Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Exécuté par Léa (administrateur) sur MAMAN (16-03-2017 19:00:21) Exécuté depuis C:\Users\Léa\Desktop Profils chargés: Léa (Profils disponibles: Léa) Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (BitTorrent Inc.) C:\Users\Léa\AppData\Roaming\uTorrent\uTorrent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (BitTorrent Inc.) C:\Users\Léa\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe (BitTorrent Inc.) C:\Users\Léa\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Spotify Ltd) C:\Users\Léa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe (Avira Operations GmbH & Co. KG ) C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe () C:\Windows\Temp\is-VTGKI.tmp\avira_speedup_setup_update.tmp (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.) HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64648 2017-03-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2750912237-3753086291-2337184347-1002\...\Run: [uTorrent] => C:\Users\Léa\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-04] (BitTorrent Inc.) HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-18\...\Run: [uTorrent] => C:\Users\Léa\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-04] (BitTorrent Inc.) HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-14] (EasyBits Software Corp.) Startup: C:\Users\Léa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-03-16] ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG) BootExecute: autocheck autochk * sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{50E2999E-F885-4178-B6BC-260CC5A3DBB7}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{5EB393B1-FAAB-44F2-96F6-564F43473571}: [DhcpNameServer] 40.21.1.201 40.21.1.202 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2750912237-3753086291-2337184347-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://fr.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/709-111075-12437-3/4?mpre=hxxp://www.ebay.fr/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM -> {FB36B2D3-D2B2-4EAC-9CE2-D3B15D6EEEFC} URL = hxxp://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://fr.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/709-111075-12437-3/4?mpre=hxxp://www.ebay.fr/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {FB36B2D3-D2B2-4EAC-9CE2-D3B15D6EEEFC} URL = hxxp://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2750912237-3753086291-2337184347-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2750912237-3753086291-2337184347-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2750912237-3753086291-2337184347-1002 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-2750912237-3753086291-2337184347-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://fr.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-2750912237-3753086291-2337184347-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/709-111075-12437-3/4?mpre=hxxp://www.ebay.fr/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-2750912237-3753086291-2337184347-1002 -> {FB36B2D3-D2B2-4EAC-9CE2-D3B15D6EEEFC} URL = hxxp://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc.) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-26] (Oracle Corporation) BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-26] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc.) Toolbar: HKU\S-1-5-21-2750912237-3753086291-2337184347-1002 -> Pas de nom - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Pas de fichier Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Léa\AppData\Roaming\Mozilla\Firefox\Profiles\1sc1l515.default-1489674838579 [2017-03-16] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] () FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2015-02-27] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Pas de fichier] FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2750912237-3753086291-2337184347-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Léa\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2017-02-20] (Google Inc.) FF Plugin HKU\S-1-5-21-2750912237-3753086291-2337184347-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Léa\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2017-02-20] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Léa\AppData\Local\Google\Chrome\User Data\Default [2017-02-22] CHR Extension: (Docs) - C:\Users\Léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-04] CHR Extension: (Google Drive) - C:\Users\Léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-04] CHR Extension: (YouTube) - C:\Users\Léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-04] CHR Extension: (Gmail) - C:\Users\Léa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-04] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [Fichier non signé] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-19] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [310152 2017-02-10] (Avira Operations GmbH & Co. KG) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [Fichier non signé] S2 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) U2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [Fichier non signé] R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-03-14] (Avira Operations GmbH & Co. KG) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG) S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X] S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X] S3 BT; system32\DRIVERS\btnetdrv.sys [X] S3 Btcsrusb; System32\Drivers\btcusb.sys [X] S0 BTHidEnum; System32\Drivers\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] S3 catchme; \??\C:\Users\LAB9CF~1\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION S3 VComm; system32\DRIVERS\VComm.sys [X] S3 VcommMgr; System32\Drivers\VcommMgr.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-03-16 19:00 - 2017-03-16 19:01 - 00021052 _____ C:\Users\Léa\Desktop\FRST.txt 2017-03-16 19:00 - 2017-03-16 19:00 - 00000000 ____D C:\FRST 2017-03-16 18:58 - 2017-03-16 18:58 - 02424832 _____ (Farbar) C:\Users\Léa\Desktop\FRST64.exe 2017-03-16 17:36 - 2017-03-16 17:36 - 00000000 ____D C:\Users\Public\Speedup Sessions 2017-03-16 17:15 - 2017-03-16 17:15 - 00000000 ____D C:\Users\Léa\AppData\LocalLow\uTorrent 2017-03-16 16:31 - 2017-03-16 16:31 - 00001853 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2017-03-16 16:31 - 2017-03-16 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2017-03-16 16:31 - 2017-03-16 16:31 - 00000000 ____D C:\Program Files (x86)\ZHPFix 2017-03-16 16:24 - 2017-03-16 16:24 - 03521617 _____ (Nicolas Coolman ) C:\Users\Léa\Downloads\zhpfix_2015.10.19.9.exe 2017-03-16 15:34 - 2017-03-16 15:34 - 00000000 ____D C:\Users\Léa\Desktop\Anciennes données de Firefox 2017-03-16 15:31 - 2017-03-16 15:31 - 04502242 _____ C:\Users\Léa\Desktop\Sans titre 1.bmp 2017-03-16 15:30 - 2017-03-16 15:30 - 00044566 _____ C:\Users\Léa\Desktop\bookmarks-2017-03-16.json 2017-03-16 12:08 - 2017-03-16 14:24 - 00000815 _____ C:\Users\Léa\Desktop\ZHPDiag.lnk 2017-03-16 12:07 - 2017-03-16 12:07 - 02709504 _____ C:\Users\Léa\Downloads\ZHPDiag3.exe 2017-03-15 23:07 - 2017-03-15 23:27 - 525264888 _____ C:\Users\Léa\Downloads\Black.Sails.S04E07.VOSTFR.WEB-DL.XviD-T9.www.torrent9.biz.avi 2017-03-13 21:31 - 2017-03-13 21:31 - 00000000 __SHD C:\Users\Léa\AppData\LocalLow\EmieUserList 2017-03-13 21:31 - 2017-03-13 21:31 - 00000000 __SHD C:\Users\Léa\AppData\LocalLow\EmieSiteList 2017-03-13 21:31 - 2017-03-13 21:31 - 00000000 __SHD C:\Users\Léa\AppData\LocalLow\EmieBrowserModeList 2017-03-13 21:31 - 2017-03-13 21:31 - 00000000 __SHD C:\Users\Léa\AppData\Local\EmieUserList 2017-03-13 21:31 - 2017-03-13 21:31 - 00000000 __SHD C:\Users\Léa\AppData\Local\EmieSiteList 2017-03-13 21:31 - 2017-03-13 21:31 - 00000000 __SHD C:\Users\Léa\AppData\Local\EmieBrowserModeList 2017-03-13 20:47 - 2017-03-13 21:37 - 576275680 _____ C:\Users\Léa\Downloads\Black.Sails.S04E06.VOSTFR.HDTV.XviD-T9.avi 2017-03-09 21:48 - 2017-03-09 21:48 - 00000000 ____D C:\Users\Léa\Downloads\ccsetup527 2017-03-09 21:46 - 2017-03-09 21:47 - 08076319 _____ C:\Users\Léa\Downloads\ccsetup527.zip 2017-03-09 21:45 - 2017-03-10 15:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-03-09 21:45 - 2017-03-09 21:45 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2017-03-09 20:50 - 2017-03-09 20:51 - 04031440 _____ C:\Users\Léa\Downloads\adwcleaner_6.044.exe 2017-03-08 15:30 - 2017-03-08 15:30 - 00209151 _____ C:\Users\Léa\Downloads\diagnose-des-categories.pdf 2017-03-06 17:13 - 2017-03-06 17:13 - 00000000 ____D C:\Users\Léa\Downloads\Black Sails S04E05 VOSTFR WEB-DL XviD-T9 2017-03-06 17:10 - 2017-03-06 17:10 - 00000000 ____D C:\Users\Léa\Downloads\The 100 S04E05 FASTSUB VOSTFR HDTV XviD-T9 2017-03-04 23:52 - 2017-03-04 23:52 - 00031135 _____ C:\Users\Léa\Downloads\vampire-diaries-s08e15-vostfr-hdtv.torrent 2017-03-01 22:14 - 2017-03-01 22:14 - 00000000 ____D C:\Users\Léa\Downloads\Arrow_5x06_HDTV.LOL+DiMENSiON.fr 2017-03-01 22:13 - 2017-03-01 22:13 - 00024976 _____ C:\Users\Léa\Downloads\Arrow_5x06_HDTV.LOL+DiMENSiON.fr.zip 2017-03-01 21:00 - 2017-03-01 21:42 - 798504705 _____ C:\Users\Léa\Downloads\Arrow.S05E09.720p.HDTV.X264-DIMENSION[eztv].mkv 2017-03-01 21:00 - 2017-03-01 21:37 - 839786459 _____ C:\Users\Léa\Downloads\Arrow.S05E10.720p.HDTV.X264-DIMENSION[eztv].mkv 2017-03-01 20:59 - 2017-03-01 21:41 - 1074011455 _____ C:\Users\Léa\Downloads\Arrow.S05E08.720p.HDTV.X264-DIMENSION[eztv].mkv 2017-03-01 20:57 - 2017-03-01 20:57 - 00066145 _____ C:\Users\Léa\Downloads\Arrow - 05x09 - What We Leave Behind.DIMENSION.French.HI.C.updated.Addic7ed.com.srt 2017-03-01 20:57 - 2017-03-01 20:57 - 00062032 _____ C:\Users\Léa\Downloads\Arrow - 05x10 - Who Are You_.DIMENSION.French.orig.Addic7ed.com.srt 2017-03-01 20:55 - 2017-03-01 20:55 - 00061292 _____ C:\Users\Léa\Downloads\Arrow - 05x08 - Invasion!.DIMENSION.French.orig.Addic7ed.com.srt 2017-02-26 10:07 - 2017-02-26 10:07 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-02-26 10:07 - 2017-02-26 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-02-26 10:06 - 2017-02-26 10:07 - 00000000 ____D C:\Program Files\CCleaner 2017-02-26 10:06 - 2017-02-26 10:06 - 00001724 _____ C:\Users\Public\Desktop\Defraggler.lnk 2017-02-26 10:06 - 2017-02-26 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler 2017-02-26 10:06 - 2017-02-26 10:06 - 00000000 ____D C:\Program Files\Defraggler 2017-02-26 10:04 - 2017-02-26 10:04 - 04619752 _____ (Piriform Ltd) C:\Users\Léa\Downloads\dfsetup221.exe 2017-02-26 01:29 - 2017-02-26 01:29 - 09261616 _____ (Piriform Ltd) C:\Users\Léa\Downloads\ccsetup527(2).exe 2017-02-26 01:07 - 2017-02-26 01:13 - 00106284 _____ C:\Users\Léa\Desktop\ZHPCleaner.txt 2017-02-26 00:50 - 2017-03-16 17:28 - 00000000 ____D C:\Users\Léa\AppData\Roaming\ZHP 2017-02-26 00:25 - 2017-02-26 00:25 - 02744320 _____ C:\Users\Léa\Desktop\ZHPCleaner.exe 2017-02-22 21:15 - 2017-02-22 21:15 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Léa\Downloads\flashplayer24_xa_install.exe 2017-02-21 01:13 - 2017-02-21 01:14 - 00000000 ____D C:\cc724fcda693903ce3660edf99 2017-02-20 22:00 - 2017-03-16 18:05 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2750912237-3753086291-2337184347-1002UA.job 2017-02-20 22:00 - 2017-03-16 00:29 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2750912237-3753086291-2337184347-1002Core.job 2017-02-20 22:00 - 2017-02-20 22:00 - 00004036 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2750912237-3753086291-2337184347-1002UA 2017-02-20 22:00 - 2017-02-20 22:00 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2750912237-3753086291-2337184347-1002Core 2017-02-20 22:00 - 2017-02-20 22:00 - 00000000 ____D C:\Users\Léa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup 2017-02-18 20:40 - 2017-03-14 19:15 - 00000000 ____D C:\Users\Léa\Desktop\Nouveau dossier ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-03-16 18:57 - 2012-09-12 21:51 - 00000000 ____D C:\Users\Léa\AppData\Roaming\uTorrent 2017-03-16 18:53 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-16 18:53 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-16 18:16 - 2012-09-12 21:49 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-03-16 17:41 - 2016-11-18 20:38 - 00000000 ____D C:\Users\Léa\AppData\LocalLow\Mozilla 2017-03-16 17:15 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2017-03-16 17:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-16 16:25 - 2011-10-15 06:25 - 00748346 _____ C:\Windows\system32\perfh00C.dat 2017-03-16 16:25 - 2011-10-15 06:25 - 00150580 _____ C:\Windows\system32\perfc00C.dat 2017-03-16 16:25 - 2009-07-14 06:13 - 01671200 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-16 16:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-03-16 15:01 - 2012-09-12 20:19 - 00000000 ____D C:\Users\Léa\AppData\Local\CrashDumps 2017-03-16 00:12 - 2012-09-12 22:46 - 00000000 ____D C:\Users\Léa\AppData\Roaming\vlc 2017-03-15 14:56 - 2013-12-04 20:45 - 00000000 ____D C:\AdwCleaner 2017-03-15 09:16 - 2012-09-12 21:49 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-03-15 09:16 - 2012-09-12 21:49 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-15 09:16 - 2011-10-14 21:12 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-15 09:16 - 2011-10-14 21:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-03-15 08:56 - 2016-11-17 22:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-03-15 08:56 - 2012-04-21 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-11 20:15 - 2016-11-23 00:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-03-10 19:38 - 2017-01-01 21:02 - 00000000 ____D C:\Users\Léa\Desktop\Photos importées 2017-03-10 15:26 - 2012-09-12 20:19 - 00000000 ____D C:\Users\Léa\AppData\Roaming\Adobe 2017-03-10 15:24 - 2012-10-01 18:35 - 00000000 ____D C:\Users\Léa\AppData\Local\Adobe 2017-03-09 21:45 - 2011-10-14 21:30 - 00000000 ____D C:\ProgramData\Adobe 2017-03-09 21:45 - 2011-10-14 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-03-08 15:34 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2017-03-08 15:28 - 2017-01-12 15:12 - 00000000 ____D C:\Users\Léa\Documents\Fax 2017-03-08 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs 2017-03-07 10:18 - 2013-10-24 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-03-07 10:18 - 2013-10-24 20:49 - 00000000 ____D C:\Program Files (x86)\Avira 2017-03-07 09:54 - 2009-07-14 06:08 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-03-06 08:23 - 2016-12-22 21:17 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForLéa.job 2017-03-01 08:53 - 2017-01-19 11:47 - 00001040 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk 2017-02-28 23:25 - 2013-06-03 21:29 - 00000000 ____D C:\Users\Léa\AppData\Roaming\SoftGrid Client 2017-02-24 00:01 - 2013-08-15 13:19 - 00000000 ____D C:\Windows\system32\MRT 2017-02-24 00:01 - 2012-11-06 17:30 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-23 23:31 - 2016-08-04 16:59 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-02-23 20:30 - 2016-12-22 21:17 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLéa 2017-02-22 19:57 - 2012-09-12 21:49 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-02-21 09:37 - 2012-03-24 00:23 - 01646268 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-02-19 11:05 - 2012-09-12 19:55 - 00000000 ____D C:\Users\Léa\AppData\Roaming\hpqlog 2017-02-18 16:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2017-02-18 16:11 - 2016-10-09 20:16 - 00000000 ____D C:\Users\Léa\AppData\Local\ElevatedDiagnostics ==================== Fichiers à la racine de certains dossiers ======= 2014-09-28 18:27 - 2014-09-28 18:27 - 0000696 _____ () C:\Users\Léa\AppData\Roaming\mbam.context.scan 2016-12-26 01:03 - 2016-12-26 01:03 - 0109852 _____ () C:\Users\Léa\AppData\Local\ars.cache 2016-12-26 01:03 - 2016-12-26 01:03 - 0315030 _____ () C:\Users\Léa\AppData\Local\census.cache 2016-12-25 20:52 - 2016-12-25 20:52 - 0000036 _____ () C:\Users\Léa\AppData\Local\housecall.guid.cache Certains fichiers dans TEMP: ==================== 2014-03-01 21:30 - 2017-01-18 10:18 - 0000000 ____D () C:\Users\Léa\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-03-15 09:51 ==================== Fin de FRST.txt ============================