Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2017 01 Exécuté par Didier (administrateur) sur HP (02-10-2017 20:54:40) Exécuté depuis C:\Users\Didier\Desktop Profils chargés: Didier (Profils disponibles: Didier) Platform: Windows 8.1 (Update) (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (VASCO Data Security) C:\Users\Didier\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (VASCO Data Security) C:\Users\Didier\AppData\Local\VASCO\NativeBridge\digipass-nativebridge.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [50343608 2017-04-27] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3136489809-410035865-581056064-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.) HKU\S-1-5-21-3136489809-410035865-581056064-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd) HKU\S-1-5-21-3136489809-410035865-581056064-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074336 2017-09-27] (Valve Corporation) HKU\S-1-5-21-3136489809-410035865-581056064-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.) HKU\S-1-5-21-3136489809-410035865-581056064-1002\...\Run: [Discord] => C:\Users\Didier\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.) HKU\S-1-5-21-3136489809-410035865-581056064-1002\...\Run: [DigipassNativeBridge] => C:\Users\Didier\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe [108592 2016-11-15] (VASCO Data Security) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5BFCDAC3-6F53-47BB-8610-E14B13A06552}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{619EF7F2-5416-450D-97F7-3E5255DED02F}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON14/2 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON14/2 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/2 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/2 HKU\S-1-5-21-3136489809-410035865-581056064-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON14/2 HKU\S-1-5-21-3136489809-410035865-581056064-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/2 SearchScopes: HKLM -> {635CEC94-D30A-4797-8DEF-7694FDEDC615} URL = hxxp://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1553-29906-12136-18/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {635CEC94-D30A-4797-8DEF-7694FDEDC615} URL = hxxp://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1553-29906-12136-18/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-3136489809-410035865-581056064-1002 -> {635CEC94-D30A-4797-8DEF-7694FDEDC615} URL = hxxp://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3136489809-410035865-581056064-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1553-29906-12136-18/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc.) FireFox: ======== FF DefaultProfile: 2b92g9lf.default FF ProfilePath: C:\Users\Didier\AppData\Roaming\Mozilla\Firefox\Profiles\2b92g9lf.default [2017-10-02] FF Extension: (NoScript) - C:\Users\Didier\AppData\Roaming\Mozilla\Firefox\Profiles\2b92g9lf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-10-01] FF Extension: (Adblock Plus) - C:\Users\Didier\AppData\Roaming\Mozilla\Firefox\Profiles\2b92g9lf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-30] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin HKU\S-1-5-21-3136489809-410035865-581056064-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-04-20] () Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.be/" CHR Profile: C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default [2017-10-02] CHR Extension: (Google Slides) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-11] CHR Extension: (Belfius Smart Card Reader Chrome Extension) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\agicnfmechmlphpjmeefookfjhifbmhi [2017-02-11] CHR Extension: (Google Docs) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-11] CHR Extension: (Google Drive) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-11] CHR Extension: (YouTube) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-11] CHR Extension: (Solitaire) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2017-02-11] CHR Extension: () - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-13] CHR Extension: (Google Sheets) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-11] CHR Extension: (Google Docs hors connexion) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-31] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-31] CHR Extension: (Gmail) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-11] CHR Extension: (Chrome Media Router) - C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-18] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [Fichier non signé] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [Fichier non signé] R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [Fichier non signé] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-05-12] (EasyAntiCheat Ltd) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-04-17] (Hi-Rez Studios) [Fichier non signé] R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Fichier non signé] S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [Fichier non signé] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-08] (Advanced Micro Devices, INC.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R1 MpKsl56e0da5b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A149287D-07E9-4CEF-9971-720357211EE5}\MpKsl56e0da5b.sys [58120 2017-10-02] (Microsoft Corporation) R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2432656 2014-08-12] (MediaTek Inc.) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.) R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2017-02-02] (Ralink Technology, Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-10-02 20:54 - 2017-10-02 20:55 - 000016841 _____ C:\Users\Didier\Desktop\FRST.txt 2017-10-02 20:52 - 2017-10-02 20:54 - 000000000 ____D C:\FRST 2017-10-02 20:43 - 2017-10-02 20:43 - 002399744 _____ (Farbar) C:\Users\Didier\Desktop\FRST64.exe 2017-09-27 18:16 - 2017-09-27 18:16 - 000023001 _____ C:\Users\Didier\Desktop\Loi Ayling.odt 2017-09-26 20:50 - 2017-09-26 20:57 - 000000000 ____D C:\Users\Didier\Desktop\Les dossiers de la clé 2017-09-26 17:39 - 2017-10-01 18:16 - 000017403 _____ C:\Users\Didier\Desktop\ce qui attrait a ma put1 de scoiété.odt 2017-09-19 19:52 - 2017-09-25 17:11 - 000027774 _____ C:\Users\Didier\Desktop\RP Amandine.odt 2017-09-19 16:35 - 2017-09-19 16:37 - 000000000 ____D C:\Users\Didier\Desktop\Truite 2017-09-18 17:31 - 2017-09-18 17:31 - 000000000 ____D C:\Users\Didier\Documents\Drakensang 2017-09-17 22:26 - 2017-09-25 15:38 - 000010227 _____ C:\Users\Didier\Desktop\Anniv.odt 2017-09-16 22:53 - 2017-09-16 22:53 - 000000000 ____D C:\Users\Didier\AppData\Roaming\Lonely Troops 2017-09-16 21:08 - 2017-09-30 13:12 - 000003158 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDidier 2017-09-16 21:08 - 2017-09-30 13:12 - 000000342 _____ C:\Windows\Tasks\HPCeeScheduleForDidier.job 2017-09-13 17:34 - 2017-09-13 17:34 - 000000000 ____D C:\Users\Didier\AppData\Roaming\Elite Games Ltd 2017-09-13 17:34 - 2017-09-13 17:34 - 000000000 ____D C:\Users\Didier\AppData\Local\Elite Games Ltd 2017-09-13 15:54 - 2017-09-13 15:54 - 000000000 ____D C:\Users\Didier\AppData\LocalLow\Shadow Raven Studios 2017-09-13 13:37 - 2017-08-15 16:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-09-13 13:37 - 2017-08-13 20:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-09-13 13:37 - 2017-08-13 18:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-09-13 13:37 - 2017-08-12 11:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-09-13 13:37 - 2017-08-11 03:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-09-13 13:36 - 2017-08-19 19:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2017-09-13 13:36 - 2017-08-19 18:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2017-09-13 13:36 - 2017-08-18 00:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2017-09-13 13:36 - 2017-08-18 00:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2017-09-13 13:36 - 2017-08-18 00:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2017-09-13 13:36 - 2017-08-18 00:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2017-09-13 13:36 - 2017-08-15 16:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-09-13 13:36 - 2017-08-15 16:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2017-09-13 13:36 - 2017-08-15 16:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-09-13 13:36 - 2017-08-15 15:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-09-13 13:36 - 2017-08-13 19:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys 2017-09-13 13:36 - 2017-08-13 19:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-09-13 13:36 - 2017-08-13 19:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-09-13 13:36 - 2017-08-13 18:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-09-13 13:36 - 2017-08-13 18:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-09-13 13:36 - 2017-08-13 18:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-09-13 13:36 - 2017-08-13 18:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2017-09-13 13:36 - 2017-08-13 18:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-09-13 13:36 - 2017-08-13 18:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-09-13 13:36 - 2017-08-13 18:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2017-09-13 13:36 - 2017-08-13 18:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-09-13 13:36 - 2017-08-13 18:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-09-13 13:36 - 2017-08-13 18:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2017-09-13 13:36 - 2017-08-13 18:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2017-09-13 13:36 - 2017-08-13 18:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-09-13 13:36 - 2017-08-13 18:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-09-13 13:36 - 2017-08-13 18:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-09-13 13:36 - 2017-08-13 18:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-09-13 13:36 - 2017-08-13 18:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-09-13 13:36 - 2017-08-13 17:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2017-09-13 13:36 - 2017-08-13 17:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll 2017-09-13 13:36 - 2017-08-13 17:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2017-09-13 13:36 - 2017-08-13 17:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-09-13 13:36 - 2017-08-13 17:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-09-13 13:36 - 2017-08-13 17:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-09-13 13:36 - 2017-08-13 17:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-09-13 13:36 - 2017-08-13 17:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-09-13 13:36 - 2017-08-13 17:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-09-13 13:36 - 2017-08-13 17:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-09-13 13:36 - 2017-08-13 17:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-09-13 13:36 - 2017-08-13 17:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-09-13 13:36 - 2017-08-13 17:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-09-13 13:36 - 2017-08-13 17:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-09-13 13:36 - 2017-08-13 17:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-09-13 13:36 - 2017-08-13 17:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-09-13 13:36 - 2017-08-12 11:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-09-13 13:36 - 2017-08-12 02:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-09-13 13:36 - 2017-08-12 01:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-09-13 13:36 - 2017-08-12 01:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-09-13 13:36 - 2017-08-12 01:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-09-13 13:36 - 2017-08-11 22:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll 2017-09-13 13:36 - 2017-08-11 22:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll 2017-09-13 13:36 - 2017-08-11 22:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2017-09-13 13:36 - 2017-08-11 05:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-09-13 13:36 - 2017-08-11 05:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2017-09-13 13:36 - 2017-08-11 05:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-09-13 13:36 - 2017-08-11 04:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2017-09-13 13:36 - 2017-08-11 04:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2017-09-13 13:36 - 2017-08-11 04:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2017-09-13 13:36 - 2017-08-11 04:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2017-09-13 13:36 - 2017-08-11 03:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2017-09-13 13:36 - 2017-08-11 03:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2017-09-13 13:36 - 2017-08-11 03:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-09-13 13:36 - 2017-08-11 03:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2017-09-13 13:36 - 2017-08-06 23:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2017-09-13 13:36 - 2017-08-06 09:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2017-09-13 13:36 - 2017-07-22 20:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll 2017-09-13 13:36 - 2017-07-22 19:32 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll 2017-09-13 13:36 - 2017-07-17 21:53 - 004298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-09-13 13:36 - 2017-07-17 01:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-09-13 13:36 - 2017-07-14 01:03 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-09-13 13:36 - 2017-07-12 22:29 - 000420440 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll 2017-09-13 13:36 - 2017-07-12 22:29 - 000075440 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-09-13 13:36 - 2017-07-12 22:25 - 000308872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll 2017-09-13 13:36 - 2017-07-12 22:25 - 000066112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2017-09-13 13:36 - 2017-07-08 21:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-09-13 13:36 - 2017-07-08 20:43 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-09-13 13:36 - 2017-07-08 20:30 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-09-13 13:36 - 2017-07-08 20:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-09-13 13:36 - 2017-07-08 19:25 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-09-13 13:36 - 2017-07-08 19:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-09-13 13:36 - 2017-07-08 05:14 - 000100184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2017-09-11 15:16 - 2017-07-13 15:16 - 000000032 ____R C:\ProgramData\hash.dat 2017-09-08 15:25 - 2017-09-08 15:45 - 000021683 _____ C:\Users\Didier\Desktop\Les deux ans de will.odt 2017-09-07 17:52 - 2017-09-07 17:52 - 000000839 _____ C:\Users\Didier\Desktop\Undertale.lnk 2017-09-07 17:52 - 2017-09-07 17:52 - 000000000 ____D C:\Users\Didier\Undertale 2017-09-07 17:52 - 2017-09-07 17:52 - 000000000 ____D C:\Users\Didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Undertale 2017-09-07 17:51 - 2017-09-07 17:51 - 066713713 _____ () C:\Users\Didier\Desktop\Undertale-(F)-Simulator-3.0.4.exe 2017-09-05 15:02 - 2017-09-07 16:30 - 000000000 ____D C:\Users\Didier\AppData\Local\Game Dev Tycoon - Steam ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-10-02 20:28 - 2017-03-31 10:27 - 000000000 ____D C:\Program Files (x86)\Steam 2017-10-02 20:28 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf 2017-10-02 20:25 - 2017-03-31 10:22 - 000000000 ____D C:\Users\Didier\AppData\LocalLow\Mozilla 2017-10-02 20:01 - 2017-04-23 13:02 - 000000000 ____D C:\Users\Didier\AppData\Roaming\Skype 2017-10-02 19:11 - 2017-02-11 15:57 - 000003916 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{56EE1D63-6E99-4D0C-A674-8A62335E3E44} 2017-10-02 19:11 - 2017-02-02 13:40 - 000000000 ____D C:\Users\Didier\Documents\Youcam 2017-10-02 19:08 - 2017-04-21 09:21 - 000000000 ____D C:\Users\Didier\OneDrive 2017-10-01 21:50 - 2016-08-24 12:48 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2017-09-26 21:35 - 2017-02-02 13:44 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3136489809-410035865-581056064-1002 2017-09-26 20:52 - 2013-10-26 01:58 - 000832750 _____ C:\Windows\system32\perfh013.dat 2017-09-26 20:52 - 2013-10-26 01:58 - 000178086 _____ C:\Windows\system32\perfc013.dat 2017-09-26 20:52 - 2013-10-26 01:50 - 000790518 _____ C:\Windows\system32\perfh007.dat 2017-09-26 20:52 - 2013-10-26 01:50 - 000174330 _____ C:\Windows\system32\perfc007.dat 2017-09-26 20:52 - 2013-10-26 01:42 - 000847372 _____ C:\Windows\system32\perfh00C.dat 2017-09-26 20:52 - 2013-10-26 01:42 - 000174902 _____ C:\Windows\system32\perfc00C.dat 2017-09-26 20:52 - 2013-08-26 08:09 - 003947554 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-26 20:41 - 2017-02-11 16:02 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-26 20:41 - 2017-02-11 16:02 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-09-26 17:36 - 2017-03-31 14:46 - 000000000 ____D C:\Users\Didier\Documents\JDR 2017-09-24 17:03 - 2017-02-02 13:38 - 000000000 ____D C:\Users\Didier 2017-09-24 16:11 - 2017-05-01 09:49 - 000251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-24 16:11 - 2017-05-01 09:49 - 000111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-09-24 16:11 - 2017-05-01 09:49 - 000092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-09-24 16:11 - 2017-05-01 09:49 - 000043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-24 15:28 - 2017-05-13 11:33 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-09-24 15:28 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-20 21:15 - 2017-03-31 14:47 - 000000000 ____D C:\Users\Didier\Documents\Candidatures 2017-09-19 19:17 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-19 19:17 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness 2017-09-16 21:32 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache 2017-09-14 10:15 - 2017-06-09 11:14 - 000382304 _____ C:\Windows\system32\FNTCACHE.DAT 2017-09-14 10:15 - 2017-03-31 10:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-09-14 10:15 - 2017-03-31 10:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-09-13 22:04 - 2013-08-22 17:36 - 000000000 ___RD C:\Windows\ToastData 2017-09-13 22:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\en-GB 2017-09-13 22:04 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\en-GB 2017-09-13 21:59 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp 2017-09-13 13:47 - 2017-03-31 10:23 - 000000000 ____D C:\Windows\system32\MRT 2017-09-13 13:41 - 2017-03-31 10:23 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-09-12 13:33 - 2017-05-01 11:23 - 000004496 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-09-12 13:32 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-09-12 13:32 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed 2017-09-08 15:05 - 2017-04-23 13:01 - 000000000 ___RD C:\Program Files (x86)\Skype 2017-09-08 15:05 - 2017-04-23 13:01 - 000000000 ____D C:\ProgramData\Skype 2017-09-07 17:52 - 2017-05-12 16:43 - 000000000 ____D C:\Users\Didier\AppData\Local\UNDERTALE 2017-09-04 13:23 - 2017-05-31 09:41 - 000000000 ____D C:\ProgramData\CanonIJPLM 2017-09-02 01:54 - 2017-06-15 17:06 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-09-02 01:54 - 2017-06-15 17:06 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Fichiers à la racine de certains dossiers ======= 2017-09-11 15:16 - 2017-07-13 15:16 - 000000032 ____R () C:\ProgramData\hash.dat Fichiers à déplacer ou supprimer: ==================== C:\ProgramData\hash.dat C:\Users\Didier\ZHPDiag3.exe ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-09-23 17:57 ==================== Fin de FRST.txt ============================