Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017 Exécuté par Jean (administrateur) sur JEAN-PC (20-12-2017 17:57:46) Exécuté depuis C:\Users\Jean\Desktop Profils chargés: Jean (Profils disponibles: Jean & DefaultAppPool) Platform: Windows 10 Home Version 1703 15063.786 (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (AO Kaspersky Lab) C:\Program Files (x86)\Orange\Orange Security Suite 10.10\avp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (AO Kaspersky Lab) C:\Program Files (x86)\Orange\Orange Security Suite 10.10\avpui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Gainward Co.) C:\Program Files (x86)\EXPERTool\TBPANEL.exe () C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPCAgent.exe (France Telecom) C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPC.exe (Electronic Arts) E:\Jeux\Origin\Origin.exe (ASUS) C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\Program Files\Rainmeter\Rainmeter.exe (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.) HKLM\...\Run: [IgfxTray] => "C:\WINDOWS\system32\igfxtray.exe" HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe" HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [411864 2010-03-05] (DeviceVM, Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation) HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-23] (Razer Inc.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-1937347805-1676060325-4210329162-1000\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2273608 2011-08-02] (Gainward Co.) HKU\S-1-5-21-1937347805-1676060325-4210329162-1000\...\Run: [TELEPHONESURPCAGENT] => C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPC.exe [164976 2012-11-16] (France Telecom) HKU\S-1-5-21-1937347805-1676060325-4210329162-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation) HKU\S-1-5-21-1937347805-1676060325-4210329162-1000\...\Run: [EPSON PX810FW Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFRE.EXE [223232 2009-02-23] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1937347805-1676060325-4210329162-1000\...\Run: [EADM] => E:\Jeux\Origin\Origin.exe [3639280 2016-04-10] (Electronic Arts) HKU\S-1-5-21-1937347805-1676060325-4210329162-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd) HKU\S-1-5-21-1937347805-1676060325-4210329162-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-1937347805-1676060325-4210329162-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.) Startup: C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-02-03] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0274f295-01fc-49a6-9d3e-7466c35a5bd4}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{fb050ccc-4e15-46e4-a01b-9cbfeb442974}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = URLSearchHook: HKU\S-1-5-21-1937347805-1676060325-4210329162-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.) URLSearchHook: HKU\S-1-5-21-1937347805-1676060325-4210329162-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) SearchScopes: HKU\S-1-5-21-1937347805-1676060325-4210329162-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1937347805-1676060325-4210329162-1000 -> {17663CAA-AE46-4882-9375-9F60788CADC8} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=fr&q={searchTerms} SearchScopes: HKU\S-1-5-21-1937347805-1676060325-4210329162-1000 -> {3945CA48-DA2C-4eb8-8E6D-7ADDD2EE3D35} URL = hxxp://fr.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-08] (Oracle Corporation) BHO-x32: EndNote Helper -> {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} -> C:\Program Files (x86)\EndNote Plug-Ins\ENWIEPlug.dll [2014-09-23] (Thomson Reuters) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-08] (Oracle Corporation) Toolbar: HKLM-x32 - EndNote Capture - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Plug-Ins\ENWIEPlug.dll [2014-09-23] (Thomson Reuters) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies) FireFox: ======== FF DefaultProfile: 6nevkvfq.default-1513104720269 FF ProfilePath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\6nevkvfq.default-1513104720269 [2017-12-20] FF Homepage: Mozilla\Firefox\Profiles\6nevkvfq.default-1513104720269 -> hxxps://www.qwant.com/?client=ext-firefox-hp FF NewTab: Mozilla\Firefox\Profiles\6nevkvfq.default-1513104720269 -> hxxp://www.bing.com/?pc=COSP&ptag=D121317-A915F698E57&form=CONMHP&conlogo=CT3335818 FF Extension: (AdBlock) - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\6nevkvfq.default-1513104720269\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-12-12] FF Extension: (Nom:) - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\6nevkvfq.default-1513104720269\Extensions\qwantcomforfirefox@jetpack.xpi [2017-12-20] FF SearchPlugin: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\6nevkvfq.default-1513104720269\searchplugins\bing-lavasoft.xml [2017-12-13] FF HKLM\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Orange\Orange Security Suite 10.10\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Orange\Orange Security Suite 10.10\FFExt\light_plugin_firefox\addon.xpi [2017-09-19] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Orange\Orange Security Suite 10.10\FFExt\light_plugin_firefox\addon.xpi FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Orange\Orange Security Suite 10.10\FFExt\light_plugin_firefox\addon.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] () FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.) FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll [Pas de fichier] FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-08] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-11-14] (NVIDIA Corporation) FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( ) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\dsengine.js [2017-12-13] <==== ATTENTION (Pointe vers un fichier *.cfg) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\dsengine.cfg [2017-12-13] <==== ATTENTION Chrome: ======= CHR HKLM\...\Chrome\Extension: [kgleflkdamakpmckkidkcmnmdikbbmok] - hxxps://chrome.google.com/webstore/detail/kgleflkdamakpmckkidkcmnmdikbbmok CHR HKLM-x32\...\Chrome\Extension: [kgleflkdamakpmckkidkcmnmdikbbmok] - hxxps://chrome.google.com/webstore/detail/kgleflkdamakpmckkidkcmnmdikbbmok ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated) R2 AVP16.0.1; C:\Program Files (x86)\Orange\Orange Security Suite 10.10\avp.exe [236928 2015-12-22] (AO Kaspersky Lab) S3 klvssbrigde64; C:\Program Files (x86)\Orange\Orange Security Suite 10.10\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-11] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-11] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-11-14] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460920 2017-10-11] (NVIDIA Corporation) S3 Origin Client Service; E:\Jeux\Origin\OriginClientService.exe [2119688 2016-04-10] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-10-07] () R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-23] (Razer Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Fichier non signé] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8510640 2014-02-06] (Broadcom Corporation) S3 Cardex; C:\WINDOWS\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider) R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) S3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-29] (Disc Soft Ltd) R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab) R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab) R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [186360 2017-10-19] (AO Kaspersky Lab) R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [279544 2017-10-19] (AO Kaspersky Lab) R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [190832 2017-12-20] (AO Kaspersky Lab) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1000952 2017-10-19] (AO Kaspersky Lab) R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [51288 2016-07-05] (AO Kaspersky Lab) R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab) R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab) R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-12-06] (AO Kaspersky Lab) R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [116448 2017-03-14] (AO Kaspersky Lab) R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.) R3 lgLowAudio; C:\WINDOWS\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-11] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-10-11] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-14] (NVIDIA Corporation) R3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-10-10] (Realtek ) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-05-27] () S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) U3 aswbdisk; pas de ImagePath S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] U3 idsvc; pas de ImagePath ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-12-20 17:57 - 2017-12-20 17:57 - 002392064 _____ (Farbar) C:\Users\Jean\Desktop\FRST64.exe 2017-12-20 17:57 - 2017-12-20 17:57 - 000023818 _____ C:\Users\Jean\Desktop\FRST.txt 2017-12-20 17:57 - 2017-12-20 17:57 - 000000000 ____D C:\FRST 2017-12-20 16:39 - 2017-12-20 16:39 - 003134751 _____ C:\Users\Jean\Downloads\4e trimestre 2017.pdf 2017-12-20 16:26 - 2017-12-20 16:26 - 000175620 _____ C:\Users\Jean\Desktop\ZHPDiag.txt 2017-12-20 16:24 - 2017-12-20 16:25 - 000000000 ____D C:\Users\Jean\AppData\Roaming\ZHP 2017-12-20 16:24 - 2017-12-20 16:24 - 000000864 _____ C:\Users\Jean\Desktop\ZHPDiag.lnk 2017-12-20 16:24 - 2017-12-20 16:24 - 000000000 ____D C:\Users\Jean\AppData\Local\ZHP 2017-12-20 16:23 - 2017-12-20 16:23 - 002950528 _____ C:\Users\Jean\Desktop\ZHPDiag3.exe 2017-12-20 15:17 - 2017-12-20 15:21 - 865022104 _____ C:\Users\Jean\Downloads\It.2017.VOSTFR.BRRip.x264-ACOOL.Zone-Telechargement.Ws.mkv 2017-12-19 11:43 - 2017-12-19 11:43 - 000052502 _____ C:\Users\Jean\Downloads\TH-Avis-1MEN-2017-17340478023867.pdf 2017-12-14 19:31 - 2017-12-14 21:44 - 000000000 ____D C:\Users\Jean\Downloads\American Sniper (2014) 1080p VFF Dts Hdlight x264-zone-Telechargement 2017-12-14 14:43 - 2017-12-14 14:43 - 008893232 _____ (AVAST Software) C:\Users\Jean\Downloads\avastclear.exe 2017-12-13 19:36 - 2017-12-13 19:36 - 000005309 _____ C:\Users\Jean\Downloads\c35311465.htm 2017-12-13 19:14 - 2017-12-13 19:14 - 000045084 _____ C:\Users\Jean\Downloads\vikings-s04e01-french-hdtv(1).torrent 2017-12-13 18:55 - 2017-12-14 14:38 - 000000000 ____D C:\Users\Jean\AppData\Roaming\Opera Software 2017-12-13 18:55 - 2017-12-14 14:38 - 000000000 ____D C:\Users\Jean\AppData\Local\Opera Software 2017-12-13 18:51 - 2017-12-13 18:51 - 000045084 _____ C:\Users\Jean\Downloads\vikings-s04e01-french-hdtv.torrent 2017-12-13 18:50 - 2017-12-13 18:50 - 000000000 ___RD C:\Program Files (x86)\Skype 2017-12-13 18:50 - 2017-12-13 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-12-13 18:45 - 2017-12-13 18:45 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2017-12-13 18:44 - 2017-12-13 18:44 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys 2017-12-13 18:44 - 2017-12-13 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2017-12-13 18:43 - 2017-12-15 12:02 - 000000000 ____D C:\ProgramData\AVAST Software 2017-12-13 18:43 - 2017-12-14 14:31 - 000000000 ____D C:\Users\Jean\AppData\Roaming\uTorrent 2017-12-13 12:06 - 2017-11-30 04:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-12-13 12:06 - 2017-11-30 04:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-12-13 12:06 - 2017-11-30 04:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe 2017-12-13 12:06 - 2017-11-30 04:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-12-13 12:06 - 2017-11-30 04:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-12-13 12:06 - 2017-11-30 04:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-12-13 12:06 - 2017-11-30 04:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-12-13 12:06 - 2017-11-30 04:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-12-13 12:06 - 2017-11-30 04:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-12-13 12:06 - 2017-11-30 03:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-12-13 12:06 - 2017-11-30 03:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-12-13 12:06 - 2017-11-30 03:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-12-13 12:06 - 2017-11-30 03:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-12-13 12:06 - 2017-11-30 03:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2017-12-13 12:06 - 2017-11-30 03:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-12-13 12:06 - 2017-11-30 03:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-12-13 12:06 - 2017-11-30 03:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-12-13 12:06 - 2017-11-30 03:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2017-12-13 12:06 - 2017-11-30 03:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-12-13 12:06 - 2017-11-30 03:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2017-12-13 12:06 - 2017-11-30 03:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-12-13 12:06 - 2017-11-30 03:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe 2017-12-13 12:06 - 2017-11-30 03:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2017-12-13 12:06 - 2017-11-30 03:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-12-13 12:06 - 2017-11-30 03:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-12-13 12:06 - 2017-11-30 03:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll 2017-12-13 12:06 - 2017-11-30 03:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll 2017-12-13 12:06 - 2017-11-30 03:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe 2017-12-13 12:06 - 2017-11-30 03:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2017-12-13 12:06 - 2017-11-30 03:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx 2017-12-13 12:06 - 2017-11-30 03:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-12-13 12:06 - 2017-11-30 03:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-12-13 12:06 - 2017-11-30 03:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2017-12-13 12:06 - 2017-11-30 03:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-12-13 12:06 - 2017-11-30 03:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll 2017-12-13 12:06 - 2017-11-30 03:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe 2017-12-13 12:06 - 2017-11-30 03:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-12-13 12:06 - 2017-11-30 03:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-12-13 12:06 - 2017-11-30 03:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll 2017-12-13 12:06 - 2017-11-30 03:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll 2017-12-13 12:06 - 2017-11-30 03:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe 2017-12-13 12:06 - 2017-11-30 03:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-12-13 12:06 - 2017-11-30 03:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll 2017-12-13 12:06 - 2017-11-30 03:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-12-13 12:06 - 2017-11-30 03:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-12-13 12:06 - 2017-11-30 03:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-12-13 12:06 - 2017-11-30 03:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-12-13 12:06 - 2017-11-30 03:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-12-13 12:06 - 2017-11-30 03:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-12-13 12:06 - 2017-11-30 03:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-12-13 12:06 - 2017-11-30 03:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-12-13 12:06 - 2017-11-30 03:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-12-13 12:06 - 2017-11-30 03:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-12-13 12:06 - 2017-11-30 03:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-12-13 12:06 - 2017-11-30 03:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-12-13 12:06 - 2017-11-30 03:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-12-13 12:06 - 2017-11-30 03:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-12-13 12:06 - 2017-11-30 03:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-12-13 12:06 - 2017-11-30 03:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-12-13 12:06 - 2017-11-30 03:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-12-13 12:06 - 2017-11-30 03:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-12-13 12:06 - 2017-11-30 03:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-12-13 12:06 - 2017-11-30 03:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-12-13 12:06 - 2017-11-30 03:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-12-12 22:07 - 2017-12-12 23:39 - 000000000 ____D C:\Users\Jean\Downloads\Dunkirk 2017 TRUEFRENCH 720p BluRay Light x264 AC3-ACOOL Zone-Telechargement 2017-12-09 19:43 - 2017-12-14 21:53 - 000000000 ____D C:\Users\Jean\AppData\Local\JDownloader 2.0 2017-12-09 19:43 - 2017-12-09 19:43 - 000002145 _____ C:\Users\Jean\Desktop\JDownloader 2.lnk 2017-12-09 19:43 - 2017-12-09 19:43 - 000000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2017-12-07 21:35 - 2017-12-07 21:35 - 000862325 _____ C:\Users\Jean\Downloads\assurance bonus.pdf 2017-12-07 21:35 - 2017-12-07 21:35 - 000589779 _____ C:\Users\Jean\Downloads\attestation permis moto.pdf 2017-12-07 21:35 - 2017-12-07 21:35 - 000544341 _____ C:\Users\Jean\Downloads\permis recto.pdf 2017-12-04 07:41 - 2017-12-04 07:41 - 001048771 _____ C:\Users\Jean\Downloads\Carte grise verso.jpeg.jpeg 2017-12-04 07:40 - 2017-12-04 07:40 - 000888147 _____ C:\Users\Jean\Downloads\Carte grise recto.jpeg 2017-12-01 11:48 - 2017-12-01 11:48 - 000355719 _____ C:\Users\Jean\Downloads\Trame Planning Internes Novembre 2017 à Mai 2018 - AVEC MODIFS(1).pdf 2017-12-01 00:26 - 2017-12-01 00:26 - 319553372 _____ C:\Users\Jean\AppData\Local\ACCCx4_3_0_256.zip.aamdownload 2017-12-01 00:26 - 2017-12-01 00:26 - 000003567 _____ C:\Users\Jean\AppData\Local\ACCCx4_3_0_256.zip.aamdownload.aamd 2017-11-30 17:49 - 2017-11-30 17:49 - 000355719 _____ C:\Users\Jean\Downloads\Trame Planning Internes Novembre 2017 à Mai 2018 - AVEC MODIFS.pdf 2017-11-28 09:36 - 2017-11-28 09:36 - 000000000 ____D C:\WINDOWS\Panther 2017-11-23 21:01 - 2017-11-23 21:00 - 000998723 _____ C:\Users\Jean\Downloads\Attestation EASYRIDER.jpeg 2017-11-23 21:00 - 2017-11-23 21:00 - 001007692 _____ C:\Users\Jean\Downloads\Parrainage MDM.jpeg 2017-11-23 20:57 - 2017-11-23 20:57 - 000254755 _____ C:\Users\Jean\Downloads\Permis Verso.jpeg 2017-11-23 20:57 - 2017-11-23 20:56 - 000251360 _____ C:\Users\Jean\Downloads\Permis Recto.jpeg 2017-11-23 07:32 - 2017-11-17 10:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2017-11-23 07:32 - 2017-11-17 10:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-11-23 07:32 - 2017-11-17 10:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-11-23 07:32 - 2017-11-17 10:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-11-23 07:32 - 2017-11-17 10:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-23 07:32 - 2017-11-17 10:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-23 07:32 - 2017-11-17 10:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-11-23 07:32 - 2017-11-17 10:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-11-23 07:32 - 2017-11-17 10:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-11-23 07:32 - 2017-11-17 10:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-11-23 07:32 - 2017-11-17 10:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-11-23 07:32 - 2017-11-17 10:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2017-11-23 07:32 - 2017-11-17 10:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-11-23 07:32 - 2017-11-17 10:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2017-11-23 07:32 - 2017-11-17 10:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-11-23 07:32 - 2017-11-17 10:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-11-23 07:32 - 2017-11-17 10:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-11-23 07:32 - 2017-11-17 10:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-11-23 07:32 - 2017-11-17 10:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-11-23 07:32 - 2017-11-17 09:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-11-23 07:32 - 2017-11-17 09:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2017-11-23 07:31 - 2017-11-17 10:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-11-21 19:51 - 2017-11-21 19:51 - 000029572 _____ C:\Users\Jean\Downloads\releve235886.pdf 2017-11-21 19:48 - 2017-11-21 19:47 - 001190539 _____ C:\Users\Jean\Downloads\Contrat MDM page 3.jpeg 2017-11-21 19:47 - 2017-11-21 19:46 - 001306348 _____ C:\Users\Jean\Downloads\Contrat MDM page 2.jpeg 2017-11-21 19:46 - 2017-11-21 19:45 - 001112756 _____ C:\Users\Jean\Downloads\Contrat MDM page 1.jpeg 2017-11-21 19:40 - 2017-11-21 19:40 - 000313780 _____ C:\Users\Jean\Downloads\Echéancier.pdf ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-12-20 17:49 - 2016-12-06 10:42 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-12-20 15:47 - 2016-11-16 22:08 - 000000000 ____D C:\Users\Jean\AppData\LocalLow\Mozilla 2017-12-20 15:30 - 2012-03-03 16:12 - 000000000 ____D C:\Program Files (x86)\Steam 2017-12-20 13:38 - 2017-09-19 09:46 - 006574982 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-12-20 13:38 - 2017-03-20 06:10 - 003282744 _____ C:\WINDOWS\system32\perfh00C.dat 2017-12-20 13:38 - 2017-03-20 06:10 - 000907370 _____ C:\WINDOWS\system32\perfc00C.dat 2017-12-20 13:35 - 2017-09-19 09:46 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-20 13:35 - 2012-01-15 23:45 - 000000000 ____D C:\Users\Jean\AppData\Roaming\Skype 2017-12-20 13:35 - 2011-10-11 22:13 - 000000000 ____D C:\Users\Jean\AppData\Local\Adobe 2017-12-20 13:33 - 2016-01-27 21:47 - 000000000 ____D C:\Users\Jean\AppData\Local\CrashDumps 2017-12-20 13:32 - 2017-09-19 09:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-12-20 13:32 - 2012-01-15 17:13 - 000000000 ____D C:\ProgramData\Origin 2017-12-19 17:52 - 2017-03-18 12:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2017-12-19 16:35 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-19 13:29 - 2011-10-11 21:19 - 000000000 ____D C:\Users\Jean\AppData\Roaming\vlc 2017-12-17 21:05 - 2016-01-17 17:36 - 000000000 ___RD C:\Users\Jean\Documents\Scanned Documents 2017-12-16 20:16 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-12-16 19:12 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache 2017-12-15 12:55 - 2017-09-19 09:46 - 000000000 ____D C:\Users\Jean 2017-12-14 14:38 - 2015-10-04 11:34 - 000000000 ____D C:\Users\Jean\AppData\Local\Packages 2017-12-14 14:33 - 2014-09-24 14:09 - 000136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-12-14 14:31 - 2017-03-18 12:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2017-12-13 21:08 - 2017-06-14 22:49 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2 2017-12-13 21:08 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-12-13 21:08 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF 2017-12-13 18:50 - 2013-03-02 18:33 - 000002640 _____ C:\Users\Public\Desktop\Skype.lnk 2017-12-13 18:50 - 2012-01-15 23:45 - 000000000 ____D C:\ProgramData\Skype 2017-12-13 18:44 - 2016-11-16 07:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-12-13 12:10 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-12-13 12:09 - 2013-08-28 15:32 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-12-13 12:07 - 2017-10-19 17:15 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-12-13 12:07 - 2012-01-19 08:03 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-12-12 14:22 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-12-12 14:22 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-12-11 08:03 - 2012-04-25 16:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-12-10 11:05 - 2016-05-01 18:37 - 000000000 ____D C:\Users\Jean\AppData\LocalLow\Hinterland 2017-12-10 09:39 - 2015-12-21 11:45 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-12-09 19:43 - 2011-10-11 21:03 - 000000000 ____D C:\Program Files (x86)\JDownloader 2017-12-09 13:53 - 2017-09-19 09:53 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1937347805-1676060325-4210329162-1000 2017-12-09 13:53 - 2015-10-04 11:36 - 000002408 _____ C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-12-09 13:53 - 2015-10-04 11:36 - 000000000 ___RD C:\Users\Jean\OneDrive 2017-12-02 03:25 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-12-02 03:25 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-11-30 22:36 - 2017-09-19 09:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-11-30 11:26 - 2014-01-18 22:26 - 000000000 ____D C:\Users\Jean\AppData\Local\NVIDIA 2017-11-29 15:45 - 2017-04-11 13:11 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-11-27 17:23 - 2016-05-08 11:40 - 000000000 ____D C:\Users\Jean\AppData\Local\Hinterland 2017-11-27 10:37 - 2015-10-06 18:45 - 000000000 ____D C:\ProgramData\Package Cache 2017-11-23 19:40 - 2015-09-10 06:54 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-23 19:39 - 2017-09-19 09:45 - 005012376 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-20 19:32 - 2014-01-18 22:27 - 000000000 ____D C:\Users\Jean\AppData\Local\NVIDIA Corporation ==================== Fichiers à la racine de certains dossiers ======= 2011-10-17 13:30 - 2017-04-06 19:09 - 000000132 _____ () C:\Users\Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs 2017-12-01 00:26 - 2017-12-01 00:26 - 319553372 _____ () C:\Users\Jean\AppData\Local\ACCCx4_3_0_256.zip.aamdownload 2017-12-01 00:26 - 2017-12-01 00:26 - 000003567 _____ () C:\Users\Jean\AppData\Local\ACCCx4_3_0_256.zip.aamdownload.aamd 2011-11-06 11:04 - 2017-01-02 15:32 - 000001456 _____ () C:\Users\Jean\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs 2015-03-25 18:38 - 2015-03-25 18:38 - 000003584 _____ () C:\Users\Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-30 19:55 - 2016-05-08 11:34 - 000007602 _____ () C:\Users\Jean\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement C:\WINDOWS\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-12-12 13:38 ==================== Fin de FRST.txt ============================