C-924A-8DF5EE4AE831} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-14] (Adobe Inc. -> Adobe)
Task: {263DD426-3CA0-4A6C-A038-CF4C40AB30EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {263DD426-3CA0-4A6C-A038-CF4C40AB30EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {27EBBAA0-88EC-40D2-AFD2-E491D6403A59} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [716800 2009-10-13] (Samsung Electronics Co., Ltd.) [Fichier non signé]
Task: {38F9BA9D-ECFF-4A2A-A426-C0D77ECFDEF8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-06-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F4F7D1C-8171-4431-B093-EE5E5908FA7B} - System32\Tasks\{4A85E2B8-D5CD-4BB7-8801-051D55FB2070} => C:\Users\gilles\Downloads\GarminExpress.exe
Task: {546A6232-FF65-4C10-9E69-71DD01ED1FFF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {5DCDF749-BFA7-45C6-99F2-D0413F3EA686} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-14] (Adobe Inc. -> Adobe)
Task: {5E6E797F-3CE6-47C7-BE0E-39D8401FC361} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {5E6E797F-3CE6-47C7-BE0E-39D8401FC361} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {611F1B4D-CE1A-4154-84DD-E85406D74806} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {74CE5EAB-7562-4117-9FE6-585C143F8468} - System32\Tasks\{DAD548D9-B73B-4F86-875D-17E71C9B154C} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"
Task: {789D89FE-39AF-4BF8-A69F-9DEBF2B87E38} - System32\Tasks\{2DEAFC09-4396-48D8-A85D-2478F4A2EF77} => C:\Windows\twain_32\escndv\escndv.exe [212504 2012-09-05] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORP.)
Task: {B2C5DD05-1CA0-4E79-B74C-BC8FB854D8B9} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2201192 2010-01-19] (Samsung Electronics CO., LTD. -> SEC) [Fichier non signé]
Task: {B4ACADA6-6E16-416B-8DDF-C8804208C047} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972176 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {E88BCD1C-02D4-4D99-8DBE-375DCEE91AEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {EB640E38-4639-4261-9045-7C5B7B65029A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972176 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {FECEEB70-F362-4E47-8CF4-6499170C78CD} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
Task: {FFC35C2A-91B7-404C-BA51-B09BF127C19E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {FFC35C2A-91B7-404C-BA51-B09BF127C19E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3FF85018-09C6-49E4-A9F4-50D2B4C220C6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4E2B02A8-BA4B-4AB0-8229-AEAA37AB63EC}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B4BA74A3-FE28-4BD8-8717-EA4828D08E70}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF DefaultProfile: h30c1ltf.default
FF ProfilePath: C:\Users\gilles\AppData\Roaming\Mozilla\firefox\Profiles\h30c1ltf.default [2020-10-19]
FF Notifications: Mozilla\firefox\Profiles\h30c1ltf.default -> hxxps://comment-reparer.com
FF HomepageOverride: Mozilla\firefox\Profiles\h30c1ltf.default -> Enabled: qwantcomforfirefox@jetpack
FF Extension: (Pas de nom) - C:\Users\gilles\AppData\Roaming\Mozilla\firefox\Profiles\h30c1ltf.default\Extensions\qwantcomforfirefox@jetpack.xpi [2020-10-12]
FF Extension: (Le Coin Raccourcis) - C:\Users\gilles\AppData\Roaming\Mozilla\firefox\Profiles\h30c1ltf.default\Extensions\{bca9c941-df28-4e08-98d9-35870277de34}.xpi [2020-09-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [Pas de fichier]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-14] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-05-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-05-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [Pas de fichier]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) [Fichier non signé]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-14] (Adobe Inc. -> Adobe)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052944 2020-07-14] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7185288 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [Fichier non signé]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation -> Microsoft Corporation)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Fichier non signé]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] (CyberLink -> )
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd. -> Safer Networking Ltd.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R3 athr; C:\windows\System32\DRIVERS\athrx.sys [1577472 2010-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2020-10-13] (Malwarebytes Corporation -> Malwarebytes)
S3 ew_usbccgpfilter; C:\windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [217592 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [197280 2020-10-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73880 2020-10-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [119920 2020-10-19] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-01-13] (Realtek Semiconductor Corp -> Windows (R) 2003 DDK 3790 provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [13824 2009-05-28] (Microsoft Windows Hardware Compatibility Publisher -> SAMSUNG ELECTRONICS)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-02-17] (Adlice -> )
S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-08-05] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] (Microsoft Windows Hardware Compatibility Publisher -> )
U3 aswbdisk; pas de ImagePath
U3 aswblog; pas de ImagePath
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois (créés) ===================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2020-10-19 12:42 - 2020-10-19 12:44 - 000022695 _____ C:\Users\gilles\Desktop\FRST.txt
2020-10-19 12:42 - 2020-10-19 12:43 - 000000000 ____D C:\FRST
2020-10-19 12:39 - 2020-10-19 12:40 - 002299904 _____ (Farbar) C:\Users\gilles\Desktop\FRST64.exe
2020-10-19 06:24 - 2020-10-19 06:24 - 000073880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2020-10-19 06:23 - 2020-10-19 06:23 - 000197280 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2020-10-19 06:23 - 2020-10-19 06:23 - 000119920 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2020-10-18 19:01 - 2020-10-18 19:01 - 000002743 _____ C:\Users\gilles\Desktop\cles principales.htm
2020-10-18 18:41 - 2020-10-18 19:16 - 000000000 ____D C:\Program Files (x86)\NirSoft
2020-10-18 08:09 - 2020-10-18 08:09 - 000000000 __SHD C:\found.000
2020-10-16 18:19 - 2020-10-16 19:42 - 000000000 ____D C:\Users\gilles\Downloads\recall
2020-10-16 18:18 - 2020-10-16 18:18 - 010276685 _____ C:\Users\gilles\Downloads\recall.zip
2020-10-16 11:46 - 2020-10-16 11:46 - 000000000 ____D C:\Users\gilles_2\AppData\Local\mbam
2020-10-14 11:22 - 2020-10-18 18:09 - 000520419 _____ C:\Users\gilles\Desktop\ZHPDiag.html
2020-10-14 11:22 - 2020-10-18 18:08 - 000420008 _____ C:\Users\gilles\Desktop\ZHPDiag.txt
2020-10-14 11:12 - 2020-10-14 11:12 - 003437952 _____ (Nicolas Coolman) C:\Users\gilles\Downloads\ZHPSuite(1).exe
2020-10-14 10:09 - 2020-10-14 10:09 - 000004710 _____ C:\Users\gilles\Desktop\Malware byte rapport.txt
2020-10-14 09:02 - 2020-10-19 06:32 - 000000000 ____D C:\Users\gilles\AppData\LocalLow\IGDump
2020-10-13 20:22 - 2020-10-13 20:22 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2020-10-13 20:22 - 2020-10-13 20:22 - 000217592 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2020-10-13 20:22 - 2020-10-13 20:22 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-10-13 20:22 - 2020-10-13 20:22 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-10-13 20:22 - 2020-10-13 20:22 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-10-13 20:22 - 2020-10-13 20:22 - 000000000 ____D C:\Users\gilles\AppData\Local\mbam
2020-10-13 20:22 - 2020-10-13 20:21 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2020-10-13 20:21 - 2020-10-13 20:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-10-13 20:21 - 2020-10-13 20:21 - 000000000 ____D C:\Program Files\Malwarebytes
2020-10-13 20:16 - 2020-10-13 20:20 - 000001442 _____ C:\Users\gilles\Desktop\MBSetup - Raccourci.lnk
2020-10-13 20:14 - 2020-10-13 20:14 - 002041448 _____ (Malwarebytes) C:\Users\gilles\Downloads\MBSetup.exe
2020-10-13 19:59 - 2020-10-13 20:00 - 000001529 _____ C:\Users\gilles\Desktop\adwcleaner_8.0.8 - Raccourci.lnk
2020-10-13 19:57 - 2020-10-13 19:57 - 008447152 _____ (Malwarebytes) C:\Users\gilles\Downloads\adwcleaner_8.0.8.exe
2020-10-13 19:52 - 2020-10-13 19:52 - 000005808 _____ C:\Users\gilles\Desktop\ZHPCleaner (R).txt
2020-10-13 19:19 - 2020-10-13 19:27 - 000013992 _____ C:\Users\gilles\Desktop\ZHPCleaner (S).html
2020-10-13 19:05 - 2020-10-13 19:08 - 000001475 _____ C:\Users\gilles\Desktop\ZHPCleaner - Raccourci.lnk
2020-10-13 17:32 - 2020-10-13 20:05 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-12 14:15 - 2020-10-13 19:08 - 000000000 ____D C:\Users\gilles\AppData\Local\ZHP
2020-10-12 14:15 - 2020-10-12 14:15 - 003437952 _____ (Nicolas Coolman) C:\Users\gilles\Downloads\ZHPSuite.exe
2020-10-12 07:38 - 2020-10-12 07:40 - 006639714 _____ C:\Users\gilles\Downloads\CrystalDiskInfo8_8_9.zip
2020-10-10 21:44 - 2020-10-10 21:45 - 000000000 ___HD C:\$WINDOWS.~BT
2020-10-10 20:27 - 2020-10-10 20:27 - 000000000 ___HD C:\$Windows.~WS
2020-10-08 21:15 - 2020-10-08 21:15 - 001047143 _____ C:\Users\gilles\Desktop\FT_Fertilisation_organique_CA_04_09-2020.pdf
2020-10-05 08:03 - 2020-10-05 08:03 - 000007667 _____ C:\Users\gilles\AppData\Local\Resmon.ResmonCfg
2020-10-04 20:02 - 2020-10-10 21:44 - 000001890 _____ C:\windows\diagwrn.xml
2020-10-04 20:02 - 2020-10-10 21:44 - 000001890 _____ C:\windows\diagerr.xml
2020-10-04 19:33 - 2020-10-10 21:44 - 000000000 ____D C:\ESD
2020-10-04 19:25 - 2020-10-04 19:25 - 019445016 _____ (Microsoft Corporation) C:\Users\gilles\Downloads\MediaCreationTool2004.exe
2020-10-04 19:13 - 2020-10-04 19:14 - 019255000 _____ (Microsoft Corporation) C:\Users\gilles\Downloads\MediaCreationTool1909.exe
2020-10-01 20:41 - 2020-10-02 07:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== Un mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2020-10-19 12:36 - 2018-09-06 12:34 - 000562176 ___SH C:\Users\gilles\Desktop\Thumbs.db
2020-10-19 12:34 - 2016-11-28 19:24 - 000000000 ____D C:\Users\gilles\AppData\LocalLow\Mozilla
2020-10-19 08:43 - 2018-07-28 20:53 - 000000000 ____D C:\Users\gilles_2\AppData\LocalLow\Mozilla
2020-10-19 08:20 - 2009-07-14 06:45 - 000022976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-10-19 08:20 - 2009-07-14 06:45 - 000022976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-10-18 21:08 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-10-18 18:44 - 2017-12-16 22:58 - 000000000 ____D C:\Users\gilles\AppData\Local\CrashDumps
2020-10-18 18:08 - 2015-05-10 21:15 - 000000000 ____D C:\Users\gilles\AppData\Roaming\ZHP
2020-10-16 18:31 - 2011-03-15 21:42 - 000000000 ____D C:\Users\gilles\Documents\Youcam
2020-10-16 08:26 - 2011-03-15 20:02 - 000000000 ____D C:\Users\gilles
2020-10-16 08:23 - 2012-10-09 21:18 - 000000000 ____D C:\Users\gilles\photos
2020-10-16 08:04 - 2013-11-10 19:10 - 000000000 ____D C:\Users\gilles\Desktop\DOSSIERS FAMILLE
2020-10-16 07:42 - 2010-10-26 01:02 - 000747910 _____ C:\windows\system32\perfh00C.dat
2020-10-16 07:42 - 2010-10-26 01:02 - 000150402 _____ C:\windows\system32\perfc00C.dat
2020-10-16 07:42 - 2009-07-14 07:13 - 001669656 _____ C:\windows\system32\PerfStringBackup.INI
2020-10-16 07:42 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf
2020-10-14 10:08 - 2012-02-01 20:15 - 000000000 ____D C:\Users\gilles\AppData\Roaming\Icones
2020-10-14 09:23 - 2018-03-13 22:23 - 000004650 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-10-14 09:23 - 2012-05-10 21:08 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2020-10-14 09:23 - 2012-05-10 21:08 - 000004484 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater
2020-10-14 09:23 - 2011-07-08 20:00 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-14 09:23 - 2011-03-26 19:08 - 000000000 ____D C:\windows\system32\Macromed
2020-10-14 09:23 - 2010-10-25 08:28 - 000000000 ____D C:\windows\SysWOW64\Macromed
2020-10-13 20:06 - 2015-11-30 21:50 - 000000290 __RSH C:\ProgramData\ntuser.pol
2020-10-13 20:05 - 2018-11-24 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-13 20:04 - 2010-10-25 08:37 - 000000000 ____D C:\ProgramData\SAMSUNG
2020-10-13 20:04 - 2010-10-25 08:29 - 000000000 ____D C:\Program Files (x86)\Samsung
2020-10-13 20:04 - 2010-10-25 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2020-10-10 21:45 - 2009-08-02 04:27 - 000000000 ____D C:\windows\Panther
2020-10-05 18:57 - 2012-12-21 21:11 - 000000000 ____D C:\Users\gilles\AppData\Roaming\ObviousIdea
2020-10-04 19:00 - 2020-08-17 13:24 - 000015360 ___SH C:\Users\gilles\Downloads\Thumbs.db
2020-09-25 09:15 - 2013-09-08 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2020-09-25 09:15 - 2011-03-19 21:25 - 000000000 ____D C:\ProgramData\EPSON
2020-09-25 08:55 - 2020-05-10 22:20 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-25 08:55 - 2014-12-27 08:37 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-09-23 08:29 - 2019-02-03 14:21 - 000000000 ____D C:\ProgramData\Mozilla
==================== Fichiers à la racine de certains dossiers ========
2016-03-04 04:17 - 2016-03-04 04:17 - 002650644 _____ () C:\Users\gilles\AppData\Roaming\sb102.dat
2015-05-10 20:10 - 2016-07-28 19:36 - 000000214 _____ () C:\Users\gilles\AppData\Roaming\WB.CFG
2020-10-05 08:03 - 2020-10-05 08:03 - 000007667 _____ () C:\Users\gilles\AppData\Local\Resmon.ResmonCfg
2011-12-25 22:02 - 2011-12-25 22:02 - 000000000 _____ () C:\Users\gilles\AppData\Local\{D0351DFF-8E40-4514-844B-B1F88F6DDE00}
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
LastRegBack: 2016-11-11 23:19
==================== Fin de FRST.txt ========================
Exécuté par gilles (administrateur) sur GILLES-PC-PORTA (SAMSUNG ELECTRONICS CO., LTD. R530/R730/P530) (19-10-2020 12:42:50)
Exécuté depuis C:\Users\gilles\Desktop
Profils chargés: gilles
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
() [Fichier non signé] C:\Windows\SysWOW64\Rezip.exe
(ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(CyberLink -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) [Fichier non signé] C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer Networking Ltd. -> Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Samsung Electronics CO., LTD. -> SEC) [Fichier non signé] C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) [Fichier non signé] C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {3bea72d1-bee8-11e7-bfc8-e8113211957f} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {3bea72dc-bee8-11e7-bfc8-e8113211957f} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {8910044a-1eab-11e0-8129-806e6f6e6963} - E:\InstallNavi.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {a1de5e0b-bfc4-11e8-b2a2-e8113211957f} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {e20959cb-a3e2-11e8-b50f-e8113211957f} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKLM\...\Print\Monitors\EPSON Stylus DX5000 Series 64MonitorBE: C:\windows\system32\E_ILMBVE.DLL [126976 2006-08-10] (SEIKO EPSON CORPORATION) [Fichier non signé]
HKLM\...\Print\Monitors\EPSON XP-205 207 Series 64MonitorBE: C:\windows\system32\E_ILMILE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\windows\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [Fichier non signé]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2020-05-01]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {0461C555-85C6-422C-869B-A8B58E84D94B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-06-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CCE6EB3-01C8-4B30-83CA-82B43544AD59} - System32\Tasks\{9D96D448-D360-42ED-BC3B-85F9198EDFBF} => C:\windows\system32\pcalua.exe -a "C:\Users\gilles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBZQI3PI\tvpc[1].exe" -d C:\Users\gilles\Desktop
Task: {19CEC215-20C1-44CF-996A-C04025F27310} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {19CEC215-20C1-44CF-996A-C04025F27310} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {19CEC215-20C1-44CF-996A-C04025F27310} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {2249D971-1987-447C-924A-8DF5EE4AE831} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-14] (Adobe Inc. -> Adobe)
Task: {263DD426-3CA0-4A6C-A038-CF4C40AB30EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {263DD426-3CA0-4A6C-A038-CF4C40AB30EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {27EBBAA0-88EC-40D2-AFD2-E491D6403A59} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [716800 2009-10-13] (Samsung Electronics Co., Ltd.) [Fichier non signé]
Task: {38F9BA9D-ECFF-4A2A-A426-C0D77ECFDEF8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-06-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F4F7D1C-8171-4431-B093-EE5E5908FA7B} - System32\Tasks\{4A85E2B8-D5CD-4BB7-8801-051D55FB2070} => C:\Users\gilles\Downloads\GarminExpress.exe
Task: {546A6232-FF65-4C10-9E69-71DD01ED1FFF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {5DCDF749-BFA7-45C6-99F2-D0413F3EA686} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-14] (Adobe Inc. -> Adobe)
Task: {5E6E797F-3CE6-47C7-BE0E-39D8401FC361} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {5E6E797F-3CE6-47C7-BE0E-39D8401FC361} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {611F1B4D-CE1A-4154-84DD-E85406D74806} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {74CE5EAB-7562-4117-9FE6-585C143F8468} - System32\Tasks\{DAD548D9-B73B-4F86-875D-17E71C9B154C} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"
Task: {789D89FE-39AF-4BF8-A69F-9DEBF2B87E38} - System32\Tasks\{2DEAFC09-4396-48D8-A85D-2478F4A2EF77} => C:\Windows\twain_32\escndv\escndv.exe [212504 2012-09-05] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORP.)
Task: {B2C5DD05-1CA0-4E79-B74C-BC8FB854D8B9} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2201192 2010-01-19] (Samsung Electronics CO., LTD. -> SEC) [Fichier non signé]
Task: {B4ACADA6-6E16-416B-8DDF-C8804208C047} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972176 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {E88BCD1C-02D4-4D99-8DBE-375DCEE91AEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {EB640E38-4639-4261-9045-7C5B7B65029A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972176 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {FECEEB70-F362-4E47-8CF4-6499170C78CD} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
Task: {FFC35C2A-91B7-404C-BA51-B09BF127C19E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {FFC35C2A-91B7-404C-BA51-B09BF127C19E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3FF85018-09C6-49E4-A9F4-50D2B4C220C6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4E2B02A8-BA4B-4AB0-8229-AEAA37AB63EC}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B4BA74A3-FE28-4BD8-8717-EA4828D08E70}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF DefaultProfile: h30c1ltf.default
FF ProfilePath: C:\Users\gilles\AppData\Roaming\Mozilla\firefox\Profiles\h30c1ltf.default [2020-10-19]
FF Notifications: Mozilla\firefox\Profiles\h30c1ltf.default -> hxxps://comment-reparer.com
FF HomepageOverride: Mozilla\firefox\Profiles\h30c1ltf.default -> Enabled: qwantcomforfirefox@jetpack
FF Extension: (Pas de nom) - C:\Users\gilles\AppData\Roaming\Mozilla\firefox\Profiles\h30c1ltf.default\Extensions\qwantcomforfirefox@jetpack.xpi [2020-10-12]
FF Extension: (Le Coin Raccourcis) - C:\Users\gilles\AppData\Roaming\Mozilla\firefox\Profiles\h30c1ltf.default\Extensions\{bca9c941-df28-4e08-98d9-35870277de34}.xpi [2020-09-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [Pas de fichier]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-14] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-05-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-05-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [Pas de fichier]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) [Fichier non signé]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-14] (Adobe Inc. -> Adobe)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052944 2020-07-14] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7185288 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [Fichier non signé]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation -> Microsoft Corporation)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Fichier non signé]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] (CyberLink -> )
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd. -> Safer Networking Ltd.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R3 athr; C:\windows\System32\DRIVERS\athrx.sys [1577472 2010-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2020-10-13] (Malwarebytes Corporation -> Malwarebytes)
S3 ew_usbccgpfilter; C:\windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [217592 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [197280 2020-10-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73880 2020-10-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [119920 2020-10-19] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-01-13] (Realtek Semiconductor Corp -> Windows (R) 2003 DDK 3790 provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [13824 2009-05-28] (Microsoft Windows Hardware Compatibility Publisher -> SAMSUNG ELECTRONICS)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-02-17] (Adlice -> )
S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-08-05] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] (Microsoft Windows Hardware Compatibility Publisher -> )
U3 aswbdisk; pas de ImagePath
U3 aswblog; pas de ImagePath
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois (créés) ===================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2020-10-19 12:42 - 2020-10-19 12:44 - 000022695 _____ C:\Users\gilles\Desktop\FRST.txt
2020-10-19 12:42 - 2020-10-19 12:43 - 000000000 ____D C:\FRST
2020-10-19 12:39 - 2020-10-19 12:40 - 002299904 _____ (Farbar) C:\Users\gilles\Desktop\FRST64.exe
2020-10-19 06:24 - 2020-10-19 06:24 - 000073880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2020-10-19 06:23 - 2020-10-19 06:23 - 000197280 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2020-10-19 06:23 - 2020-10-19 06:23 - 000119920 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2020-10-18 19:01 - 2020-10-18 19:01 - 000002743 _____ C:\Users\gilles\Desktop\cles principales.htm
2020-10-18 18:41 - 2020-10-18 19:16 - 000000000 ____D C:\Program Files (x86)\NirSoft
2020-10-18 08:09 - 2020-10-18 08:09 - 000000000 __SHD C:\found.000
2020-10-16 18:19 - 2020-10-16 19:42 - 000000000 ____D C:\Users\gilles\Downloads\recall
2020-10-16 18:18 - 2020-10-16 18:18 - 010276685 _____ C:\Users\gilles\Downloads\recall.zip
2020-10-16 11:46 - 2020-10-16 11:46 - 000000000 ____D C:\Users\gilles_2\AppData\Local\mbam
2020-10-14 11:22 - 2020-10-18 18:09 - 000520419 _____ C:\Users\gilles\Desktop\ZHPDiag.html
2020-10-14 11:22 - 2020-10-18 18:08 - 000420008 _____ C:\Users\gilles\Desktop\ZHPDiag.txt
2020-10-14 11:12 - 2020-10-14 11:12 - 003437952 _____ (Nicolas Coolman) C:\Users\gilles\Downloads\ZHPSuite(1).exe
2020-10-14 10:09 - 2020-10-14 10:09 - 000004710 _____ C:\Users\gilles\Desktop\Malware byte rapport.txt
2020-10-14 09:02 - 2020-10-19 06:32 - 000000000 ____D C:\Users\gilles\AppData\LocalLow\IGDump
2020-10-13 20:22 - 2020-10-13 20:22 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2020-10-13 20:22 - 2020-10-13 20:22 - 000217592 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2020-10-13 20:22 - 2020-10-13 20:22 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-10-13 20:22 - 2020-10-13 20:22 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-10-13 20:22 - 2020-10-13 20:22 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-10-13 20:22 - 2020-10-13 20:22 - 000000000 ____D C:\Users\gilles\AppData\Local\mbam
2020-10-13 20:22 - 2020-10-13 20:21 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2020-10-13 20:21 - 2020-10-13 20:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-10-13 20:21 - 2020-10-13 20:21 - 000000000 ____D C:\Program Files\Malwarebytes
2020-10-13 20:16 - 2020-10-13 20:20 - 000001442 _____ C:\Users\gilles\Desktop\MBSetup - Raccourci.lnk
2020-10-13 20:14 - 2020-10-13 20:14 - 002041448 _____ (Malwarebytes) C:\Users\gilles\Downloads\MBSetup.exe
2020-10-13 19:59 - 2020-10-13 20:00 - 000001529 _____ C:\Users\gilles\Desktop\adwcleaner_8.0.8 - Raccourci.lnk
2020-10-13 19:57 - 2020-10-13 19:57 - 008447152 _____ (Malwarebytes) C:\Users\gilles\Downloads\adwcleaner_8.0.8.exe
2020-10-13 19:52 - 2020-10-13 19:52 - 000005808 _____ C:\Users\gilles\Desktop\ZHPCleaner (R).txt
2020-10-13 19:19 - 2020-10-13 19:27 - 000013992 _____ C:\Users\gilles\Desktop\ZHPCleaner (S).html
2020-10-13 19:05 - 2020-10-13 19:08 - 000001475 _____ C:\Users\gilles\Desktop\ZHPCleaner - Raccourci.lnk
2020-10-13 17:32 - 2020-10-13 20:05 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-12 14:15 - 2020-10-13 19:08 - 000000000 ____D C:\Users\gilles\AppData\Local\ZHP
2020-10-12 14:15 - 2020-10-12 14:15 - 003437952 _____ (Nicolas Coolman) C:\Users\gilles\Downloads\ZHPSuite.exe
2020-10-12 07:38 - 2020-10-12 07:40 - 006639714 _____ C:\Users\gilles\Downloads\CrystalDiskInfo8_8_9.zip
2020-10-10 21:44 - 2020-10-10 21:45 - 000000000 ___HD C:\$WINDOWS.~BT
2020-10-10 20:27 - 2020-10-10 20:27 - 000000000 ___HD C:\$Windows.~WS
2020-10-08 21:15 - 2020-10-08 21:15 - 001047143 _____ C:\Users\gilles\Desktop\FT_Fertilisation_organique_CA_04_09-2020.pdf
2020-10-05 08:03 - 2020-10-05 08:03 - 000007667 _____ C:\Users\gilles\AppData\Local\Resmon.ResmonCfg
2020-10-04 20:02 - 2020-10-10 21:44 - 000001890 _____ C:\windows\diagwrn.xml
2020-10-04 20:02 - 2020-10-10 21:44 - 000001890 _____ C:\windows\diagerr.xml
2020-10-04 19:33 - 2020-10-10 21:44 - 000000000 ____D C:\ESD
2020-10-04 19:25 - 2020-10-04 19:25 - 019445016 _____ (Microsoft Corporation) C:\Users\gilles\Downloads\MediaCreationTool2004.exe
2020-10-04 19:13 - 2020-10-04 19:14 - 019255000 _____ (Microsoft Corporation) C:\Users\gilles\Downloads\MediaCreationTool1909.exe
2020-10-01 20:41 - 2020-10-02 07:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== Un mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2020-10-19 12:36 - 2018-09-06 12:34 - 000562176 ___SH C:\Users\gilles\Desktop\Thumbs.db
2020-10-19 12:34 - 2016-11-28 19:24 - 000000000 ____D C:\Users\gilles\AppData\LocalLow\Mozilla
2020-10-19 08:43 - 2018-07-28 20:53 - 000000000 ____D C:\Users\gilles_2\AppData\LocalLow\Mozilla
2020-10-19 08:20 - 2009-07-14 06:45 - 000022976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-10-19 08:20 - 2009-07-14 06:45 - 000022976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-10-18 21:08 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-10-18 18:44 - 2017-12-16 22:58 - 000000000 ____D C:\Users\gilles\AppData\Local\CrashDumps
2020-10-18 18:08 - 2015-05-10 21:15 - 000000000 ____D C:\Users\gilles\AppData\Roaming\ZHP
2020-10-16 18:31 - 2011-03-15 21:42 - 000000000 ____D C:\Users\gilles\Documents\Youcam
2020-10-16 08:26 - 2011-03-15 20:02 - 000000000 ____D C:\Users\gilles
2020-10-16 08:23 - 2012-10-09 21:18 - 000000000 ____D C:\Users\gilles\photos
2020-10-16 08:04 - 2013-11-10 19:10 - 000000000 ____D C:\Users\gilles\Desktop\DOSSIERS FAMILLE
2020-10-16 07:42 - 2010-10-26 01:02 - 000747910 _____ C:\windows\system32\perfh00C.dat
2020-10-16 07:42 - 2010-10-26 01:02 - 000150402 _____ C:\windows\system32\perfc00C.dat
2020-10-16 07:42 - 2009-07-14 07:13 - 001669656 _____ C:\windows\system32\PerfStringBackup.INI
2020-10-16 07:42 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf
2020-10-14 10:08 - 2012-02-01 20:15 - 000000000 ____D C:\Users\gilles\AppData\Roaming\Icones
2020-10-14 09:23 - 2018-03-13 22:23 - 000004650 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-10-14 09:23 - 2012-05-10 21:08 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2020-10-14 09:23 - 2012-05-10 21:08 - 000004484 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater
2020-10-14 09:23 - 2011-07-08 20:00 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-14 09:23 - 2011-03-26 19:08 - 000000000 ____D C:\windows\system32\Macromed
2020-10-14 09:23 - 2010-10-25 08:28 - 000000000 ____D C:\windows\SysWOW64\Macromed
2020-10-13 20:06 - 2015-11-30 21:50 - 000000290 __RSH C:\ProgramData\ntuser.pol
2020-10-13 20:05 - 2018-11-24 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-13 20:04 - 2010-10-25 08:37 - 000000000 ____D C:\ProgramData\SAMSUNG
2020-10-13 20:04 - 2010-10-25 08:29 - 000000000 ____D C:\Program Files (x86)\Samsung
2020-10-13 20:04 - 2010-10-25 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2020-10-10 21:45 - 2009-08-02 04:27 - 000000000 ____D C:\windows\Panther
2020-10-05 18:57 - 2012-12-21 21:11 - 000000000 ____D C:\Users\gilles\AppData\Roaming\ObviousIdea
2020-10-04 19:00 - 2020-08-17 13:24 - 000015360 ___SH C:\Users\gilles\Downloads\Thumbs.db
2020-09-25 09:15 - 2013-09-08 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2020-09-25 09:15 - 2011-03-19 21:25 - 000000000 ____D C:\ProgramData\EPSON
2020-09-25 08:55 - 2020-05-10 22:20 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-25 08:55 - 2014-12-27 08:37 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-09-23 08:29 - 2019-02-03 14:21 - 000000000 ____D C:\ProgramData\Mozilla
==================== Fichiers à la racine de certains dossiers ========
2016-03-04 04:17 - 2016-03-04 04:17 - 002650644 _____ () C:\Users\gilles\AppData\Roaming\sb102.dat
2015-05-10 20:10 - 2016-07-28 19:36 - 000000214 _____ () C:\Users\gilles\AppData\Roaming\WB.CFG
2020-10-05 08:03 - 2020-10-05 08:03 - 000007667 _____ () C:\Users\gilles\AppData\Local\Resmon.ResmonCfg
2011-12-25 22:02 - 2011-12-25 22:02 - 000000000 _____ () C:\Users\gilles\AppData\Local\{D0351DFF-8E40-4514-844B-B1F88F6DDE00}
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
LastRegBack: 2016-11-11 23:19
==================== Fin de FRST.txt ========================