Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Exécuté par David (administrateur) sur DAVID (27-08-2017 02:49:17) Exécuté depuis C:\Users\freebox\Downloads Profils chargés: David (Profils disponibles: David & Administrateur) Platform: Windows 10 Home Version 1511 (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (Microsoft Corporation) C:\WINDOWS\System32\InputMethod\CHS\ChsIME.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\WINDOWS\System32\igfxEM.exe (Intel Corporation) C:\WINDOWS\System32\igfxHK.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ASUSTeK) C:\WINDOWS\SysWOW64\ACEngSvr.exe (Discord Inc.) C:\Users\freebox\AppData\Local\Discord\app-0.0.298\Discord.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe (ShareX Team) C:\Program Files\ShareX\ShareX.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Discord Inc.) C:\Users\freebox\AppData\Local\Discord\app-0.0.298\Discord.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Discord Inc.) C:\Users\freebox\AppData\Local\Discord\app-0.0.298\Discord.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe********************************************* [107192 2012-08-24] () HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-08-26] (AVAST Software) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1047000 2017-05-16] (DivX, LLC) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-142948595-220114323-453775657-1001\...\Run: [Discord] => C:\Users\freebox\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.) HKU\S-1-5-21-142948595-220114323-453775657-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [159768 2017-04-07] (BlueStack Systems, Inc.) HKU\S-1-5-21-142948595-220114323-453775657-1001\...\RunOnce: [Uninstall C:\Users\freebox\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\freebox\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-142948595-220114323-453775657-1001\...\RunOnce: [Uninstall C:\Users\freebox\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\freebox\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-142948595-220114323-453775657-1001\...\RunOnce: [Uninstall C:\Users\freebox\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\freebox\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-142948595-220114323-453775657-1001\...\RunOnce: [Uninstall C:\Users\freebox\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\freebox\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-07-12] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.587\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\freebox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-04-18] ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) GroupPolicy: Restriction - Chrome <==== ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{2f6cfdea-86f5-423f-83e2-fd8d610261c5}: [DhcpNameServer] 40.54.1.201 40.54.1.203 Tcpip\..\Interfaces\{914de564-dcea-43f6-a33a-691800c50cbb}: [DhcpNameServer] 192.168.0.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com HKU\S-1-5-21-142948595-220114323-453775657-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) Toolbar: HKLM - Pas de nom - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Pas de fichier Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-06-01] (Skype Technologies) FireFox: ======== FF DefaultProfile: 4glixszb.default FF ProfilePath: C:\Users\freebox\AppData\Roaming\Mozilla\Firefox\Profiles\4glixszb.default [2016-09-02] FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Pas de fichier] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://google.com/ CHR Profile: C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default [2017-08-27] CHR Extension: (Google Docs) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Google Drive) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31] CHR Extension: (YouTube) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Сookies Control) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp [2017-07-12] CHR Extension: (Recherche Google) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31] CHR Extension: (Tampermonkey) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-06-25] CHR Extension: (Google Docs hors connexion) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20] CHR Extension: (AdBlock) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-27] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27] CHR Extension: (Gmail) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR Extension: (Chrome Media Router) - C:\Users\freebox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-27] CHR Profile: C:\Users\freebox\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-12] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-08-26] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-08-26] (AVAST Software) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387096 2017-04-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369688 2017-04-07] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [408600 2017-04-07] (BlueStack Systems, Inc.) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.) S2 rsService; C:\Program Files\Reason\Security\rsService.exe [236312 2017-03-12] (Reason Software Company Inc.) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-17] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation) R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320008 2017-08-26] (AVAST Software s.r.o.) R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-08-26] (AVAST Software s.r.o.) R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-08-26] (AVAST Software s.r.o.) R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57728 2017-08-26] (AVAST Software s.r.o.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-12] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-12] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146704 2017-08-26] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-12] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-12] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015880 2017-08-26] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-12] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-12] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-12] (AVAST Software) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.) S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-04-07] (BlueStack Systems) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-04-07] (Bluestack System Inc. ) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc.) S3 PVUSB; C:\WINDOWS\System32\drivers\CESG64.sys [63808 2007-02-19] (CASIO COMPUTER CO.,LTD.) S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-08-27 02:39 - 2017-08-27 02:39 - 000000000 ____D C:\ProgramData\SWCUTemp 2017-08-27 02:17 - 2017-08-27 02:17 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2017-08-26 19:13 - 2017-08-26 19:13 - 000400464 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-08-26 19:10 - 2017-08-26 19:10 - 000000000 ____D C:\Users\freebox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-08-27 02:52 - 2017-07-12 21:30 - 000022207 _____ C:\Users\freebox\Downloads\FRST.txt 2017-08-27 02:50 - 2014-01-11 14:57 - 000000000 ____D C:\ProgramData\Skype 2017-08-27 02:49 - 2017-07-12 20:40 - 002395648 _____ (Farbar) C:\Users\freebox\Downloads\FRST64.exe 2017-08-27 02:49 - 2017-07-12 20:40 - 000000000 ____D C:\Users\freebox\Downloads\FRST-OlderVersion 2017-08-27 02:49 - 2017-07-12 20:39 - 000000000 ____D C:\FRST 2017-08-27 02:38 - 2016-01-10 13:49 - 001848398 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-08-27 02:38 - 2015-10-30 21:00 - 000825500 _____ C:\WINDOWS\system32\perfh00C.dat 2017-08-27 02:38 - 2015-10-30 21:00 - 000155764 _____ C:\WINDOWS\system32\perfc00C.dat 2017-08-27 02:38 - 2015-10-30 09:21 - 000000000 ____D C:\WINDOWS\INF 2017-08-27 02:37 - 2017-04-12 15:51 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture 2017-08-27 02:33 - 2013-11-23 19:42 - 000000522 _____ C:\Users\freebox\AppData\Roaming\sp_data.sys 2017-08-27 02:31 - 2016-01-10 13:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-08-27 02:29 - 2015-10-30 08:28 - 000524288 ___SH C:\WINDOWS\system32\config\BBI 2017-08-27 02:21 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2017-08-27 01:32 - 2014-10-11 20:06 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C4CC6993-DAA4-4D61-981F-0970480C3161} 2017-08-27 01:12 - 2014-04-20 17:41 - 000000000 ____D C:\Users\freebox\Desktop\Papa 2017-08-26 22:07 - 2015-10-30 09:24 - 000000000 ___HD C:\Program Files\WindowsApps 2017-08-26 22:07 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-08-26 19:43 - 2013-11-23 20:22 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-26 19:43 - 2013-11-23 20:22 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-26 19:34 - 2017-04-14 19:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-26 19:34 - 2017-04-14 19:52 - 000002126 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2017-08-26 19:34 - 2014-12-28 01:35 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-08-26 19:31 - 2017-04-12 19:29 - 000004752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-08-26 19:31 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-08-26 19:31 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-08-26 19:22 - 2017-03-19 05:33 - 000001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-08-26 19:22 - 2016-05-20 13:20 - 000004028 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1463743200 2017-08-26 19:15 - 2017-07-12 23:26 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys 2017-08-26 19:15 - 2013-12-29 12:02 - 001015880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2017-08-26 19:15 - 2013-12-29 12:02 - 000146704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2017-08-26 19:15 - 2013-12-29 12:02 - 000146696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150376770642107 2017-08-26 19:14 - 2017-02-09 18:24 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2017-08-26 19:11 - 2017-02-09 18:24 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys 2017-08-26 19:11 - 2017-02-09 18:24 - 000320008 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys 2017-08-26 19:11 - 2017-02-09 18:24 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys 2017-08-26 19:11 - 2017-02-09 18:24 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys 2017-08-26 19:11 - 2016-07-12 00:02 - 000000000 ____D C:\Users\freebox\AppData\Roaming\discord 2017-08-26 19:10 - 2016-07-12 00:03 - 000002241 _____ C:\Users\freebox\Desktop\Discord.lnk 2017-08-26 19:07 - 2016-07-12 00:02 - 000000000 ____D C:\Users\freebox\AppData\Local\Discord 2017-08-26 19:04 - 2013-12-03 20:15 - 000000000 ____D C:\Users\freebox\AppData\Local\Adobe ==================== Fichiers à la racine de certains dossiers ======= 2014-07-02 19:56 - 2017-07-08 21:26 - 000000129 _____ () C:\Users\freebox\AppData\Roaming\D2Info0 2016-05-31 15:40 - 2017-04-26 21:55 - 000000008 _____ () C:\Users\freebox\AppData\Roaming\DofusAppId0_1 2016-06-01 13:01 - 2017-07-08 21:26 - 000000008 _____ () C:\Users\freebox\AppData\Roaming\DofusAppId0_2 2016-08-26 18:34 - 2017-04-13 19:10 - 000000008 _____ () C:\Users\freebox\AppData\Roaming\DofusAppId0_3 2013-11-27 18:10 - 2013-11-27 18:10 - 000000021 _____ () C:\Users\freebox\AppData\Roaming\my_intel.sys 2013-11-23 19:42 - 2017-08-27 02:33 - 000000522 _____ () C:\Users\freebox\AppData\Roaming\sp_data.sys 2017-04-23 00:51 - 2017-04-23 00:51 - 000000552 _____ () C:\Users\freebox\AppData\Local\TroubleshooterConfig.json 2012-11-27 06:08 - 2012-09-07 13:40 - 000000256 _____ () C:\ProgramData\SetStretch.cmd 2012-11-27 06:08 - 2009-07-22 12:04 - 000024576 _____ () C:\ProgramData\SetStretch.exe 2012-11-27 06:08 - 2012-09-07 13:37 - 000000103 _____ () C:\ProgramData\SetStretch.VBS Fichiers à déplacer ou supprimer: ==================== C:\Users\freebox\ZHPDiag3.exe ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement C:\WINDOWS\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-07-13 21:06 ==================== Fin de FRST.txt ============================