Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016 Exécuté par pierre (administrateur) sur PACO (11-12-2016 21:21:43) Exécuté depuis C:\Users\pierre\Downloads Profils chargés: pierre (Profils disponibles: pierre) Platform: Windows 8.1 (Update) (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe () C:\Program Files (x86)\Mono\Service\MonoService.exe (Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe () C:\Users\pierre\AppData\Roaming\WindowsUpdate.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Wondershare) C:\Program Files (x86)\Wondershare\Dr.Fone pour Android\BackupRemind.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Mobo, Inc.) C:\Program Files (x86)\Mobo\Service\MoboDeviceService.exe (Mobo) C:\Program Files (x86)\Mobo\Service\MoboDeviceProxy.exe (Fuzhou BoYuan Wireless Websoft Technology Co., Ltd.) C:\Program Files (x86)\Mobo\Service\IDCM32.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [CovaCrack] => C:\Users\pierre\Desktop\COVADIS 14.0c\2. CRACK COVADIS 14\Crack COVADIS 14 X64.exe [29215744 2015-04-27] (Services Pour Ingénieurs (spingenieur@gmail.com)) HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [615144 2016-03-09] (Samsung Electronics Co.,Ltd) HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2016-11-25] (QIHU 360 SOFTWARE CO. LIMITED) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-978477455-911488471-3198679978-1001\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-978477455-911488471-3198679978-1001\...\Run: [Windows Update] => C:\Users\pierre\AppData\Roaming\WindowsUpdate.exe [690176 2016-03-27] () HKU\S-1-5-21-978477455-911488471-3198679978-1001\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-978477455-911488471-3198679978-1001\...\MountPoints2: {c7a68520-db99-11e5-8266-5c93a2ecd38e} - "F:\setup.EXE" /AUTORUN ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [ID de superposition d'icônes des signatures numériques AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2016-09-06] ShortcutTarget: BackupRemind.lnk -> C:\Program Files (x86)\Wondershare\Dr.Fone pour Android\BackupRemind.exe (Wondershare) Startup: C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 3520 series (réseau).lnk [2016-12-11] ShortcutTarget: Alertes de surveillance de l'encre - HP Deskjet 3520 series (réseau).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{794EE30A-5E98-4F73-8EB2-A99A91784646}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-11-25] (Qihu 360 Software Co., Ltd.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-10-24] (Qihu 360 Software Co., Ltd.) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-978477455-911488471-3198679978-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-05-23] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-25] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-13] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) FF Plugin HKU\S-1-5-21-978477455-911488471-3198679978-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\pierre\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) Chrome: ======= CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=1471869089&from=a4bf0819&uid=st1000lm024xhn-m101mbb_s32xj9ffa16553&z=dbf13f7e0940c3c63e00633g9zdm4g1baqet9e0qcm CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1471869089&from=a4bf0819&uid=st1000lm024xhn-m101mbb_s32xj9ffa16553&z=dbf13f7e0940c3c63e00633g9zdm4g1baqet9e0qcm" CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1477311812&from=e2dd1024&uid=st1000lm024xhn-m101mbb_s32xj9ffa16553&z=db965e3f30a3d9fb1afa3c0g6zfm7mac6g5gdbbe1q&q={searchTerms} CHR DefaultSearchKeyword: Default -> nice CHR Profile: C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default [2016-12-11] CHR Extension: (Google Slides) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-08] CHR Extension: (Google Docs) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-08] CHR Extension: (Google Drive) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-08] CHR Extension: (YouTube) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-08] CHR Extension: (Adblock Plus) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27] CHR Extension: (Recherche Google) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08] CHR Extension: (Adobe Acrobat) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-10-13] CHR Extension: (Google Sheets) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-08] CHR Extension: (Google Docs hors connexion) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (AdBlock) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-11] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (ExUptN ) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\odkfnjmedkgeoolimdelmmbohkbicohk [2016-12-10] CHR Extension: (Gmail) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-08] CHR Extension: (Chrome Media Router) - C:\Users\pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-14] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23] ==================== Services (Avec liste blanche) ==================== ===================== Pilotes (Avec liste blanche) ====================== ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-12-11 21:21 - 2016-12-11 21:22 - 00019012 _____ C:\Users\pierre\Downloads\FRST.txt 2016-12-11 21:21 - 2016-12-11 21:21 - 00000000 ____D C:\FRST 2016-12-11 21:20 - 2016-12-11 21:20 - 02420224 _____ (Farbar) C:\Users\pierre\Downloads\FRST64.exe 2016-12-11 21:15 - 2016-12-11 21:16 - 00604928 _____ (Reimage) C:\Users\pierre\Downloads\ReimageRepair.exe 2016-12-11 20:41 - 2016-12-11 21:09 - 00000000 ____D C:\AdwCleaner 2016-12-11 20:41 - 2016-12-11 20:41 - 03968464 _____ C:\Users\pierre\Downloads\adwcleaner_6.040.exe 2016-12-10 20:14 - 2016-12-10 20:39 - 1454183520 _____ C:\Users\pierre\Downloads\Pressure.2015.FRENCH.BDRip.XviD.AC3-EXTREME.avi 2016-12-10 20:07 - 2016-12-10 20:07 - 00652867 _____ C:\Users\pierre\Downloads\fifa-17-xbox-360.torrent 2016-12-09 16:29 - 2016-12-11 21:06 - 00000199 ____H C:\Users\pierre\Documents\Dessin1.dwl2 2016-12-09 16:29 - 2016-12-11 21:06 - 00000048 ____H C:\Users\pierre\Documents\Dessin1.dwl 2016-12-08 17:14 - 2016-12-08 17:38 - 1156713477 _____ C:\Users\pierre\Downloads\gex - src COMPLET.mp4 2016-12-08 00:13 - 2016-12-08 00:13 - 00000092 _____ C:\Users\pierre\Downloads\Liste de conversion 1.bcl 2016-12-07 23:49 - 2016-12-07 23:51 - 00033689 _____ C:\Users\pierre\Documents\Dessin1_recover004.dwg 2016-12-07 17:14 - 2016-12-07 17:14 - 00000595 _____ C:\Users\pierre\Documents\Conversion.txt 2016-12-06 14:51 - 2016-12-06 14:52 - 00076431 _____ C:\Users\pierre\Downloads\attestation (3).pdf 2016-12-06 14:51 - 2016-12-06 14:52 - 00076431 _____ C:\Users\pierre\Downloads\attestation (2).pdf 2016-12-06 14:51 - 2016-12-06 14:52 - 00076431 _____ C:\Users\pierre\Downloads\attestation (1).pdf 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\A285.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\A1F7.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\A1B8.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\A159.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\A0FA.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\9C91.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\9B87.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\9A5D.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\99B0.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\97F9.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\9614.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\92A8.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\8EDD.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\8D27.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\8C6A.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\8B40.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\8A34.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\89E5.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\8947.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076431 _____ C:\Users\pierre\Downloads\88C9.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076421 _____ C:\Users\pierre\Downloads\A550.tmp 2016-12-06 14:51 - 2016-12-06 14:51 - 00076421 _____ C:\Users\pierre\Downloads\A4E2.tmp 2016-12-06 12:50 - 2016-12-06 12:50 - 00249645 _____ C:\Users\pierre\Downloads\article412209.pdf 2016-12-05 23:53 - 2016-12-06 01:08 - 2382686677 ____R C:\Users\pierre\Downloads\Le Monde de Nemo (2003) [1080p] MULTi BluRay x264-PopHD.mkv 2016-12-03 14:01 - 2016-12-11 21:14 - 00001539 _____ C:\Users\pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk 2016-11-30 15:42 - 2016-11-30 15:42 - 00024606 _____ C:\Users\pierre\Downloads\Attestation d'assurance Habitation (1).pdf 2016-11-30 15:40 - 2016-11-30 15:41 - 00088424 _____ C:\Users\pierre\Downloads\devis.pdf 2016-11-29 14:09 - 2016-11-29 14:10 - 01055638 _____ C:\Users\pierre\Downloads\devis de bornage Colloud (1).pdf 2016-11-28 23:16 - 2016-11-29 00:44 - 2422597828 ____R C:\Users\pierre\Downloads\Jason.Bourne.2016.TRUEFRENCH.720p.BluRay.x264-ULS.mkv 2016-11-25 15:25 - 2016-11-25 15:25 - 00097182 _____ C:\Users\pierre\Downloads\Accidents de la Vie.pdf 2016-11-25 15:25 - 2016-11-25 15:25 - 00069407 _____ C:\Users\pierre\Downloads\Accidents de la Vie (1).pdf 2016-11-24 13:34 - 2016-11-24 13:34 - 01783697 _____ C:\Users\pierre\Downloads\2.pdf 2016-11-24 13:34 - 2016-11-24 13:34 - 01055638 _____ C:\Users\pierre\Downloads\devis de bornage Colloud.pdf 2016-11-24 01:04 - 2016-11-24 01:30 - 1383821060 _____ C:\Users\pierre\Downloads\Dont.Breathe.2016.MULTi.720p.BluRay.Light.x264.ACOOL.Zone-Telechargement.com.mkv.crdownload 2016-11-22 22:04 - 2016-11-22 22:04 - 00000000 ____D C:\Upload 2016-11-22 21:56 - 2016-11-22 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2016-11-22 21:55 - 2016-11-22 21:55 - 00000000 ____D C:\Users\pierre\AppData\Roaming\SAMSUNG 2016-11-22 21:55 - 2016-11-22 21:55 - 00000000 ____D C:\Users\pierre\.swt 2016-11-22 21:53 - 2016-11-22 21:55 - 00000000 ____D C:\Program Files\Samsung 2016-11-22 21:47 - 2016-11-22 21:51 - 92462312 _____ (Samsung Electronics Co.,Ltd) C:\Users\pierre\Downloads\SamsungLink_Installer64.exe 2016-11-22 21:13 - 2016-11-22 22:27 - 2145007349 _____ C:\Users\pierre\Downloads\The.Secret.Life.of.Pets.2016.TRUEFRENCH.720p.BluRay.x264-ULS.Premium.www.Zone-Telechargement.com.mkv 2016-11-22 20:44 - 2016-11-22 22:28 - 2615887077 _____ C:\Users\pierre\Downloads\Petes.Dragon.2016.MULTi.1080p.mHD.x264.AC3-LiTE.Premium.www.Zone-Telechargement.com.mkv 2016-11-15 13:34 - 2016-11-15 13:39 - 00009817 _____ C:\Users\pierre\Downloads\lettre-resiliation nov.pdf 2016-11-15 13:25 - 2016-11-15 13:25 - 00000000 ____D C:\Users\pierre\AppData\Roaming\SolidDocuments ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-12-11 21:18 - 2016-02-08 11:47 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-978477455-911488471-3198679978-1001 2016-12-11 21:18 - 2014-10-29 13:12 - 00812350 _____ C:\WINDOWS\system32\perfh00C.dat 2016-12-11 21:18 - 2014-10-29 13:12 - 00159412 _____ C:\WINDOWS\system32\perfc00C.dat 2016-12-11 21:18 - 2014-03-18 16:26 - 01824010 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-12-11 21:18 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf 2016-12-11 21:14 - 2016-03-27 14:34 - 00000049 _____ C:\Users\pierre\AppData\Roaming\pidloc.txt 2016-12-11 21:14 - 2016-03-27 14:34 - 00000004 _____ C:\Users\pierre\AppData\Roaming\pid.txt 2016-12-11 21:14 - 2016-03-03 21:21 - 00000000 ___DO C:\Users\pierre\OneDrive 2016-12-11 21:14 - 2016-02-08 13:59 - 00000000 ____D C:\Users\pierre\AppData\LocalLow\360WD 2016-12-11 21:14 - 2016-02-08 03:26 - 00000081 _____ C:\Users\pierre\AppData\Roaming\sp_data.sys 2016-12-11 21:12 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-11 21:11 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-12-11 21:07 - 2016-04-21 13:47 - 00000000 ____D C:\WINDOWS\system32\log 2016-12-11 20:28 - 2016-02-08 14:09 - 00000000 __SHD C:\$360Section 2016-12-11 20:28 - 2016-02-08 14:06 - 00000000 ____D C:\ProgramData\360Quarant 2016-12-11 20:25 - 2016-08-29 20:51 - 00003226 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-12-11 19:55 - 2016-02-08 11:44 - 00003924 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0A683BF8-F6EF-48B1-A34B-DB1002A7D6A9} 2016-12-10 17:42 - 2016-02-12 17:17 - 00000000 ____D C:\Users\pierre\AppData\Roaming\TeamViewer 2016-12-10 11:09 - 2016-02-08 12:35 - 00000000 ____D C:\Users\pierre\AppData\Local\CrashDumps 2016-12-09 16:05 - 2016-10-10 13:46 - 00000000 ____D C:\Users\Public\Documents\AdobeGC 2016-12-08 18:12 - 2016-07-13 09:35 - 00002317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-08 18:12 - 2016-07-09 20:34 - 00002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk 2016-12-08 00:11 - 2016-07-05 16:55 - 00001398 _____ C:\Users\pierre\Documents\acad.err 2016-12-08 00:03 - 2016-02-09 16:46 - 00000000 ____D C:\Users\pierre\AppData\Local\CutePDF Writer 2016-12-07 15:52 - 2016-03-09 17:25 - 00003162 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForpierre 2016-12-07 15:52 - 2016-03-09 17:25 - 00000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForpierre.job 2016-12-06 17:25 - 2016-02-08 13:42 - 00000000 ____D C:\Users\pierre\AppData\Roaming\uTorrent 2016-12-06 11:34 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-06 11:15 - 2016-02-08 03:24 - 00000000 ____D C:\Users\pierre 2016-12-06 10:17 - 2016-02-08 13:30 - 00000000 ____D C:\Users\pierre\AppData\Roaming\Skype 2016-12-06 05:34 - 2016-02-08 13:59 - 00001167 _____ C:\Users\Public\Desktop\360 Total Security.lnk 2016-12-06 05:34 - 2016-02-08 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center 2016-12-05 23:51 - 2016-02-08 23:18 - 00000000 ____D C:\Users\pierre\AppData\Roaming\vlc 2016-12-03 14:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-11-28 22:49 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-11-28 22:49 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-11-28 22:34 - 2016-02-08 13:59 - 00000000 _RSHD C:\360SANDBOX 2016-11-25 13:35 - 2016-02-08 13:59 - 00330472 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys 2016-11-22 21:55 - 2016-08-01 19:16 - 00000000 ____D C:\ProgramData\Samsung 2016-11-21 12:29 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-11-21 12:27 - 2016-02-25 10:22 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-11-19 15:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2016-11-15 11:34 - 2016-03-21 21:01 - 00563120 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-11-15 11:28 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData ==================== Fichiers à la racine de certains dossiers ======= 2016-02-08 12:35 - 2016-02-08 12:35 - 0000316 __RSH () C:\Users\pierre\AppData\Roaming\App_Windows32.sys 2016-03-27 14:34 - 2016-12-11 21:14 - 0000004 _____ () C:\Users\pierre\AppData\Roaming\pid.txt 2016-03-27 14:34 - 2016-12-11 21:14 - 0000049 _____ () C:\Users\pierre\AppData\Roaming\pidloc.txt 2016-02-08 03:26 - 2016-12-11 21:14 - 0000081 _____ () C:\Users\pierre\AppData\Roaming\sp_data.sys 2016-03-27 14:34 - 2016-03-27 14:32 - 0690176 _____ () C:\Users\pierre\AppData\Roaming\WindowsUpdate.exe 2016-02-16 15:49 - 2016-02-16 15:49 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-02-10 08:53 - 2015-02-10 08:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-02-08 12:15 - 2016-02-08 12:15 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2014-10-29 07:25 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-10-29 07:25 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-10-29 07:25 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Certains fichiers dans TEMP: ==================== C:\Users\pierre\AppData\Local\Temp\EBP.WebClient_tmp9D11.exe C:\Users\pierre\AppData\Local\Temp\EBP.WebClient_tmpAFEA.exe C:\Users\pierre\AppData\Local\Temp\Foxit PhantomPDF Updater.exe C:\Users\pierre\AppData\Local\Temp\i4jdel0.exe C:\Users\pierre\AppData\Local\Temp\MPCSetup_4.exe C:\Users\pierre\AppData\Local\Temp\SkypeSetup.exe C:\Users\pierre\AppData\Local\Temp\vlc-2.2.4-win32.exe ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement C:\WINDOWS\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement testsigning: ==> 'testsigning' est activé. Rechercher un éventuel pilote non signé <===== ATTENTION LastRegBack: 2016-12-06 10:55 ==================== Fin de FRST.txt ============================