Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Exécuté par Laurent (administrateur) sur LAURENT (09-04-2016 12:07:46) Exécuté depuis C:\Users\Laurent\Desktop Profils chargés: Laurent (Profils disponibles: UpdatusUser & Laurent) Platform: Windows 10 Home Version 1511 (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Reputation\fsorsp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Anti-Virus\fsgk32.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Common\FSHDLL64.EXE (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Anti-Virus\fssm32.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (OVH) C:\Program Files\OVH\hubiC\hubiC.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40791.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40791.0_x64__8wekyb3d8bbwe\HxTsr.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (BitTorrent Inc.) C:\Users\Laurent\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe (BitTorrent Inc.) C:\Users\Laurent\AppData\Roaming\uTorrent\updates\updates\3.4.6_42094\utorrentie.exe (BitTorrent Inc.) C:\Users\Laurent\AppData\Roaming\uTorrent\updates\updates\3.4.6_42094\utorrentie.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40791.0_x64__8wekyb3d8bbwe\HxMail.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.) HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\Run: [hubiC] => C:\Program Files\OVH\hubiC\hubiC.exe [3527168 2015-03-03] (OVH) HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\Run: [uTorrent] => C:\Users\Laurent\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe [1959424 2016-04-07] (BitTorrent Inc.) HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom) HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\RunOnce: [Uninstall C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\RunOnce: [Uninstall C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\RunOnce: [Uninstall C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\MountPoints2: G - "G:\setup.exe" HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\MountPoints2: {35463a53-7fc8-11e5-bf5e-28e3479262e9} - "F:\setup.exe" HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\MountPoints2: {35463c1f-7fc8-11e5-bf5e-28e3479262e9} - "G:\setup.exe" HKU\S-1-5-21-2820819004-2177552622-226030308-1002\...\MountPoints2: {bd6d7352-7ef1-11e5-bf5e-28e3479262e9} - "F:\HTC_Sync_Manager_PC.exe" AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers: [HubicBackupRootOverlayHandler] -> {2DF0C6DB-1E85-4894-9D4F-63CB0EAB17EA} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Laurent\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-11] (Microsoft Corporation) GroupPolicy: Restriction - Chrome <======= ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{a4f50756-c651-481b-ba50-b4eecf075617}: [DhcpNameServer] 192.168.0.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.fr/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.fr/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.fr/?q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.fr/?q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.fr/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.fr/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.fr/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.fr/ HKU\S-1-5-21-2820819004-2177552622-226030308-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.fr/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation) BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2016-04-04] (F-Secure Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation) BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2016-04-04] (F-Secure Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi FF Extension: Browsing Protection by F-Secure - C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi [2016-04-04] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-11-23] [non signé] FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchKeyword: Default -> safe CHR Profile: C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-04] CHR Extension: (YouTube) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-04] CHR Extension: (Recherche Google) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-04] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-04] CHR HKU\S-1-5-21-2820819004-2177552622-226030308-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkmikccifolokanfakbeadbmgchomeli] - C:\Program Files (x86)\F-Secure\SAFE\apps\SafeSearch\Chrome\main.crx [2015-11-04] CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/SAFE/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2015-10-23] ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.) R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) R2 fshoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [186840 2016-03-11] (F-Secure Corporation) R3 FSMA; C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-11-24] (F-Secure Corporation) R2 FSORSPClient; C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Reputation\fsorsp.exe [60456 2015-12-30] (F-Secure Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-12] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MSSQL$KBMSS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [Fichier non signé] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-09-23] (ASUS Corporation) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8462000 2014-05-10] (Broadcom Corporation) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-01] (Disc Soft Ltd) R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [219128 2015-12-30] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\SAFE\apps\ComputerSecurity\HIPS\drivers\fshs.sys [97352 2016-02-11] (F-Secure Corporation) R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [75448 2016-01-12] () R3 fsni; C:\Program Files (x86)\F-Secure\SAFE\apps\CCF_Scanning\bin\fsni64.sys [110272 2016-04-04] (F-Secure Corporation) S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) [Fichier non signé] R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-03] (Malwarebytes) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek ) S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-04-09 12:07 - 2016-04-09 12:09 - 00024473 _____ C:\Users\Laurent\Desktop\FRST.txt 2016-04-09 12:06 - 2016-04-09 12:06 - 02374144 _____ (Farbar) C:\Users\Laurent\Downloads\FRST64.exe 2016-04-09 12:06 - 2016-04-09 12:06 - 02374144 _____ (Farbar) C:\Users\Laurent\Desktop\FRST64.exe 2016-04-09 12:01 - 2016-04-09 12:01 - 00002740 _____ C:\Users\Laurent\Desktop\ZHPFixReport.txt 2016-04-09 12:01 - 2016-04-09 12:01 - 00002740 _____ C:\Users\Laurent\Desktop\ZHPFix[R1].txt 2016-04-09 11:54 - 2016-04-09 11:59 - 00000000 ____D C:\Program Files (x86)\ZHPFix 2016-04-09 11:54 - 2016-04-09 11:54 - 00001920 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2016-04-09 11:54 - 2016-04-09 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2016-04-09 11:52 - 2016-04-09 11:52 - 03521617 _____ (Nicolas Coolman ) C:\Users\Laurent\Downloads\ZHPFix.exe 2016-04-09 11:52 - 2016-04-09 11:52 - 03521617 _____ (Nicolas Coolman ) C:\Users\Laurent\Desktop\ZHPFix.exe 2016-04-09 09:33 - 2016-04-09 09:33 - 00003634 _____ C:\WINDOWS\System32\Tasks\Scheduled scanning task 2016-04-09 09:33 - 2016-04-09 09:33 - 00000672 _____ C:\WINDOWS\Tasks\Scheduled scanning task.job 2016-04-09 09:28 - 2016-04-09 09:28 - 00129391 _____ C:\Users\Laurent\Desktop\ZHPDiag.txt 2016-04-09 09:25 - 2016-04-09 09:25 - 00000908 _____ C:\Users\Laurent\Desktop\ZHPDiag.lnk 2016-04-09 09:25 - 2016-04-09 09:24 - 02179584 _____ C:\Users\Laurent\Desktop\ZHPDiag3.exe 2016-04-09 09:24 - 2016-04-09 09:24 - 02179584 _____ C:\Users\Laurent\Downloads\ZHPDiag3.exe 2016-04-07 22:07 - 2016-04-07 22:07 - 00617089 _____ C:\Users\Laurent\Desktop\Mars LV.pdf 2016-04-07 22:06 - 2016-04-07 22:06 - 00630686 _____ C:\Users\Laurent\Desktop\Fevrier LV.pdf 2016-04-07 22:04 - 2016-04-07 22:04 - 00659966 _____ C:\Users\Laurent\Desktop\Mars LS.pdf 2016-04-07 22:02 - 2016-04-07 22:02 - 00635065 _____ C:\Users\Laurent\Desktop\Février LS.pdf 2016-04-07 19:02 - 2016-04-07 19:02 - 00023647 _____ C:\Users\Laurent\Desktop\paje_atfiempl.pdf 2016-04-07 19:01 - 2016-04-07 19:01 - 00000000 ____D C:\Users\Laurent\AppData\LocalLow\uTorrent 2016-04-04 18:43 - 2016-04-04 18:42 - 00038311 _____ C:\Users\Laurent\Desktop\Camping.pdf 2016-04-04 07:15 - 2016-04-04 07:15 - 00000000 ___HD C:\OneDriveTemp 2016-04-02 21:50 - 2016-04-02 21:50 - 00000257 _____ C:\Users\Laurent\Desktop\a copier.txt 2016-03-29 19:06 - 2016-03-29 19:06 - 00011508 _____ C:\Users\Laurent\Desktop\Classeur1.xlsx 2016-03-21 18:24 - 2016-03-21 18:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\F-Secure ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-04-09 12:07 - 2016-02-02 21:29 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\uTorrent 2016-04-09 12:07 - 2016-01-04 23:56 - 00000000 ____D C:\FRST 2016-04-09 12:01 - 2015-12-25 01:18 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\ZHP 2016-04-09 12:00 - 2015-05-13 19:05 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2016-04-09 12:00 - 2015-05-13 19:05 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2016-04-09 12:00 - 2014-09-20 00:08 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Skype 2016-04-09 11:46 - 2016-01-04 01:31 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-09 06:12 - 2014-11-21 23:24 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF916D1E-9B1D-4096-A8A5-C1D808987B6E} 2016-04-08 23:47 - 2016-01-04 01:31 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-08 22:46 - 2016-01-04 01:31 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-08 12:44 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-08 05:45 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-04 19:52 - 2014-09-20 00:09 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\hubiC 2016-04-04 07:21 - 2015-12-31 02:48 - 00000074 _____ C:\Users\Laurent\AppData\Roaming\sp_data.sys 2016-04-04 07:19 - 2015-08-16 10:38 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture 2016-04-04 07:17 - 2015-10-30 21:00 - 00872208 _____ C:\WINDOWS\system32\perfh00C.dat 2016-04-04 07:17 - 2015-10-30 21:00 - 00173106 _____ C:\WINDOWS\system32\perfc00C.dat 2016-04-04 07:17 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-04-04 07:17 - 2015-08-16 10:14 - 01979206 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-04 07:15 - 2014-09-20 18:09 - 00000000 __RDO C:\Users\Laurent\OneDrive 2016-04-04 07:12 - 2015-08-16 10:35 - 00000000 __SHD C:\Users\Laurent\IntelGraphicsProfiles 2016-04-04 07:10 - 2015-12-05 06:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-04 07:10 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-03-31 19:39 - 2015-03-29 21:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-03-31 09:39 - 2014-09-20 00:13 - 00000000 ____D C:\Users\Laurent\hubiC 2016-03-23 08:23 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-17 18:33 - 2014-08-26 18:12 - 00000000 ____D C:\Users\Laurent\AppData\Local\Packages 2016-03-17 13:38 - 2014-11-30 22:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-03-11 18:59 - 2015-08-16 10:44 - 00002454 _____ C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-03-11 13:14 - 2015-12-05 05:50 - 00000000 ____D C:\Users\Laurent 2016-03-10 05:06 - 2015-12-05 05:40 - 00373672 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-03-10 05:03 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-03-10 05:03 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-03-10 05:03 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-03-10 05:03 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform ==================== Fichiers à la racine de certains dossiers ======= 2015-12-31 02:48 - 2016-04-04 07:21 - 0000074 _____ () C:\Users\Laurent\AppData\Roaming\sp_data.sys 2015-05-30 12:13 - 2015-05-30 12:13 - 0000057 _____ () C:\ProgramData\Ament.ini Certains fichiers dans TEMP: ==================== C:\Users\Laurent\AppData\Local\Temp\SkypeSetup.exe C:\Users\Laurent\AppData\Local\Temp\{56785B62-C538-4EBA-A88A-4A3397DD020F}.exe ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement C:\WINDOWS\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2016-04-08 06:53 ==================== Fin de FRST.txt ============================