Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 13.01.2018 01 Exécuté par jean-marie (administrateur) sur PC-GAGNAIRE (14-01-2018 09:54:14) Exécuté depuis C:\Users\jean-marie\Desktop Profils chargés: jean-marie (Profils disponibles: jean-marie & Administrateur) Platform: Windows 8.1 (Update) (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe (AVG Netherlands B.V) C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_deskctl_agent.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.667\SSScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (ESET) C:\Program Files\ESET\ESET Security\egui.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.) HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2138432 2012-02-13] (FSPro Labs) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [567088 2017-06-23] () HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [295512 2018-01-12] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-18] (ESET) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [421768 2016-04-25] (Acronis International GmbH) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7390424 2017-06-23] () HKU\S-1-5-19\...\Run: [Parallels Access] => C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe [5788672 2015-08-11] (Parallels Holdings, Ltd. and its affiliates.) HKU\S-1-5-20\...\Run: [Parallels Access] => C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe [5788672 2015-08-11] (Parallels Holdings, Ltd. and its affiliates.) HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\Run: [SFR Mediacenter] => C:\Program Files (x86)\SFR\Mediacenter Evolution\MediaCenter.exe [2688368 2013-02-26] (SFR) HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-10-19] (Apple Inc.) HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-06] (Google Inc.) HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.) HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\Run: [EPSON3ABACE (Epson Stylus SX420W)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\Run: [Parallels Access] => C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe [5788672 2015-08-11] (Parallels Holdings, Ltd. and its affiliates.) HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\RunOnce: [Uninstall C:\Users\jean-marie\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jean-marie\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64" HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\RunOnce: [Uninstall C:\Users\jean-marie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jean-marie\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_2\amd64" HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\MountPoints2: {a9b99a02-a741-11e5-bfa0-74e543f6da36} - "D:\Lenovo_Suite.exe" HKU\S-1-5-21-3781594324-224420160-2389975494-1001\...\MountPoints2: {ccb6cbac-51ac-11e5-bf8d-74e543f6da36} - "D:\AutoRun.exe" HKU\S-1-5-18\...\Run: [Parallels Access] => C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe [5788672 2015-08-11] (Parallels Holdings, Ltd. and its affiliates.) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-01-08] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.667\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\jean-marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d'écran et lancement.lnk [2016-01-31] ShortcutTarget: OneNote 2010 - Capture d'écran et lancement.lnk -> (Pas de fichier) Startup: C:\Users\jean-marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d’écran et lancement.lnk [2015-12-12] ShortcutTarget: OneNote 2010 - Capture d’écran et lancement.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{ec2693d6-5375-4b95-9677-c16071163ea2}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-3781594324-224420160-2389975494-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs SearchScopes: HKU\S-1-5-21-3781594324-224420160-2389975494-1001 -> {4b85fe58-9d55-435b-bdbc-35156b02edac} URL = hxxp://www.securery.com/web?q={searchTerms} SearchScopes: HKU\S-1-5-21-3781594324-224420160-2389975494-1001 -> {74CA6401-B8C5-43E1-8C5C-00AE800BC9A4} URL = BHO: Module complémentaire de navigateur pour la désactivation de Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-07] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited) BHO-x32: Module complémentaire de navigateur pour la désactivation de Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-14] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-07] (Google Inc.) BHO-x32: PDF Architect 5 Helper -> {AEA429F3-D2D4-4BD7-A03E-5357DA017733} -> C:\Program Files (x86)\PDF Architect 5\creator-ie-helper.dll [2017-07-05] (pdfforge GmbH) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-14] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-07] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-07] (Google Inc.) Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll [2017-07-05] (pdfforge GmbH) Toolbar: HKU\S-1-5-21-3781594324-224420160-2389975494-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-07] (Google Inc.) DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {C6A47FBB-2ECA-430E-8466-5523772CA4FA} hxxp://www.comboost.com/WebResource.axd?d=RWOA1Ve2SJkZDRJhtsp5HPoFfICNrla70UXuF2ZsaPdhr9guNZLduhT2KNcejw1fVO-7pViynIYgQsP9ovLkTK40Fm1E1JhRSuUy6CXIE9neKlxxa4t0yMSrhfz4ssNhEupdOZiYAxmrxgj-XLpT3rcN2YX6UmOZUUP38J_3oKI1&t=635019781944684090 FireFox: ======== FF DefaultProfile: bk9v7mwb.default FF ProfilePath: C:\Users\jean-marie\AppData\Roaming\TomTom\HOME\Profiles\2aylrx79.default [2017-09-05] FF Extension: (Emulator) - C:\Users\jean-marie\AppData\Roaming\TomTom\HOME\Profiles\2aylrx79.default\Extensions\Navcore.9.510.1234792@tomtom.com [2016-03-16] [Legacy] [non signé] FF ProfilePath: C:\Users\jean-marie\AppData\Roaming\Mozilla\Firefox\Profiles\bk9v7mwb.default [2018-01-13] FF Homepage: Mozilla\Firefox\Profiles\bk9v7mwb.default -> hxxp://www.bing.com/?pc=COSP&ptag=D102517-A3BE04076F5&form=CONMHP&conlogo=CT3335795 FF NewTab: Mozilla\Firefox\Profiles\bk9v7mwb.default -> hxxp://www.bing.com/?pc=COSP&ptag=D102517-A3BE04076F5&form=CONMHP&conlogo=CT3335795 FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com => non trouvé(e) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => non trouvé(e) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-14] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.securery.com CHR StartupUrls: Default -> "hxxp://search.gophoto.it/?pl=2&ch=v1noadmin_1403","hxxp://google%20chrome/" CHR DefaultSearchURL: Default -> hxxp://sudterrasses.fr/wp-content/themes/selftitled/images/favicon.png CHR Profile: C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default [2018-01-14] CHR Extension: (Slides) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-21] CHR Extension: (Docs) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-21] CHR Extension: (Google Drive) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08] CHR Extension: (YouTube) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08] CHR Extension: (Liste de choix pour les essences de b...) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coifnicjhgomgaomgnenhopiaenfjlal [2017-01-01] CHR Extension: (Sheets) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-21] CHR Extension: (Google Docs hors connexion) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-08] CHR Extension: (Full Page Screenshot) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\glgomjpomoahpeekneidkinhcfjnnhmb [2017-12-11] CHR Extension: (Comparateur de prix via moteur de rec...) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\incnbmilkbdoflolmojfjfghafaflccc [2016-12-30] CHR Extension: (Skype) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-11] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-09] CHR Extension: (Commentez et Envoyez vos Captures d'écran) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin [2017-12-11] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-04] CHR Extension: (Gmail) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08] CHR Extension: (Chrome Media Router) - C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-16] CHR Profile: C:\Users\jean-marie\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-30] CHR HKU\S-1-5-21-3781594324-224420160-2389975494-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3781594324-224420160-2389975494-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1244408 2017-06-23] () R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2017-10-22] () S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.) R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [301720 2018-01-12] (AVG Technologies CZ, s.r.o.) R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [352672 2018-01-12] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7589200 2018-01-12] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-18] (ESET) S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [Fichier non signé] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe [404376 2018-01-05] (McAfee, Inc.) R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis) S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (Seiko Epson Corporation) S4 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation) S4 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation) S3 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2709176 2017-07-05] (pdfforge GmbH) S3 PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [1051312 2017-07-05] (pdfforge GmbH) S4 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [859312 2017-07-05] (pdfforge GmbH) S4 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (© pdfforge GmbH.) R2 prl_mobdisp; C:\Program Files (x86)\Parallels\Parallels Access\Application\amd64\prl_pm_service.exe [22430208 2015-08-11] (Parallels Holdings, Ltd. and its affiliates.) [Fichier non signé] R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec) R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-04-16] () S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH) S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5618960 2017-11-15] (AVG Technologies CZ, s.r.o.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe [493792 2017-11-07] (Wondershare) S4 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120096 2017-11-08] (Wondershare) S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe /Processid:{6108072E-B10F-4CD5-86DA-4501A499A9A3} ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices) R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [177536 2018-01-12] (AVG Technologies CZ, s.r.o.) R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2018-01-12] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [315152 2018-01-12] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [193096 2018-01-12] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [337408 2018-01-12] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2018-01-12] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2018-01-12] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [139112 2018-01-12] (AVG Technologies CZ, s.r.o.) R1 avgNetSec; C:\WINDOWS\System32\drivers\avgNetSec.sys [572928 2018-01-12] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2018-01-12] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2018-01-12] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1017624 2018-01-12] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [450360 2018-01-12] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196904 2018-01-12] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [351128 2018-01-12] (AVG Technologies CZ, s.r.o.) R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283200 2013-01-01] (DT Soft Ltd) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [134368 2017-11-07] (ESET) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107328 2017-11-07] (ESET) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-10-05] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-11-07] (ESET) S2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50744 2017-11-07] (ESET) R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81880 2017-11-07] (ESET) R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106304 2017-11-07] (ESET) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2012-12-21] () [Fichier non signé] S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [Fichier non signé] S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [Fichier non signé] S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [Fichier non signé] R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [366432 2017-10-22] (Acronis International GmbH) R0 FSProFilter; C:\WINDOWS\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs) R3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [54320 2009-09-21] (Symantec Corporation) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 prl_virtual_bus; C:\WINDOWS\system32\DRIVERS\prl_virtual_bus.sys [27368 2015-05-06] () S3 prl_virtual_hid; C:\WINDOWS\System32\drivers\prl_virtual_hid.sys [19688 2015-05-06] () R3 prl_virtual_sound; C:\WINDOWS\system32\DRIVERS\prl_virtual_sound.sys [46312 2015-05-27] (Parallels Holdings, Ltd. and its affiliates.) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated) S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2018-01-13] (SlimWare Utilities, Inc.) R0 symsnap; C:\WINDOWS\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267552 2017-10-22] (Acronis International GmbH) R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [193376 2017-10-22] (Acronis International GmbH) S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [601432 2017-10-22] (Acronis International GmbH) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.) S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [20992 2015-04-25] (Microsoft Corporation) R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [279392 2016-10-15] (Acronis International GmbH) S3 VProEventMonitor; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 X86BDA; C:\WINDOWS\system32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( ) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2018-01-14 09:54 - 2018-01-14 09:56 - 000032144 _____ C:\Users\jean-marie\Desktop\FRST.txt 2018-01-14 09:53 - 2018-01-14 09:54 - 000000000 ____D C:\FRST 2018-01-14 09:51 - 2018-01-14 09:52 - 002393088 _____ (Farbar) C:\Users\jean-marie\Desktop\FRST64.exe 2018-01-13 22:42 - 2018-01-13 22:42 - 000000000 ____D C:\Users\jean-marie\AppData\Roaming\ESET 2018-01-13 22:10 - 2018-01-13 22:10 - 000000000 ____D C:\Users\jean-marie\AppData\Local\ESET 2018-01-13 21:53 - 2018-01-13 21:53 - 000001970 _____ C:\Users\Public\Desktop\ESET Protection des transactions bancaires.lnk 2018-01-13 21:48 - 2018-01-13 21:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2018-01-13 21:48 - 2018-01-13 21:48 - 000000000 ____D C:\ProgramData\ESET 2018-01-13 21:48 - 2018-01-13 21:48 - 000000000 ____D C:\Program Files\ESET 2018-01-13 21:42 - 2018-01-13 21:42 - 004254840 _____ (ESET) C:\Users\jean-marie\Downloads\eset_internet_security_live_installer.exe 2018-01-13 20:40 - 2018-01-13 21:41 - 000000000 ____D C:\KVRT_Data 2018-01-13 20:38 - 2018-01-13 20:39 - 138986280 _____ (Kaspersky Lab ZAO) C:\Users\jean-marie\Desktop\KVRT.exe 2018-01-13 11:58 - 2018-01-13 11:58 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-01-12 22:53 - 2018-01-12 22:54 - 008198432 _____ (Malwarebytes) C:\Users\jean-marie\Downloads\adwcleaner_7.0.6.0.exe 2018-01-12 22:40 - 2018-01-12 22:45 - 000013870 _____ C:\Users\jean-marie\Desktop\ZHPCleaner.txt 2018-01-12 22:31 - 2018-01-12 22:31 - 000000896 _____ C:\Users\jean-marie\Desktop\ZHPCleaner.lnk 2018-01-12 22:29 - 2018-01-12 22:29 - 003044224 _____ C:\Users\jean-marie\Downloads\ZHPCleaner.exe 2018-01-12 20:37 - 2018-01-12 20:37 - 000002027 _____ C:\Users\Public\Desktop\AVG Internet Security.lnk 2018-01-12 20:37 - 2018-01-12 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2018-01-12 20:37 - 2018-01-12 20:32 - 000177536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys 2018-01-12 20:33 - 2018-01-12 20:32 - 000366800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2018-01-12 13:44 - 2018-01-13 10:53 - 000251520 _____ C:\Users\jean-marie\Desktop\ZHPDiag.txt 2018-01-12 13:37 - 2018-01-13 10:49 - 000000000 ____D C:\Users\jean-marie\AppData\Roaming\ZHP 2018-01-12 13:37 - 2018-01-13 10:47 - 000000886 _____ C:\Users\jean-marie\Desktop\ZHPDiag.lnk 2018-01-12 13:37 - 2018-01-12 22:31 - 000000000 ____D C:\Users\jean-marie\AppData\Local\ZHP 2018-01-12 13:37 - 2018-01-12 13:37 - 002962304 _____ C:\Users\jean-marie\Downloads\ZHPDiag3.exe 2018-01-09 19:06 - 2018-01-09 19:06 - 000220142 _____ C:\Users\jean-marie\Downloads\cerfa_13410-04 (6).pdf 2018-01-09 18:42 - 2018-01-09 18:42 - 000220142 _____ C:\Users\jean-marie\Downloads\cerfa_13410-04 (5).pdf 2018-01-09 10:47 - 2018-01-09 10:47 - 000281600 _____ C:\WINDOWS\Minidump\010918-114156-01.dmp 2018-01-09 10:46 - 2018-01-09 10:45 - 970640194 ____N C:\WINDOWS\MEMORY.DMP 2018-01-08 23:14 - 2018-01-08 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2018-01-08 23:13 - 2018-01-08 23:14 - 000000000 ____D C:\ProgramData\McAfee Security Scan 2018-01-04 21:59 - 2018-01-04 21:59 - 000997088 _____ C:\Users\jean-marie\Downloads\drfone_setup_full3438.exe 2018-01-04 21:58 - 2018-01-04 21:58 - 000000000 ____D C:\Users\jean-marie\AppData\Roaming\MobileBackupForeverIni 2018-01-04 21:56 - 2018-01-04 21:56 - 000000000 ____D C:\ProgramData\wsr 2018-01-04 20:51 - 2018-01-04 21:50 - 000000000 ____D C:\Users\jean-marie\AppData\Roaming\Wondershare 2018-01-04 20:51 - 2018-01-04 20:51 - 000001309 _____ C:\Users\Public\Desktop\dr.fone.lnk 2018-01-04 20:50 - 2017-09-27 17:29 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config 2018-01-04 20:47 - 2018-01-04 20:47 - 000997088 _____ C:\Users\jean-marie\Downloads\drfone_recover_setup_full3447.exe 2018-01-04 10:57 - 2018-01-04 10:57 - 000000968 _____ C:\Users\Public\Desktop\WinDirStat.lnk 2018-01-04 10:56 - 2018-01-04 10:57 - 000000000 ____D C:\Program Files (x86)\windirstat 2018-01-04 10:55 - 2018-01-04 10:55 - 000747721 _____ C:\Users\jean-marie\Downloads\windirstat_windirstat_1.1.2_francais_13900.zip 2018-01-03 12:41 - 2018-01-03 12:41 - 000073998 _____ C:\Users\jean-marie\Desktop\factures sansault 2017.pdf 2018-01-03 12:25 - 2018-01-03 12:42 - 000000000 ____D C:\Users\jean-marie\AppData\Roaming\PDF Architect 5 2018-01-03 12:25 - 2018-01-03 12:41 - 000000000 ____D C:\Users\jean-marie\AppData\Local\PDFCreator 2018-01-03 12:25 - 2018-01-03 12:25 - 000000000 ____D C:\Program Files (x86)\PDF Architect 5 Manager 2018-01-03 12:25 - 2018-01-03 12:25 - 000000000 ____D C:\Program Files (x86)\PDF Architect 5 2018-01-03 12:23 - 2018-01-03 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 5 2018-01-03 12:22 - 2018-01-03 12:25 - 000000000 ____D C:\Program Files\PDF Architect 5 2018-01-03 12:20 - 2018-01-03 12:42 - 000000000 ____D C:\ProgramData\PDF Architect 5 2018-01-03 12:20 - 2018-01-03 12:20 - 000117248 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll 2018-01-03 12:19 - 2018-01-05 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2018-01-03 12:19 - 2018-01-03 12:33 - 000000000 ____D C:\Program Files\PDFCreator 2018-01-03 12:19 - 2018-01-03 12:19 - 000000859 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2018-01-03 12:16 - 2018-01-03 12:17 - 032643808 _____ (pdfforge GmbH) C:\Users\jean-marie\Downloads\PDFCreator-3_1_0-Setup.exe 2018-01-02 16:44 - 2018-01-02 16:44 - 000220142 _____ C:\Users\jean-marie\Downloads\cerfa_13410-04 (4).pdf 2018-01-02 16:44 - 2018-01-02 16:44 - 000220142 _____ C:\Users\jean-marie\Downloads\cerfa_13410-04 (3).pdf 2018-01-02 15:59 - 2018-01-02 15:59 - 000220142 _____ C:\Users\jean-marie\Downloads\cerfa_13410-04 (2).pdf 2018-01-01 16:12 - 2018-01-01 16:12 - 000220142 _____ C:\Users\jean-marie\Downloads\cerfa_13410-04 (1).pdf 2018-01-01 16:06 - 2018-01-01 16:06 - 000220142 _____ C:\Users\jean-marie\Downloads\cerfa_13410-04.pdf 2017-12-30 16:47 - 2017-12-30 16:47 - 000007795 _____ C:\Users\jean-marie\Downloads\justificatif (4).pdf 2017-12-27 20:14 - 2017-12-27 20:14 - 000001770 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-12-27 20:13 - 2017-12-27 20:13 - 000000000 ____D C:\Program Files\iPod 2017-12-27 20:11 - 2017-12-27 20:13 - 000000000 ____D C:\Program Files\iTunes 2017-12-27 14:45 - 2017-12-27 14:45 - 001038272 _____ (iMobie Inc.) C:\Users\jean-marie\Downloads\phonerescue-setup (4).exe 2017-12-27 14:45 - 2017-12-27 14:45 - 001038272 _____ (iMobie Inc.) C:\Users\jean-marie\Downloads\phonerescue-setup (3).exe 2017-12-21 23:57 - 2017-12-21 23:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG 2017-12-21 23:57 - 2017-12-21 23:57 - 000000000 ____D C:\Program Files\Common Files\avg 2017-12-18 22:45 - 2017-12-18 22:45 - 000075220 _____ C:\Users\jean-marie\Downloads\tension-sav (1).xlsx 2017-12-17 21:01 - 2017-12-17 21:01 - 000000000 ____D C:\Users\jean-marie\AppData\LocalLow\BitTorrent 2017-12-17 16:49 - 2017-12-17 16:49 - 000001465 _____ C:\Users\jean-marie\AppData\Local\recently-used.xbel ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2018-01-14 05:47 - 2014-06-17 09:50 - 000003968 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{01A06D9E-CF40-463E-8D71-DD0D77A91700} 2018-01-14 04:40 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-01-14 00:36 - 2012-12-30 21:48 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3781594324-224420160-2389975494-1001 2018-01-13 21:53 - 2016-10-15 08:36 - 000000000 ____D C:\Users\jean-marie\AppData\Roaming\Parallels 2018-01-13 21:53 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\tracing 2018-01-13 21:53 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf 2018-01-13 21:52 - 2012-07-26 09:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2018-01-13 16:58 - 2017-10-03 15:58 - 000000554 _____ C:\WINDOWS\Tasks\AVG Driver Updater Scan.job 2018-01-13 14:34 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\registration 2018-01-13 13:38 - 2014-06-17 07:51 - 000000000 ___DO C:\Users\jean-marie\OneDrive 2018-01-13 13:36 - 2016-10-15 08:36 - 000000000 ____D C:\ProgramData\Parallels 2018-01-13 13:35 - 2017-10-03 15:58 - 000000500 _____ C:\WINDOWS\Tasks\AVG Driver Updater Startup.job 2018-01-13 13:34 - 2017-10-03 15:58 - 000025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys 2018-01-13 13:32 - 2017-10-09 16:16 - 000065536 _____ C:\WINDOWS\system32\Ikeext.etl 2018-01-13 13:32 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-01-13 13:30 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2018-01-13 13:11 - 2016-09-21 05:07 - 000003600 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2018-01-13 12:03 - 2013-08-07 18:33 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-01-13 12:03 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-01-13 11:57 - 2013-01-01 04:18 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-01-13 11:16 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI 2018-01-13 10:38 - 2014-01-27 13:22 - 000000000 ____D C:\AdwCleaner 2018-01-13 10:32 - 2014-03-18 11:02 - 000005646 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-01-13 10:32 - 2014-03-18 10:26 - 005976626 _____ C:\WINDOWS\system32\perfh00C.dat 2018-01-13 10:32 - 2014-03-18 10:26 - 001778158 _____ C:\WINDOWS\system32\perfc00C.dat 2018-01-12 23:06 - 2017-10-25 21:38 - 000004142 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1508963869 2018-01-12 23:06 - 2017-10-25 21:38 - 000001425 _____ C:\Users\jean-marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk 2018-01-12 22:58 - 2017-10-25 21:37 - 000000000 ____D C:\Users\jean-marie\AppData\Roaming\Lavasoft 2018-01-12 22:58 - 2017-10-25 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2018-01-12 22:58 - 2017-10-25 21:37 - 000000000 ____D C:\ProgramData\Lavasoft 2018-01-12 22:58 - 2017-10-25 21:37 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2018-01-12 21:57 - 2013-07-27 18:37 - 000001299 _____ C:\Users\jean-marie\Desktop\Spybot - Search & Destroy.lnk 2018-01-12 21:08 - 2016-05-21 22:21 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2018-01-12 20:38 - 2014-06-17 00:23 - 000000000 ____D C:\Users\jean-marie 2018-01-12 20:37 - 2017-03-23 14:23 - 000003920 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update 2018-01-12 20:37 - 2017-02-22 12:35 - 000450360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2018-01-12 20:37 - 2017-02-22 12:35 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2018-01-12 20:32 - 2017-02-22 12:35 - 000449848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys.151578583698404 2018-01-12 20:32 - 2017-02-22 12:35 - 000351128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2018-01-12 20:32 - 2017-02-22 12:35 - 000196904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys 2018-01-12 20:32 - 2017-02-22 12:35 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys.151578583698404 2018-01-12 20:32 - 2017-02-22 12:35 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys 2018-01-12 20:32 - 2017-02-22 12:35 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2018-01-12 20:32 - 2017-02-22 12:35 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys 2018-01-12 20:31 - 2017-03-26 09:50 - 000572928 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetSec.sys 2018-01-12 20:31 - 2017-02-22 12:35 - 001017624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2018-01-12 20:31 - 2017-02-22 12:35 - 000337408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys 2018-01-12 20:31 - 2017-02-22 12:35 - 000315152 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys 2018-01-12 20:31 - 2017-02-22 12:35 - 000193096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys 2018-01-12 20:31 - 2017-02-22 12:35 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys 2018-01-12 20:31 - 2017-02-22 12:35 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys 2018-01-12 20:28 - 2016-02-21 10:12 - 000000000 ____D C:\Users\jean-marie\AppData\Local\AvgSetupLog 2018-01-12 11:49 - 2016-10-09 08:28 - 000000000 ___RD C:\Users\jean-marie\Google Drive 2018-01-10 10:21 - 2017-07-27 13:47 - 000003188 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3781594324-224420160-2389975494-1001 2018-01-10 10:21 - 2016-05-01 20:06 - 000002410 _____ C:\Users\jean-marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive Entreprise.lnk 2018-01-09 11:02 - 2014-06-17 00:23 - 000000000 ____D C:\Users\Administrateur 2018-01-09 10:47 - 2014-08-14 12:18 - 000000000 ____D C:\WINDOWS\Minidump 2018-01-09 10:46 - 2013-08-22 15:44 - 000490064 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-01-09 02:27 - 2016-10-08 12:14 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-01-09 02:27 - 2016-10-08 12:14 - 000002172 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-01-08 23:14 - 2017-09-27 17:52 - 000001991 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2018-01-08 23:14 - 2016-03-15 19:29 - 000000000 ____D C:\Program Files\McAfee Security Scan 2018-01-04 21:57 - 2016-07-17 21:26 - 000000000 ____D C:\Users\jean-marie\AppData\Local\Wondershare 2018-01-04 21:57 - 2016-07-17 21:25 - 000000000 ____D C:\ProgramData\Wondershare 2018-01-04 21:04 - 2012-12-30 21:50 - 000000000 ____D C:\Users\jean-marie\AppData\Local\Microsoft Help 2018-01-04 20:51 - 2016-07-17 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2018-01-04 20:49 - 2016-07-17 21:25 - 000000000 ____D C:\Program Files (x86)\Wondershare 2018-01-04 11:18 - 2014-01-08 21:08 - 000001741 _____ C:\Users\jean-marie\AppData\Roaming\QuickZip45.ini 2017-12-27 20:34 - 2014-01-27 14:05 - 000000000 ____D C:\ProgramData\AVG 2017-12-27 20:14 - 2014-09-27 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-12-21 20:36 - 2013-08-29 22:41 - 000000000 ____D C:\Users\jean-marie\.thumbnails 2017-12-21 19:19 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-12-21 00:56 - 2017-10-22 22:51 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-12-21 00:56 - 2017-10-22 22:51 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-18 22:58 - 2013-09-01 21:35 - 000000000 ____D C:\Users\jean-marie\AppData\Roaming\BitTorrent 2017-12-17 16:57 - 2013-03-19 22:56 - 000000000 ____D C:\Users\jean-marie\.gimp-2.8 ==================== Fichiers à la racine de certains dossiers ======= 2016-12-26 22:39 - 2016-12-26 23:08 - 000000019 _____ () C:\Users\jean-marie\AppData\Roaming\ArchiFacile.json 2014-01-08 21:08 - 2018-01-04 11:18 - 000001741 _____ () C:\Users\jean-marie\AppData\Roaming\QuickZip45.ini 2014-10-13 18:01 - 2014-10-15 18:01 - 000187065 _____ () C:\Users\jean-marie\AppData\Roaming\VideoPad.dmp 2017-10-22 09:21 - 2017-10-22 09:26 - 503043688 _____ () C:\Users\jean-marie\AppData\Local\AcronisTrueImage2016_6595.exe 2013-12-26 23:43 - 2014-01-03 17:36 - 000007168 _____ () C:\Users\jean-marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-10-15 08:37 - 2018-01-13 22:08 - 002813092 _____ () C:\Users\jean-marie\AppData\Local\parallels-pax.log 2017-12-17 16:49 - 2017-12-17 16:49 - 000001465 _____ () C:\Users\jean-marie\AppData\Local\recently-used.xbel 2014-03-22 12:00 - 2014-03-22 12:00 - 000000017 _____ () C:\Users\jean-marie\AppData\Local\resmon.resmoncfg Certains fichiers dans TEMP: ==================== 2012-07-09 00:40 - 2012-07-09 00:40 - 001299920 _____ (Microsoft Corporation) C:\Users\Administrateur\AppData\Local\Temp\PresentationCore.dll 2012-07-09 00:40 - 2012-07-09 00:40 - 002040296 _____ (Microsoft Corporation) C:\Users\Administrateur\AppData\Local\Temp\PresentationFramework.dll 2012-07-09 00:40 - 2012-07-09 00:40 - 000232904 _____ (Microsoft Corporation) C:\Users\Administrateur\AppData\Local\Temp\ReachFramework.dll 2012-07-09 00:40 - 2012-07-09 00:40 - 000031200 _____ (Microsoft Corporation) C:\Users\Administrateur\AppData\Local\Temp\UIAutomationProvider.dll 2012-07-09 00:40 - 2012-07-09 00:40 - 000039376 _____ (Microsoft Corporation) C:\Users\Administrateur\AppData\Local\Temp\UIAutomationTypes.dll 2012-07-09 00:40 - 2012-07-09 00:40 - 000650168 _____ (Microsoft Corporation) C:\Users\Administrateur\AppData\Local\Temp\WindowsBase.dll 2012-07-09 00:40 - 2012-07-09 00:40 - 000035816 _____ (Microsoft Corporation) C:\Users\Administrateur\AppData\Local\Temp\WindowsFormsIntegration.dll ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement C:\WINDOWS\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2018-01-14 04:35 ==================== Fin de FRST.txt ============================