Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version:27-01-2016 Exécuté par dhehe (2016-01-31 20:36:43) Exécuté depuis C:\Users\dhehe\Desktop Windows 10 Home (X64) (2015-12-14 03:22:13) Mode d'amorçage: Normal ========================================================== ==================== Comptes: ============================= Administrateur (S-1-5-21-3034022305-3609903343-1356897769-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3034022305-3609903343-1356897769-503 - Limited - Disabled) dhehe (S-1-5-21-3034022305-3609903343-1356897769-1001 - Administrator - Enabled) => C:\Users\dhehe Invité (S-1-5-21-3034022305-3609903343-1356897769-501 - Limited - Disabled) ==================== Centre de sécurité ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programmes installés ====================== (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.) Ad-Aware Antivirus (HKLM\...\{30B9595A-D4B5-4198-8F3C-2219C78590C9}_AdAwareUpdater) (Version: 11.9.662.8718 - Lavasoft) AdAwareInstaller (Version: 11.9.662.8718 - Lavasoft) Hidden AdAwareUpdater (Version: 11.9.662.8718 - Lavasoft) Hidden Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.027 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.30 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) CyberLink PhotoDirector 5 (Version: 5.0.5.6515 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.) Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.) Étude pour l'amélioration du produit HP ENVY 7640 series (HKLM\...\{FCCF7FF7-1DD8-4EC2-A76D-BBE0CC631FD9}) (Version: 34.2.117.50647 - Hewlett-Packard Co.) Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP ENVY 7640 series Aide (HKLM-x32\...\{602787F6-47B8-4BF9-8C12-30E38E4E2805}) (Version: 34.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Solutions Framework (HKLM-x32\...\{ED5CE45D-842B-4C18-A002-87E16EA39BB3}) (Version: 12.0.30.219 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation) Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{795ee3a0-97fa-489a-9543-7564ccc43be4}) (Version: 18.12.0 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Logiciel de base du périphérique HP ENVY 7640 series (HKLM\...\{E0232B3B-29FD-48A7-990A-95481A0130A7}) (Version: 34.2.117.50647 - Hewlett-Packard Co.) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Maxx Audio Installer (x64) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.) Microsoft Office Famille et Étudiant 2016 - fr-fr (HKLM\...\HomeStudentRetail - fr-fr) (Version: 16.0.6366.2062 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden OpenOffice 4.1.2 (HKLM-x32\...\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}) (Version: 4.12.9782 - Apache Software Foundation) Package de pilotes Windows - ASUS (ATP) Mouse (08/01/2015 10.0.0.5) (HKLM\...\B267A462F49A1ACD7A2EC5C262BA0DC7D7B23891) (Version: 08/01/2015 10.0.0.5 - ASUS) Panneau de configuration NVIDIA 353.54 (Version: 353.54 - NVIDIA Corporation) Hidden PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.26.25466 - pdfforge GmbH) PDF Architect 4 Create Module (Version: 4.0.9.25450 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (Version: 4.0.9.25450 - pdfforge GmbH) Hidden PDF Architect 4 View Module (Version: 4.0.9.25450 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.1 - pdfforge) PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.33 - ASUS) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.) Spotify (HKU\S-1-5-21-3034022305-3609903343-1356897769-1001\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Web Companion (HKLM-x32\...\{cfcc4787-7438-4001-9535-278d9e76bc1a}) (Version: 2.1.1265.2535 - Lavasoft) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4947 - Kingsoft Corp.) ==================== Personnalisé CLSID (Avec liste blanche): ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) CustomCLSID: HKU\S-1-5-21-3034022305-3609903343-1356897769-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\dhehe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation) ==================== Tâches planifiées (Avec liste blanche) ============= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {0131EA7D-992D-4992-893B-9908618C0528} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-18] (Microsoft Corporation) Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {0F71139B-44DA-4814-95B3-36544058B19C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] () Task: {16C0F2CB-05FF-42DC-B079-DCDC8E771142} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe [2015-11-27] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {1776C773-7B76-45BB-A37A-D010454917AB} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {1ECAF37E-1687-4167-9531-5A392C0C640A} - System32\Tasks\WpsNotifyTask_dhehe => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe [2015-08-18] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {25E964C4-38F8-4A33-AB52-D0D8D255D6FA} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS) Task: {295B7D7A-C7BC-40BC-A74E-08210EED62E3} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {2B87FDF9-B9DF-4CD4-9DF1-50FBE78A69CE} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.) Task: {307EB94B-4069-49AD-A14F-5D54E8BEFD97} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {45D97299-EEB2-45AD-A275-2A5BAF7077FB} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-09-23] (AsusTek) Task: {47B485D9-1AC5-4DE9-BEE0-A56921B2021A} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe [2015-08-18] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {48EF3B0C-4971-4070-9B90-BE2C3BAB4415} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.) Task: {4F0647CB-781A-4231-B8EF-1D860D1B8B27} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-07-29] (Realtek Semiconductor) Task: {4FC34A2E-3A2A-46FD-9930-EB27FB779C2D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {570F5EB1-31C0-4547-8BF7-EA7384AA0CB9} - System32\Tasks\HPCeeScheduleFordhehe => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {635C8DD9-F088-414C-A56A-30898F37AE08} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard) Task: {67F9FA40-172C-4FDF-A5DF-6A37905AEAAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation) Task: {8A827D0E-042C-4852-A36A-DE42DC0EE6ED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd) Task: {8D981A62-507B-4446-B235-9F8E1FCD068F} - System32\Tasks\HPCustParticipation HP ENVY 7640 series => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe [2014-08-22] (Hewlett-Packard Development Company, LP) Task: {91190656-B853-4983-85D5-EC0B2CA6DEB0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {93104305-F134-4483-8EC4-5AB69A3DA5C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.) Task: {9AF9199F-F516-4DB0-A21A-42DA6C58DC83} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {A89FC101-64C6-440E-98ED-EE1EF081A928} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard) Task: {AEBDDBAE-E190-42F9-8B8A-D4937CD775A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {B4D846C7-3B1F-49B7-991C-0C97E9D7A19D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation) Task: {BAC3779F-CD1C-4D0A-B036-01BD17391BB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {D7478D1E-C776-47F2-9921-A3ADBC0EE1FB} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor) Task: {DD6F6E87-679A-471B-AEF4-F807E00D21B1} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.) Task: {E6E37622-2CB5-4A4C-82A0-70A6C2AF700F} - System32\Tasks\WpsUpdateTask_dhehe => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe [2015-11-27] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {EA8A50F6-21B2-41B0-9030-4B20D92C0523} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {F8B8F614-6313-4B48-8598-413C1EDB3290} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleFordhehe.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_dhehe.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_dhehe.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe ==================== Raccourcis ============================= (Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.) ==================== Modules chargés (Avec liste blanche) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-14 04:01 - 2015-07-13 18:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe 2015-12-05 20:19 - 2015-12-05 20:19 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2015-12-05 20:19 - 2015-12-05 20:19 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2015-12-05 20:19 - 2015-12-05 20:19 - 00028432 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2015-11-16 11:09 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-10-20 11:54 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2015-12-14 03:51 - 2015-12-14 03:51 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-01-22 18:55 - 2016-01-22 18:55 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-12-14 03:51 - 2015-12-14 03:51 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-08-13 11:03 - 2015-07-30 04:13 - 00405432 _____ () C:\WINDOWS\system32\igfxTray.exe 2015-12-17 19:50 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-12-17 19:50 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-15 07:43 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-15 07:43 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-29 21:08 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-29 21:08 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-05-31 17:15 - 2015-05-31 17:15 - 00063272 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe 2015-10-20 11:40 - 2013-05-15 14:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe 2015-12-08 20:25 - 2015-12-08 20:25 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll 2016-01-22 18:55 - 2016-01-22 18:55 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-01-22 18:55 - 2016-01-22 18:55 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-06-09 20:25 - 2015-06-09 20:25 - 00035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2015-06-09 20:25 - 2015-06-09 20:25 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2015-10-20 11:31 - 2015-06-24 12:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-11-10 13:14 - 2016-01-22 18:49 - 50679920 _____ () C:\Users\dhehe\AppData\Roaming\Spotify\libcef.dll 2015-04-30 13:17 - 2015-04-30 13:17 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2015-04-30 13:17 - 2015-04-30 13:17 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2015-11-10 13:14 - 2016-01-22 18:49 - 01882224 _____ () C:\Users\dhehe\AppData\Roaming\Spotify\libglesv2.dll 2015-11-10 13:14 - 2016-01-22 18:49 - 00082544 _____ () C:\Users\dhehe\AppData\Roaming\Spotify\libegl.dll 2016-01-29 21:37 - 2016-01-27 18:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll 2016-01-29 21:37 - 2016-01-27 18:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll 2015-06-24 01:07 - 2015-06-24 01:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-01-29 21:37 - 2016-01-27 18:39 - 16799048 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.) ==================== Mode sans échec (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.) ==================== EXE Association (Avec liste blanche) =============== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.) ==================== Internet Explorer sites de confiance/sensibles =============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-3034022305-3609903343-1356897769-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3034022305-3609903343-1356897769-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts contenu: =============================== (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.) 2015-07-10 12:04 - 2016-01-24 21:11 - 00000857 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Autres zones ============================ (Actuellement, il n'y a pas de correction automatique pour cette section.) HKU\S-1-5-21-3034022305-3609903343-1356897769-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dhehe\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg DNS Servers: 89.2.0.10 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Le Pare-feu est activé. ==================== MSCONFIG/TASK MANAGER éléments désactivés == (Actuellement, il n'y a pas de correction automatique pour cette section.) MSCONFIG\Services: lfsvc => 3 ==================== RèglesPare-feu (Avec liste blanche) =============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{ACC427DD-BFA2-4B60-9874-1A9936A6077D}C:\users\dhehe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dhehe\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{B0566E77-9288-4297-8D29-0BFCD1F72FBD}C:\users\dhehe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dhehe\appdata\roaming\spotify\spotify.exe FirewallRules: [{1000FE1E-5C47-419E-A20D-413445F311F4}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{35CF99EF-1792-447D-8B46-62FEF0DAD597}] => (Allow) LPort=5357 FirewallRules: [{1EE4667D-6388-4294-90B2-8D4120FEE483}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe FirewallRules: [{1810E4E9-B871-4CAB-A383-84E6A61BCEED}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe FirewallRules: [{EA4A2E3A-412B-4AE7-9064-74CC0A6C011F}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe FirewallRules: [{B1BC8C47-9DBE-4549-AAC2-EDF3DAF95C9B}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe FirewallRules: [{C5669D50-F242-425E-871B-C6E69AF06223}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{09914EEC-803B-4282-B7FC-E4644D427613}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{4AEDE788-76C4-47F8-A3EB-40E19A4E26D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Points de restauration ========================= 15-01-2016 15:16:10 Windows Update 18-01-2016 15:18:45 Windows Update 21-01-2016 19:03:12 Windows Update 24-01-2016 21:05:03 Windows Update 29-01-2016 21:08:41 Windows Update 29-01-2016 21:09:29 Windows Update ==================== Éléments en erreur du Gestionnaire de périphériques ============= ==================== Erreurs du Journal des événements: ========================= Erreurs Application: ================== Error: (01/31/2016 08:35:10 PM) (Source: HP Active Health) (EventID: 14) (User: ) Description: Exception while generating JSON: Le format de la chaîne d'entrée est incorrect. Error: (01/31/2016 08:34:57 PM) (Source: HP Active Health) (EventID: 88) (User: ) Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it Error: (01/31/2016 08:34:57 PM) (Source: HP Active Health) (EventID: 88) (User: ) Description: -- SECURITY WARNING -- ActiveHealthState.ini has been tampered with, resetting it Error: (01/31/2016 08:34:57 PM) (Source: HP Active Health) (EventID: 80) (User: ) Description: -- SECURITY WARNING -- Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH à HP.ActiveHealth.Commons.Security.HashStore.LoadHashesFromFile() Error: (01/31/2016 04:02:59 PM) (Source: HP Active Health) (EventID: 14) (User: ) Description: Exception while generating JSON: Le format de la chaîne d'entrée est incorrect. Error: (01/31/2016 04:02:56 PM) (Source: HP Active Health) (EventID: 88) (User: ) Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it Error: (01/31/2016 04:02:56 PM) (Source: HP Active Health) (EventID: 88) (User: ) Description: -- SECURITY WARNING -- ActiveHealthState.ini has been tampered with, resetting it Error: (01/31/2016 04:02:56 PM) (Source: HP Active Health) (EventID: 80) (User: ) Description: -- SECURITY WARNING -- Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH à HP.ActiveHealth.Commons.Security.HashStore.LoadHashesFromFile() Error: (01/31/2016 03:59:01 PM) (Source: HP Active Health) (EventID: 14) (User: ) Description: Exception while generating JSON: Le format de la chaîne d'entrée est incorrect. Error: (01/31/2016 03:58:52 PM) (Source: HP Active Health) (EventID: 88) (User: ) Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it Erreurs système: ============= Error: (01/31/2016 08:30:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Kingsoft_WPS_UpdateService n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (01/31/2016 08:30:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Kingsoft_WPS_UpdateService. Error: (01/31/2016 08:30:01 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: L’arrêt système précédant à 19:28:39 le ‎31/‎01/‎2016 n’était pas prévu. Error: (01/31/2016 07:29:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Kingsoft_WPS_UpdateService n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (01/31/2016 07:28:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Kingsoft_WPS_UpdateService. Error: (01/31/2016 07:28:39 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: L’arrêt système précédant à 16:18:55 le ‎31/‎01/‎2016 n’était pas prévu. Error: (01/31/2016 04:05:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT) Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x8024200b : Hewlett-Packard - Enterprise WSD Multi-Function Printer, Multi-Function Printer, Other hardware - Null Print - HP ENVY 7640 series. Error: (01/31/2016 04:05:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT) Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80070490 : HP driver update for Fax - HP ENVY 7640 series. Error: (01/31/2016 03:54:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service SearchProtectionService n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (01/31/2016 03:54:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service SearchProtectionService. CodeIntegrity: =================================== Date: 2016-01-31 09:44:55.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-30 17:38:26.855 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 14:05:43.898 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-29 21:02:19.844 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-26 10:35:34.965 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-25 19:25:40.395 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-24 19:09:06.905 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-22 12:42:51.681 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-22 05:43:54.253 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-21 12:07:27.188 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Infos Mémoire =========================== Processeur: Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz Pourcentage de mémoire utilisée: 34% Mémoire physique - RAM - totale: 8085.22 MB Mémoire physique - RAM - disponible: 5272.64 MB Mémoire virtuelle totale: 9365.22 MB Mémoire virtuelle disponible: 6407.36 MB ==================== Lecteurs ================================ Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:295.28 GB) NTFS ==>[système avec composants d'amorçage (obtenu depuis lecteur)] Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:558.69 GB) NTFS ==================== MBR & Table des partitions ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 3BFBE3B7) Partition: GPT. ==================== Fin de Addition.txt ============================