Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trottus then Kyubey now Defender is not working anymore


  • This topic is locked This topic is locked
34 replies to this topic

#1 UnhappyCyborg

UnhappyCyborg

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 11 March 2017 - 05:19 AM

Hello :)

I have been infected with the Trottux adware some time ago. So I logon to Bleeping Computer, checked for a removal guide, found one, and applied it to the letter.
And so it was Trottux disappeared. However, since then, I can't get Windows Defender to start again...
Defender_Icon.png this appears in the trail

Defender_window.png

And this shows when I double click the trail icon. So, you'd think, all I'd have to do is click start now and sit back, but it never is that simple.

When I do, it says Virus Definitions are not up to date. I therefore head to the update section and update. Sometimes it works (or says it does), sometimes I get a 0x805800c and the update fails. But regardless after a while or when I reboot the computer I have to start the whole process again. I tried restarting the process as someone suggested, I tried installing the definitions manually from windows website but nothing would fix it the Defender_Icon.png icon just stays. Now I gave up and I am using Zemana AntiMalware for the meantime.

 

My browser is often hijacked again, and Zemana keeps detecting malware and adware.

Here is a list of what it found recently. It often finds them again.

Zemana_Report.png

The one I find most disturbing is Kyubey.exe, I've read it could do some serious damage.

 

Also there are a lot of strange folder in my program files directory which I can't delete because a process I can't find in the task manager is using them.

 

Would you have any idea what I could do to get rid of this all?

Thanks a lot for your help and consideration.

 

System Specs:

Specs.png

 

 

 



BC AdBot (Login to Remove)

 


#2 UnhappyCyborg

UnhappyCyborg
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 11 March 2017 - 08:46 AM

Just noticed there were two suspicious rundll32's permanently attached to a "Drjother" directory containing several "_ALLOWDEL_xxxxx" directories (some the the directories I can't delete). Running through a MRT scan right now, already found 30 infected files, I'll keep this updated.



#3 satchfan

satchfan

  • Malware Response Team
  • 2,850 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:04 AM

Posted 11 March 2017 - 10:17 AM

Hello UnhappyCyborg and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.


  • on Windows Vista, 7/8,10, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/7/8/10, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

RKreport.txt
zoek-results.log
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 UnhappyCyborg

UnhappyCyborg
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 11 March 2017 - 10:30 AM

Hi Satchfan, and thank you for your swift answer.

 

I really enjoyed your formatting.

I will start following your instructions right now. Should I interrupt the MRT nonetheless?

 

By the way, all the links for zoek.exe seem to be dead for the meantime.

Nevermind, found another one. :)


Edited by UnhappyCyborg, 11 March 2017 - 10:33 AM.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,850 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:04 AM

Posted 11 March 2017 - 10:35 AM

Should I interrupt the MRT nonetheless?

 

You can let that run if you like and then follow my instructions when it has finished.

 

I have to leave soon and may not reply until this evening, (GMT).

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,850 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:04 AM

Posted 11 March 2017 - 10:42 AM

Apologies, just seen the Zoek problem.

 

The links indeed seem down at the moment so just leave that part out and run RogueKiller and FRST.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 satchfan

satchfan

  • Malware Response Team
  • 2,850 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:04 AM

Posted 11 March 2017 - 10:45 AM

Working link for Zoek here.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 UnhappyCyborg

UnhappyCyborg
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 11 March 2017 - 11:56 AM

Ran all the scans as asked. :)

 

So, in the required order:

 

zoek-results.log
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Jean-Michel Crapaud on 11/03/2017 at 16:38:21.96.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Bernard\Desktop\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/03/2017 16:39:02 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MK deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Administrateur\AppData\LocalLow deleted successfully
C:\Users\Administrateur\AppData\Local\ActiveSync deleted successfully
C:\Users\Bernard\AppData\Local\ActiveSync deleted successfully
C:\Users\Bernard\AppData\Local\Ahghtshonge deleted successfully
C:\Users\Bernard\AppData\Local\Black_Tree_Gaming deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\MK not found
C:\Users\Bernard\AppData\Roaming\Amanote deleted
C:\Users\Bernard\AppData\Roaming\discord deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Bernard\AppData\Local\BitLord deleted
C:\Users\Bernard\AppData\Local\Wondershare deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Bernard\Documents\BitLord deleted
"C:\WINDOWS\Installer\3e9c708.msi" deleted
"C:\Users\Bernard\AppData\Local\{85ADDFBA-5926-4321-BEE0-E15D55160A9B}" deleted
"C:\Users\Bernard\AppData\Roaming\WinSnare\WinSnare.dll" deleted
"C:\Users\Bernard\AppData\Roaming\WinSnare" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466
user_pref("browser.startup.homepage", "about:home");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466
- Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- iMacros for Firefox - %ProfilePath%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466
86BD236BE6DA240730EFD2C8026E5B16 - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll - Shockwave Flash
CAF78E18A9E1380A0A38065B3B1210E0 - C:\Users\Bernard\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin
1CDD28B47D8198F868349BDFBCD1281B - C:\Users\Bernard\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.startpageing123.com/?type=hp&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX"
"Default_Search_URL"="http://www.startpageing123.com/search/?type=ds&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX&q={searchTerms}"
"Search Page"="http://www.startpageing123.com/search/?type=ds&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX&q={searchTerms}"
"Start Page"="http://www.startpageing123.com/?type=hp&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.startpageing123.com/?type=hp&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX"
"Default_Search_URL"="http://www.startpageing123.com/search/?type=ds&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX&q={searchTerms}"
"Search Page"="http://www.startpageing123.com/search/?type=ds&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX&q={searchTerms}"
"Start Page"="http://www.startpageing123.com/?type=hp&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown Url="Not_Found"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2792659385-62999317-2928674910-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3605470-291B-44EB-8648-745EE356599A} deleted successfully
HKEY_USERS\S-1-5-21-2792659385-62999317-2928674910-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{E3605470-291B-44EB-8648-745EE356599A} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E3605470-291B-44EB-8648-745EE356599A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1F6D371FD48281B4F9E675DD0CE543AE deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F173D6F1-284D-4B18-9F6E-57DDC05E34EA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1F6D371FD48281B4F9E675DD0CE543AE deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrateur\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bernard\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bernard\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Administrateur\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Bernard\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Bernard\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Bernard\AppData\Local\Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Bernard\AppData\Local\Blisk\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1259 folders=1703 3858404576 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Bernard\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Bernard\AppData\Roaming\WinSnare" not found

==== EOF on 11/03/2017 at 17:09:35.19 ======================

 

RKlog.txt

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Jean-Michel Crapaud [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/11/2017 17:13:59 (Duration : 00:19:56)

¤¤¤ Processes : 2 ¤¤¤
[PUP.AMule|VT.Adwareare.Elex.Gen7!c] ed2k.exe(5228) -- C:\Program Files (x86)\amulell\ed2k.exe[-] -> Found
[PUP.AMule|VT.Adwareare.Elex.Gen7!c] (SVC) ed2kidle -- "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle[-] -> Found

¤¤¤ Registry : 22 ¤¤¤
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{39BE6DD8-FFDC-11E6-B0D9-64006A5CFC23} (C:\Users\Bernard\AppData\Roaming\Coabesedapy\Pedotion.dll) -> Found
[Adw.Elex] (X64) HKEY_LOCAL_MACHINE\Software\InterSect Alliance -> Found
[Adw.Elex] (X64) HKEY_USERS\S-1-5-21-2792659385-62999317-2928674910-1001\Software\WinSnare -> Found
[Adw.Elex] (X86) HKEY_USERS\S-1-5-21-2792659385-62999317-2928674910-1001\Software\WinSnare -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {39BE6DD8-FFDC-11E6-B0D9-64006A5CFC23} : (C:\Users\Bernard\AppData\Roaming\Coabesedapy\Pedotion.dll) [x] -> Found
[Adw.Elex|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | WinSnare : (C:\Users\Bernard\AppData\Roaming\WinSnare\WinSnare.dll) [x] -> Found
[PUP.AMule|VT.Adwareare.Elex.Gen7!c] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ed2kidle ("C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle) -> Found
[Adw.Elex|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSnare (C:\Users\Bernard\AppData\Roaming\WinSnare\WinSnare.dll) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{3B03F5D1-8C7E-44C8-80DD-C89D8193037F}C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{6972D8BB-B14F-45BD-8D74-03A2E0370CC7}C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{E66B562D-05B6-485F-84EC-31B7D2C16023}C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{3C859870-BD11-4564-9613-FED00E5377F1}C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C4C2359C-2CB9-4C30-91CB-7AFEAB90B949}C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{7434BB7D-48CA-4945-83BA-0EF158CFD540}C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{E0D3C6A8-23B2-46A8-83B1-EDCD9DDE3EF9}C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{FB26FA68-FA1E-4030-9B41-2F222B36C122}C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{696C3689-F155-4029-94F0-5EE383EA2E4A}C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{62B81FD1-CFAA-4718-8AEC-F88EF93AD243}C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{AB7B46E4-A8FC-4CD3-AC59-724196F305A3}C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{83FEAA0A-BC1B-42AD-B0CC-F5B706EF8875}C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe|Name=webtorrent.exe|Desc=webtorrent.exe|Defer=User| [7] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

¤¤¤ Tasks : 6 ¤¤¤
[Suspicious.Path] \9143B8360B8160r2323 -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
[Suspicious.Path] \9143B8360B8160r2323-dll -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
[Suspicious.Path] \boustrocode -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
[Suspicious.Path] \firefox -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
[Suspicious.Path] \manager -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found
[Suspicious.Path] \updater -- C:\WINDOWS\system32\rundll32.exe ("C:\ProgramData\9143B8360B8160r2323\9143B8360B8160r2323.dll",BrHjPRQ) -> Found

¤¤¤ Files : 13 ¤¤¤
[PUP.AMule][Folder] C:\Users\Bernard\AppData\Roaming\aMule -> Found
[PUP.Gen1][Folder] C:\Users\Bernard\AppData\Local\Free YouTube Downloader -> Found
[PUP.QRss][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\FREEST~1.EXE -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\PREMIU~1.EXE -> Found
[PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\lib\UNINST~1.EXE -> Found
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader -> Found
[Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Official OpenSSL Documentation.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.startpageing123.com/?type=sc&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX -> Found
[Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Official OpenSSL Website.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.startpageing123.com/?type=sc&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX -> Found
[Hj.Shortcut][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL\Windows OpenSSL Website.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.startpageing123.com/?type=sc&ts=1489157213&z=537dcad076e37520938849fgczcbat6g3w0mdo7g0o&from=che0812&uid=HGSTXHTS721010A9E630_JS10006206LPAT06LPATX -> Found
[PUP.AMule][Folder] C:\Program Files (x86)\amulell -> Found
[PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 9ae3a5b1a7b051516ee4448f137a2060
[BSP] 048d9c92c4d7a399084fdf70c6629fce : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 953868 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk SD7SB3Q128G1002 +++++
--- User ---
[MBR] f075814b074a80a94120d88394e8fe2b
[BSP] d98d44559707a9a2da67b1dc1cbbbeef : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 121328 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 249047040 | Size: 499 MB
User = LL1 ... OK
User = LL2 ... OK

 

FRST.txt

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Exécuté par Jean-Michel Crapaud (administrateur) sur BERNARD (11-03-2017 17:35:53)
Exécuté depuis C:\Users\Bernard\Desktop
Profils chargés: Jean-Michel Crapaud (Profils disponibles: Jean-Michel Crapaud)
Platform: Windows 10 Home Version 1607 (X64) Langue: French (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IEC) C:\Program Files (x86)\BikaQRss\BikaQ.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TorrentsTime) C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Copyright 2017.) D:\Programs\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Apple Inc.) D:\Programs\Itunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(hxxp://www.amuleall.org/) C:\Program Files (x86)\amulell\ed2k.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-01] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [iTunesHelper] => D:\Programs\Itunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [ZAM] => D:\Programs\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\RunOnce: [Uninstall C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\RunOnce: [Uninstall C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\MountPoints2: {a460b90a-2572-11e6-8f67-7c5cf849ee99} - "F:\BioPrint.exe"
HKLM\...\Providers\l5g3jx5f: C:\Program Files (x86)\Qertochreewile Server\local64spl.dll
ShellExecuteHooks: Pas de nom - {39BE6DD8-FFDC-11E6-B0D9-64006A5CFC23} - C:\Users\Bernard\AppData\Roaming\Coabesedapy\Pedotion.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6294c69e-c4d6-4c59-9dfd-1b863750bd2e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7a7a659-660b-4bc5-8879-07c85ed745e0}: [DhcpNameServer] 62.197.111.140 109.88.203.3

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope la valeur est absente
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2792659385-62999317-2928674910-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2792659385-62999317-2928674910-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> D:\Programs\VisualStudio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466 [2017-03-11]
FF Homepage: Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466 -> about:home
FF Extension: (uBlock Origin) - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466\Extensions\uBlock0@raymondhill.net.xpi [2017-03-08]
FF Extension: (iMacros for Firefox) - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2017-03-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2792659385-62999317-2928674910-1001: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [2017-01-17] (Torrents Time)
FF Plugin HKU\S-1-5-21-2792659385-62999317-2928674910-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\Bernard\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll [2014-10-27] (VASCO Data Security)
FF Plugin HKU\S-1-5-21-2792659385-62999317-2928674910-1001: vasco.com/VascoCardReaderPlugin64 -> C:\Users\Bernard\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll [2014-10-27] (VASCO Data Security)

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-28] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [384512 2016-06-27] (Digital Wave Ltd.) [Fichier non signé]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 ed2kidle; C:\Program Files (x86)\amulell\ed2k.exe [214528 2017-03-10] (hxxp://www.amuleall.org/) [Fichier non signé]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2016-11-16] (Freemake) [Fichier non signé]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [Fichier non signé]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Fichier non signé]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [Fichier non signé]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [323824 2016-03-16] (Locktime Software)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Fichier non signé]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Fichier non signé]
R2 TTService; C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3278336 2017-01-27] (TorrentsTime) [Fichier non signé]
S3 VSStandardCollectorService140; D:\Programs\VisualStudio\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; D:\Programs\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 WinSnare; C:\Users\Bernard\AppData\Roaming\WinSnare\WinSnare.dll [X] <==== ATTENTION

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUS Corporation)
S3 blackberryncm; C:\WINDOWS\System32\drivers\blackberryncm6_AMD64.sys [36360 2016-04-24] (BlackBerry)
S3 BrSerIf; C:\WINDOWS\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-04-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-04-23] (Disc Soft Ltd)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-03-07] (REALiX™)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
R1 MpKsl0fd65496; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{815841BA-2D14-4B2D-97F5-9DBC1880799F}\MpKsl0fd65496.sys [44928 2017-03-11] (Microsoft Corporation)
R1 MpKsl20cba032; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{40638DE0-2257-4B7A-9202-E1FF844A8269}\MpKsl20cba032.sys [44928 2017-03-10] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3515664 2016-01-29] (Intel Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [128328 2016-03-16] (Locktime Software)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_09482e89528c3434\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2016-04-24] (Research In Motion Limited)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-07-28] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [Fichier non signé]
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [437160 2016-09-11] (IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-08] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-03-11 17:35 - 2017-03-11 17:36 - 00028454 _____ C:\Users\Bernard\Desktop\FRST.txt
2017-03-11 17:35 - 2017-03-11 17:35 - 02424320 _____ (Farbar) C:\Users\Bernard\Desktop\FRST64.exe
2017-03-11 17:35 - 2017-03-11 17:35 - 00000000 ____D C:\Users\Bernard\Desktop\FRST-OlderVersion
2017-03-11 17:35 - 2017-03-11 17:35 - 00000000 ____D C:\FRST
2017-03-11 17:14 - 2017-03-11 17:34 - 00000000 ____D C:\Users\Bernard\Desktop\Log Collection
2017-03-11 17:14 - 2017-03-11 17:14 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-11 17:13 - 2017-03-11 17:34 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-11 17:13 - 2017-03-11 17:13 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-11 17:13 - 2017-03-11 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-11 17:13 - 2017-03-11 17:13 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-11 16:53 - 2017-03-11 16:37 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-03-11 16:37 - 2017-03-11 16:50 - 00000000 ____D C:\zoek_backup
2017-03-11 16:34 - 2017-03-11 16:34 - 00000063 _____ C:\Users\Bernard\Desktop\New Text Document.txt
2017-03-11 16:33 - 2017-03-11 16:33 - 04186040 _____ C:\Users\Bernard\Desktop\zoek.zip
2017-03-11 16:33 - 2017-03-11 16:33 - 00000000 ____D C:\Users\Bernard\Desktop\zoek
2017-03-11 14:40 - 2017-03-11 14:40 - 00003326 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-11 14:40 - 2017-03-11 14:40 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-11 14:40 - 2017-03-11 14:40 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\aMule
2017-03-11 14:40 - 2017-03-11 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-03-11 14:40 - 2017-03-11 14:40 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.8)
2017-03-11 14:40 - 2017-03-11 14:40 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-11 14:40 - 2017-03-11 14:40 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-11 14:37 - 2017-03-11 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-11 14:35 - 2017-03-11 15:56 - 00007603 _____ C:\Users\Bernard\AppData\Local\Resmon.ResmonCfg
2017-03-10 15:47 - 2017-03-10 15:47 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-10 15:47 - 2017-03-10 15:47 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-10 15:46 - 2017-03-10 15:46 - 00000388 _____ C:\WINDOWS\SysWOW64\data.bin
2017-03-10 13:35 - 2017-03-10 13:35 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-03-09 10:15 - 2017-03-10 13:34 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-03-09 10:15 - 2017-03-09 10:15 - 00000000 ____D C:\Program Files (x86)\l5g3jx5f
2017-03-08 20:25 - 2017-03-08 20:25 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-03-08 20:18 - 2017-03-08 20:18 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-03-08 20:15 - 2017-03-08 20:15 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-03-08 20:14 - 2017-03-08 20:18 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-08 20:06 - 2017-03-11 17:35 - 00085263 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-08 20:06 - 2017-03-11 17:35 - 00040854 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-08 20:06 - 2017-03-08 20:06 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-08 20:06 - 2017-03-08 20:06 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-08 20:06 - 2017-03-08 20:06 - 00000000 ____D C:\Users\Bernard\AppData\Local\Zemana
2017-03-08 20:06 - 2017-03-08 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-08 19:05 - 2017-03-08 19:05 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2017-03-08 18:46 - 2017-03-11 17:09 - 00000000 ____D C:\Program Files (x86)\Drjother
2017-03-08 18:46 - 2017-03-08 20:12 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Coabesedapy
2017-03-08 18:46 - 2017-03-08 18:46 - 00006102 _____ C:\WINDOWS\System32\Tasks\Qertochreewile Server
2017-03-08 18:45 - 2017-03-08 18:48 - 00000000 ____D C:\Users\Bernard\AppData\Local\FindIp
2017-03-08 13:55 - 2017-03-08 13:55 - 00000000 ____D C:\Users\Bernard\AppData\Local\Steam
2017-03-08 08:58 - 2017-03-11 17:09 - 00000008 __RSH C:\Users\Bernard\ntuser.pol
2017-03-08 00:00 - 2017-03-08 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7GIF
2017-03-07 18:45 - 2017-03-11 17:09 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-07 18:45 - 2017-03-08 20:09 - 00000000 ___HD C:\ProgramData\9143B8360B8160r2323
2017-03-07 18:45 - 2017-03-07 18:45 - 00027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-03-07 18:45 - 2017-03-07 18:45 - 00000000 ____D C:\WINDOWS\IObit
2017-03-07 16:16 - 2017-03-07 16:23 - 00000944 _____ C:\Users\Bernard\Desktop\Spartiti - Shortcut.lnk
2017-03-07 16:16 - 2017-03-07 16:23 - 00000898 _____ C:\Users\Bernard\Desktop\Work - Shortcut.lnk
2017-03-07 16:15 - 2017-03-07 16:24 - 00000923 _____ C:\Users\Bernard\Desktop\Paperasse - Shortcut.lnk
2017-03-07 16:15 - 2017-03-07 16:22 - 00000914 _____ C:\Users\Bernard\Desktop\Prog - Shortcut.lnk
2017-03-07 16:15 - 2017-03-07 16:18 - 00001668 _____ C:\Users\Bernard\Desktop\BATs - Shortcut.lnk
2017-03-07 16:15 - 2017-03-07 16:17 - 00001675 _____ C:\Users\Bernard\Desktop\Notes - Shortcut.lnk
2017-03-07 16:15 - 2017-03-07 16:17 - 00000972 _____ C:\Users\Bernard\Desktop\Graphic Design - Shortcut.lnk
2017-03-07 10:56 - 2017-03-07 18:45 - 00000000 ____D C:\ProgramData\IObit
2017-03-07 10:56 - 2017-03-07 10:56 - 00003110 _____ C:\WINDOWS\System32\Tasks\IObitSelfCheckTask
2017-03-07 10:56 - 2017-03-07 10:56 - 00003106 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2017-03-07 10:56 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2017-03-07 10:56 - 2016-03-22 11:02 - 00036824 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2017-03-07 10:56 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2017-03-07 10:55 - 2017-03-07 10:56 - 00000000 ____D C:\Users\Bernard\AppData\LocalLow\IObit
2017-03-07 10:55 - 2017-03-07 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-03-07 10:54 - 2017-03-07 18:45 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\IObit
2017-03-07 09:48 - 2017-03-07 09:48 - 00000000 ____D C:\Users\Bernard\Documents\Amanote
2017-03-07 09:46 - 2017-03-07 09:46 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amaplex Software
2017-03-07 09:46 - 2017-03-07 09:46 - 00000000 ____D C:\Users\Bernard\AppData\Local\Amanote
2017-03-06 21:50 - 2017-03-06 21:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-06 15:55 - 2017-03-06 15:55 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\WildTangent
2017-02-26 15:41 - 2017-03-06 15:49 - 00000000 ____D C:\Users\Bernard\AppData\Local\LOOT
2017-02-25 15:33 - 2017-02-28 11:25 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Bioshock
2017-02-25 15:33 - 2017-02-25 15:56 - 00000000 ____D C:\Users\Bernard\Documents\Bioshock
2017-02-25 13:06 - 2017-02-25 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bioshock
2017-02-15 21:46 - 2017-02-15 21:46 - 00000000 ____D C:\Users\Bernard\Documents\League of Legends
2017-02-14 22:58 - 2017-02-14 22:58 - 00001307 _____ C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bnet.lnk
2017-02-14 09:11 - 2017-02-14 20:31 - 00038448 _____ C:\Users\Bernard\Documents\Drawing1.dwg
2017-02-14 08:55 - 2017-02-14 09:11 - 00000000 ____D C:\Users\Bernard\Documents\AutoCAD Sheet Sets
2017-02-13 22:38 - 2017-02-13 22:38 - 00000000 ____D C:\ProgramData\FLEXnet
2017-02-13 22:36 - 2017-02-13 22:36 - 00000000 ____D C:\Users\Bernard\Documents\Autodesk Application Manager
2017-02-13 22:35 - 2017-02-14 08:54 - 00000000 ____D C:\Users\Bernard\AppData\Local\Autodesk
2017-02-13 22:35 - 2017-02-13 22:35 - 00000000 ____D C:\Users\Bernard\Documents\Inventor Server SDK ACAD 2016
2017-02-13 22:33 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-02-13 22:33 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-02-13 22:33 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-02-13 22:33 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-02-13 22:33 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-02-13 22:33 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-02-13 22:33 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-02-13 22:33 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-02-13 22:33 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-02-13 22:33 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-02-13 22:33 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-02-13 22:33 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-02-13 22:33 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-02-13 22:33 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-02-13 22:33 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-02-13 22:33 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-02-13 22:33 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-02-13 22:33 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-02-13 22:31 - 2017-03-06 15:52 - 00000000 ____D C:\ProgramData\Autodesk
2017-02-13 22:31 - 2017-03-06 15:50 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Autodesk
2017-02-10 19:42 - 2017-02-10 19:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-10 19:42 - 2017-02-10 19:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-09 11:23 - 2017-03-11 16:35 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Racket
2017-02-09 11:10 - 2017-02-09 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Racket

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-03-11 17:35 - 2016-11-18 22:12 - 00000000 ____D C:\Users\Bernard\AppData\LocalLow\Mozilla
2017-03-11 17:34 - 2016-10-01 13:00 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-11 17:32 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-11 17:24 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-03-11 17:16 - 2016-10-01 13:02 - 01053092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-11 17:16 - 2016-07-16 23:40 - 00576614 _____ C:\WINDOWS\system32\perfh00C.dat
2017-03-11 17:16 - 2016-07-16 23:40 - 00139876 _____ C:\WINDOWS\system32\perfc00C.dat
2017-03-11 17:09 - 2016-11-12 10:41 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-03-11 17:09 - 2016-10-01 13:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-11 17:09 - 2016-10-01 13:02 - 00000000 ____D C:\Users\Bernard
2017-03-11 17:09 - 2016-10-01 13:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-11 17:09 - 2016-10-01 13:01 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-11 17:09 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-11 17:09 - 2016-04-20 18:25 - 00000165 _____ C:\Users\Bernard\AppData\Roaming\sp_data.sys
2017-03-11 16:39 - 2016-05-03 03:51 - 00000000 ____D C:\Users\Bernard\AppData\Local\CrashDumps
2017-03-11 14:37 - 2015-08-18 06:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-11 12:00 - 2016-10-01 13:16 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-03-11 12:00 - 2016-10-01 13:16 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-03-11 10:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-10 15:52 - 2016-04-25 10:06 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-10 15:07 - 2016-07-16 12:43 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2017-03-10 15:07 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-10 06:35 - 2016-04-20 19:35 - 00000000 ____D C:\Users\Bernard\AppData\Local\Battle.net
2017-03-10 06:31 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 14:00 - 2016-04-30 13:37 - 00000000 ____D C:\Users\Bernard\Documents\Visual Studio 2015
2017-03-08 22:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-08 21:57 - 2016-04-20 19:56 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\vlc
2017-03-08 20:12 - 2016-04-20 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-08 20:09 - 2016-04-20 18:25 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Adobe
2017-03-08 19:20 - 2016-11-18 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-07 16:15 - 2016-04-23 11:47 - 00000000 ____D C:\Users\Bernard\AppData\LocalLow\Adobe
2017-03-07 16:15 - 2016-04-23 11:46 - 00000000 ____D C:\Users\Bernard\AppData\Local\Adobe
2017-03-07 16:15 - 2016-04-23 11:46 - 00000000 ____D C:\ProgramData\Adobe
2017-03-07 09:46 - 2016-05-23 10:21 - 00000000 ____D C:\Users\Bernard\AppData\Local\SquirrelTemp
2017-03-06 15:58 - 2016-04-20 18:27 - 00000000 ___RD C:\Users\Bernard\OneDrive
2017-03-06 15:55 - 2015-08-18 06:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-06 15:55 - 2015-08-18 06:28 - 00000000 ____D C:\ProgramData\WildTangent
2017-03-06 15:54 - 2016-10-01 13:00 - 04854040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-06 15:51 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-06 15:48 - 2016-10-21 12:43 - 00000000 ____D C:\Users\Bernard\Documents\My Games
2017-03-06 14:19 - 2017-01-27 11:41 - 00003302 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-01 00:41 - 2016-06-01 01:13 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\tixati
2017-02-28 16:24 - 2016-05-05 12:51 - 00000000 ____D C:\Users\Bernard\AppData\Local\Eclipse
2017-02-28 16:24 - 2016-05-03 13:30 - 00000000 ____D C:\Users\Bernard\.p2
2017-02-26 20:07 - 2016-04-30 14:58 - 00000000 ____D C:\Users\Bernard\Documents\Nexus Mod Manager
2017-02-25 16:03 - 2016-04-24 22:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-25 13:07 - 2016-10-13 22:39 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-24 10:19 - 2016-04-20 19:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 10:18 - 2016-04-20 19:34 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 10:51 - 2016-04-23 11:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-17 14:40 - 2016-10-17 13:19 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Audacity
2017-02-16 01:13 - 2016-10-01 13:16 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-16 01:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 01:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-15 19:32 - 2016-04-21 09:23 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Riot Games
2017-02-13 19:44 - 2016-04-21 10:43 - 00000000 ____D C:\Users\Bernard\AppData\Local\ElevatedDiagnostics
2017-02-12 22:56 - 2016-04-22 20:01 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Skype
2017-02-11 04:47 - 2016-08-27 18:03 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\WebTorrent
2017-02-11 04:47 - 2016-08-27 18:03 - 00000000 ____D C:\Users\Bernard\AppData\Local\WebTorrent
2017-02-11 02:59 - 2016-08-27 18:03 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebTorrent

==================== Fichiers à la racine de certains dossiers =======

2016-08-26 20:34 - 2016-08-26 20:34 - 0000132 _____ () C:\Users\Bernard\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2016-07-06 00:15 - 2017-01-30 19:14 - 0000132 _____ () C:\Users\Bernard\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-23 17:13 - 2017-01-28 09:45 - 0000034 _____ () C:\Users\Bernard\AppData\Roaming\AdobeWLCMCache.dat
2016-10-16 14:25 - 2016-10-16 15:16 - 0000490 _____ () C:\Users\Bernard\AppData\Roaming\CascView.ini
2016-04-20 18:25 - 2017-03-11 17:09 - 0000165 _____ () C:\Users\Bernard\AppData\Roaming\sp_data.sys
2016-06-01 01:18 - 2016-06-01 01:20 - 0010991 _____ () C:\Users\Bernard\AppData\Roaming\tribler.exe.log
2016-10-06 18:22 - 2016-10-06 18:22 - 305520897 _____ () C:\Users\Bernard\AppData\Local\ACCCx3_8_0_310.zip.aamdownload
2016-10-06 18:22 - 2016-10-06 18:22 - 0003413 _____ () C:\Users\Bernard\AppData\Local\ACCCx3_8_0_310.zip.aamdownload.aamd
2016-08-26 20:29 - 2017-01-28 09:50 - 0001456 _____ () C:\Users\Bernard\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-11-03 17:49 - 2016-11-03 17:49 - 0002450 _____ () C:\Users\Bernard\AppData\Local\recently-used.xbel
2017-03-11 14:35 - 2017-03-11 15:56 - 0007603 _____ () C:\Users\Bernard\AppData\Local\Resmon.ResmonCfg
2016-10-01 13:01 - 2016-10-01 13:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Certains fichiers dans TEMP:
====================
2017-03-11 17:13 - 2016-11-11 11:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Bernard\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2017-03-08 16:15

==================== Fin de FRST.txt ============================

 

Addition.txt

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Exécuté par Jean-Michel Crapaud (11-03-2017 17:36:17)
Exécuté depuis C:\Users\Bernard\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-01 12:17:01)
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================

Administrateur (S-1-5-21-2792659385-62999317-2928674910-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2792659385-62999317-2928674910-503 - Limited - Disabled)
Invité (S-1-5-21-2792659385-62999317-2928674910-501 - Limited - Disabled)
Jean-Michel Crapaud (S-1-5-21-2792659385-62999317-2928674910-1001 - Administrator - Enabled) => C:\Users\Bernard

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

7GIF (HKLM\...\{D27A1E28-51AD-4CB7-9AAD-11D8DDA3B619}_is1) (Version: 1.2.0.1280 - Xtreme-LAb®)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC5}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Amanote (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Amanote) (Version: 0.9.7 - Amaplex Software)
amulesw (HKLM-x32\...\{13D7C2E9-08E7-4889-94FF-87E707184E53}) (Version: 1.0.7 - amules) <==== ATTENTION
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Apowersoft Online Launcher version 1.4.4 (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.4 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
AssaultCube v1.2.0.2 (HKLM-x32\...\AssaultCube) (Version: 1.2.0.2 - )
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.97 - ICEpower a/s)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BikaQ Rss (HKLM-x32\...\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}) (Version: - ) <==== ATTENTION
Bioshock version 1.1.0.0 (HKLM-x32\...\Bioshock_is1) (Version: 1.1.0.0 - Mr DJ)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blisk (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Blisk) (Version: 0.59.2490.71 - Blisk)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CMake (HKLM-x32\...\{39237166-D5CD-4F15-AC14-83287D8F372D}) (Version: 3.5.2 - Kitware)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.19.1 (x32 Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free YouTube Downloader 4.1.509 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.24.627 - Digital Wave Ltd)
Freemake Audio Converter version 1.1.8 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.8 - Ellora Assets Corporation)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Git version 2.10.0 (HKLM\...\Git_is1) (Version: 2.10.0 - The Git Development Community)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version: - Ansgar Becker)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Instagiffer version 1.75 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.75 - Justin Todd)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
IZArc 4.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.2 - Ivan Zahariev)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 91 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180910}) (Version: 8.0.910.14 - Oracle Corporation)
Kit de développement logiciel (SDK) Microsoft .NET Framework 4.6.1 (Français) (HKLM-x32\...\{9369E1F2-44C9-4864-843E-159725E660CB}) (Version: 4.6.01055 - Microsoft Corporation)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (Français) (HKLM-x32\...\{AD054CB0-F527-48AD-832B-E65D46237C88}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCEL) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM-x32\...\Office14.POWERPOINT) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB RC0 (HKLM\...\{9CED5D08-5664-4668-A927-CD6C60C4175D}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (HKLM-x32\...\{948B5F49-A57E-46B4-9F1E-145D7A9E66D7}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (x64) (HKLM\...\{F6F8053F-D328-4ACA-93A1-A49E495899F2}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service RC0 (HKLM-x32\...\{1852BD30-570B-4E47-8752-461448E8E250}) (Version: 13.0.12000.52 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom RC0 (HKLM\...\{D9F55D00-A8AB-4518-A56E-D9D5E615542A}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60311.1) (HKLM-x32\...\{28292CA9-8D65-4E37-95A3-753EEB38F122}) (Version: 14.0.60311.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM\...\{495CC0B4-D4C3-4D87-8317-F66BA48C5552}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM-x32\...\{3A87F9F2-D65D-4BA9-8459-E5BBE31EA64D}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ vNext Redistributable (x86) - 14.10.24629 (HKLM-x32\...\{7d9c81d7-a921-4503-8518-38fc0c94b692}) (Version: 14.10.24629.0 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 (HKLM-x32\...\{aaff6d8c-30d0-4446-82ae-1f1650eab4b9}) (Version: 14.0.23107.178 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 with Update 3 (HKLM-x32\...\{71688083-99e8-4e10-9522-8e98a130c438}) (Version: 12.0.30723 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Mumble 1.3.0 (HKLM\...\{3762C24D-5EED-4EE6-B719-5E606E11E487}) (Version: 1.3.0 - The Mumble Developers)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.19.0) (Version: 4.0.19.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.19.0 - Locktime Software) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenSSL 1.0.2h (64-bit) (HKLM\...\OpenSSL (64-bit)_is1) (Version: - OpenSSL Win64 Installer Team)
osu! (HKLM-x32\...\{d6cfd292-21e7-4a8f-8b35-dd9bf1190d7b}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Popcorn-Time (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT RC0 (HKLM-x32\...\{AB72EB1C-9CF4-4274-984D-5EDA8BF37A08}) (Version: 13.0.1100.286 - Microsoft Corporation)
Python 2.7 pygtk-2.24.0 (HKLM-x32\...\pygtk-py2.7) (Version: - )
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Quartus II 11.0 Web Edition (HKLM-x32\...\{02690396-E5D9-42C7-AFBE-4D80DAD1822C}) (Version: - )
Racket v6.8 (x86_64) (HKLM-x32\...\Racket-x86_64-6.8) (Version: 6.8 - PLT Design Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7599 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25126 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2013.11 - Nils Maier)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.0 - IObit)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 2 (x32 Version: 14.95.25118 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Witness (HKLM\...\dGhld2l0bmVzcw_is1) (Version: 1 - )
Tixati (HKLM-x32\...\tixati) (Version: - )
TorrentsTime Media Player (HKLM\...\TorrentsTime Media Player_is1) (Version: 1.1.9.7 - Torrents Time)
Tribler (HKLM-x32\...\Tribler) (Version: 6.5.1 - The Tribler Team)
TypeScript Power Tool (x32 Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.30.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update_msi (HKLM-x32\...\{59B5A9CD-253D-4C41-A073-B387D4C9672D}) (Version: 1.0.0 - Default Company Name)
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.4 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\{c77cb28d-ddd3-46f7-b51a-14a599127ba7}) (Version: 3.2.3.4 - VASCO Data Security)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.18a - IDRIX)
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebTorrent (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\WebTorrent) (Version: 0.18.0 - WebTorrent, LLC)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WiX Toolset v3.10 Core (x32 Version: 3.10.3007 - .NET Foundation) Hidden
WiX Toolset v3.10 Managed SDK (x32 Version: 3.10.3007 - .NET Foundation) Hidden
WiX Toolset v3.10 Native 2015 SDK (x32 Version: 3.10.3007 - .NET Foundation) Hidden
WiX Toolset v3.10 Visual Studio Integration (x32 Version: 3.10.3007 - .NET Foundation) Hidden
WiX Toolset v3.10 X64 (Version: 3.10.3007 - .NET Foundation) Hidden
WiX Toolset v3.10.3.3007 (HKLM-x32\...\{d812c5ae-99d2-4e55-b7f0-d73e687f1069}) (Version: 3.10.3.3007 - .NET Foundation)
Wwise Launcher (HKLM-x32\...\{3C824A97-6066-4179-87F7-406EFE8EC961}) (Version: 16.12.13.546 - Audiokinetic Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)

==================== Personnalisé CLSID (Avec liste blanche): ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> D:\Programs\Autodesk\AutoCAD 2016\acad.exe /Automation => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> D:\Programs\Autodesk\AutoCAD 2016\acad.exe => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Pas de (l'élément de données a 8 caractères en plus).
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> D:\Programs\Autodesk\AutoCAD 2016\acad.exe /Automation => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Pas de (l'élément de données a 8 caractères en plus).
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Pas de (l'élément de données a 8 caractères en plus).
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Pas de (l'élément de données a 8 caractères en plus).
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\Bernard\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll (VASCO Data Security)
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Programs\Autodesk\AutoCAD 2016\en-US\acadficn.dll => Pas de fichier

==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {09F00F5B-168C-438A-BF9D-07EE65DAC659} - \9143B8360B8160r2323-dll -> Pas de fichier <==== ATTENTION
Task: {0F71139B-44DA-4814-95B3-36544058B19C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {11ECFA2A-2579-424C-936E-AC88E6E7EBCF} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {12168201-5953-41C4-8860-71103A67AD03} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {1FFB95FA-34B1-4412-B041-E88B6314B0F8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {210C10D7-5D4C-4387-A0F7-3FB3D2CF9184} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {26713E49-3E24-4E22-B91F-312F5778DDC3} - \manager -> Pas de fichier <==== ATTENTION
Task: {275FC4DC-0A54-402A-9EDD-0D51B91C51FB} - \firefox -> Pas de fichier <==== ATTENTION
Task: {2B87FDF9-B9DF-4CD4-9DF1-50FBE78A69CE} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {32AAA3BF-B4C2-4979-B834-BC39BBA1C653} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-09-03] (Realtek Semiconductor)
Task: {46FFA8F1-A71D-4889-A0E6-E43E3CB58C56} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-28] (Dropbox, Inc.)
Task: {4EC210E5-B235-4137-BBD2-427C62C854F0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-28] (Dropbox, Inc.)
Task: {51ED882E-8978-4F18-96F8-628BE5329D8A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-06-30] (AsusTek)
Task: {537F6342-8E96-49F9-B2EB-7E1B07321FCE} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {6D50B90D-5BD2-469A-A5A3-D23728251E2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-10] (Google Inc.)
Task: {6DFB6580-98CC-48C0-93A1-6A6F81A548C0} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {7584608F-51D3-4FC3-9291-8717262D81F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {781705F7-A1C6-43C4-B5BD-86166C577FA3} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ATTENTION
Task: {7A36BC34-7ACC-4C8B-8697-AFDA519761AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {7C720513-3134-4668-A97E-BA9D80397A73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-10] (Google Inc.)
Task: {7C92670C-495F-41CE-9845-411809803411} - \updater -> Pas de fichier <==== ATTENTION
Task: {8379CE09-6581-4A5F-AA30-B0FE1CF4C6FB} - System32\Tasks\SmartDefrag_Update => D:\Programs\Smart Defrag\AutoUpdate.exe [2017-02-17] (IObit)
Task: {9FBC163F-0316-4AA2-A02B-36315647959D} - System32\Tasks\Qertochreewile Server => C:\Program Files (x86)\Drjother\xchpogh.exe
Task: {AD201924-97CB-4641-AB9A-627F942AC195} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {BE4AB1FA-6C8E-4BF4-95DE-2ECB26572247} - \boustrocode -> Pas de fichier <==== ATTENTION
Task: {CDA891B3-8971-4765-BCD7-CA021139E6F2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Pas de fichier <==== ATTENTION
Task: {E5F993D8-F518-4B34-88E5-896FDB30EE3B} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Programs\VisualStudio\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation)
Task: {ED8AB50B-648D-47F6-94E4-B53B56F608E7} - System32\Tasks\IObitSelfCheckTask => D:\Programs\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {F24C54BB-60DE-4B9B-8312-EFE2CFDB8014} - \Rercagerejek -> Pas de fichier <==== ATTENTION
Task: {F31F623D-9278-4441-A7B3-B33AD45B396E} - \9143B8360B8160r2323 -> Pas de fichier <==== ATTENTION
Task: {FD28FE43-1CC3-4F86-87F3-381704EE1AB4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-09-03] (Realtek Semiconductor)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Raccourcis =============================

(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

Shortcut: C:\Users\Bernard\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm

==================== Modules chargés (Avec liste blanche) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 19:14 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-19 10:11 - 2015-05-19 10:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2016-05-02 01:35 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-10-01 13:01 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-13 19:14 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-04-23 10:38 - 2012-07-20 12:39 - 02469888 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2015-09-07 03:04 - 2016-11-30 21:57 - 00401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-01 13:57 - 2016-10-01 13:57 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 16:15 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 16:15 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 16:15 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 16:15 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 16:15 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 16:15 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 16:37 - 2017-02-22 16:37 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 16:37 - 2017-02-22 16:37 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 16:37 - 2017-02-22 16:37 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 21:08 - 2017-02-06 21:08 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-02 10:53 - 2017-03-02 10:54 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-03-02 10:53 - 2017-03-02 10:54 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-03-02 10:53 - 2017-03-02 10:54 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-06-03 10:57 - 2016-06-03 10:58 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-03-02 10:53 - 2017-03-02 10:54 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-03-02 10:53 - 2017-03-02 10:54 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-04-20 19:37 - 2016-04-20 19:37 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-03-09 07:29 - 2017-03-09 07:29 - 01710080 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe\HxMail.exe
2017-03-09 07:29 - 2017-03-09 07:29 - 13327552 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2016-06-30 18:04 - 2016-06-27 13:52 - 00112552 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-06-30 18:04 - 2016-06-27 13:52 - 00105896 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-06-30 18:04 - 2016-06-27 13:52 - 00021928 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-06-30 18:04 - 2016-06-27 13:52 - 00045992 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-02-02 21:59 - 2017-01-17 16:20 - 03843584 _____ () C:\Program Files (x86)\TorrentsTime Media Player\bin\torrent.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-11-24 19:47 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-07 02:09 - 2015-08-07 02:09 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)


==================== Mode sans échec (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)


==================== Association (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)

HKU\S-1-5-21-2792659385-62999317-2928674910-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer sites de confiance/sensibles ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)


==================== Hosts contenu: ==========================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2015-07-10 12:04 - 2016-04-23 17:09 - 00001030 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

==================== Autres zones ============================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKU\S-1-5-21-2792659385-62999317-2928674910-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\Wallpapers\EdinburghNight.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.

==================== MSCONFIG/TASK MANAGER éléments désactivés ==

MSCONFIG\Services: lfsvc => 3
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== RèglesPare-feu (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{0D2477E8-5638-43C8-8E07-235D61880769}D:\games\assaultcube\bin_win32\ac_server.exe] => (Allow) D:\games\assaultcube\bin_win32\ac_server.exe
FirewallRules: [TCP Query User{E463214A-D4AB-41CA-9DCA-01F972F94214}D:\games\assaultcube\bin_win32\ac_server.exe] => (Allow) D:\games\assaultcube\bin_win32\ac_server.exe
FirewallRules: [UDP Query User{3B03F5D1-8C7E-44C8-80DD-C89D8193037F}C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe
FirewallRules: [TCP Query User{6972D8BB-B14F-45BD-8D74-03A2E0370CC7}C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe
FirewallRules: [UDP Query User{C8537B6E-9099-47C1-9D48-DE62CCA1ACBD}D:\programs\popcorntime\nw.exe] => (Allow) D:\programs\popcorntime\nw.exe
FirewallRules: [TCP Query User{89520622-8CD8-4B9C-99D0-58B2C06D3328}D:\programs\popcorntime\nw.exe] => (Allow) D:\programs\popcorntime\nw.exe
FirewallRules: [UDP Query User{E66B562D-05B6-485F-84EC-31B7D2C16023}C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe
FirewallRules: [TCP Query User{3C859870-BD11-4564-9613-FED00E5377F1}C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe
FirewallRules: [UDP Query User{67961530-7FA4-4410-B242-08CA769D1733}C:\users\bernard\desktop\zerobundle\python\python.exe] => (Allow) C:\users\bernard\desktop\zerobundle\python\python.exe
FirewallRules: [TCP Query User{40622EC6-3346-46E7-9FFD-F08E36E3BE06}C:\users\bernard\desktop\zerobundle\python\python.exe] => (Allow) C:\users\bernard\desktop\zerobundle\python\python.exe
FirewallRules: [UDP Query User{68848D9A-B6FB-4B6D-94CB-B81FA2E4AA54}D:\programs\matlab\bin\win64\matlab.exe] => (Block) D:\programs\matlab\bin\win64\matlab.exe
FirewallRules: [TCP Query User{D4925BE8-C780-4915-AF38-98DBD72C4C72}D:\programs\matlab\bin\win64\matlab.exe] => (Block) D:\programs\matlab\bin\win64\matlab.exe
FirewallRules: [UDP Query User{5C337599-0A71-4794-BA65-00E078AB7B65}D:\programs\tixati\tixati.exe] => (Allow) D:\programs\tixati\tixati.exe
FirewallRules: [TCP Query User{E930069F-0A90-4C6B-967E-79605DE804D0}D:\programs\tixati\tixati.exe] => (Allow) D:\programs\tixati\tixati.exe
FirewallRules: [UDP Query User{9A708FC5-BDAC-4C36-97CA-DBCF8CBE621C}D:\programs\deluge\deluged.exe] => (Allow) D:\programs\deluge\deluged.exe
FirewallRules: [TCP Query User{92F2FB31-CC9C-4846-9630-725E1BD981C7}D:\programs\deluge\deluged.exe] => (Allow) D:\programs\deluge\deluged.exe
FirewallRules: [{E8B3FC38-4105-427C-AAE8-7992836D1C3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D4E89A81-AD31-4741-A2BE-77339FD22BB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A1EBA3CC-3BBD-4CD4-AFA8-8E9A7181D666}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D762D88C-52A5-4ED7-9750-CB6280111261}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{918C12DF-40CE-41DC-A5E1-8CB2108A2486}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5E65F483-1E60-4EF5-9988-6DA2B866E3D2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8E502335-6DDB-4054-97FE-AE71C63C28EA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A788445D-B071-47EE-B318-ABD434A02592}] => (Allow) C:\Program Files (x86)\Tribler\tribler.exe
FirewallRules: [{00E93B83-E71B-4B4B-A615-8E8B1F3B4830}] => (Allow) C:\Program Files (x86)\Tribler\tribler.exe
FirewallRules: [{C52A3ABC-2408-4A51-A7D9-6020A859AAC1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04CFFC58-E67D-4085-A023-FA5E0978463F}] => (Allow) LPort=5000
FirewallRules: [{F1EC17C4-C5AD-4AEB-B049-052560EEB005}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{4E1C8556-5C84-4E0E-8F78-7DE466F261F3}C:\program files (x86)\tribler\tribler.exe] => (Allow) C:\program files (x86)\tribler\tribler.exe
FirewallRules: [UDP Query User{C1DBE531-E32D-4358-8469-2648E75F2F81}C:\program files (x86)\tribler\tribler.exe] => (Allow) C:\program files (x86)\tribler\tribler.exe
FirewallRules: [{C653BE90-E223-425D-87CE-BA2BB8F2A15C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34F2AC2B-E5A4-469F-B93D-067A60F725D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{870A0071-E3E9-4260-B8BB-487444E7752D}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [UDP Query User{37745461-C47E-440D-9677-EA9CFD1F8205}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [TCP Query User{689FCA0D-E43D-40FE-8A78-F06F6C8A3C26}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{96E7FB29-C4C3-467F-AB9E-8F6F3B3D5B04}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [{82908F8C-442F-469B-8298-31E16152D0E7}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{0875C0D1-F1CF-4D14-A547-E52CF854FD40}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{4101852C-6DD7-44BE-925C-DA9CE820B76F}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{67469939-FF9A-4794-A074-043D61E08741}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{060B08D9-5EC3-46F2-AB64-CF2C3A8443BD}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{A38CB6BF-4706-496D-A541-E469932DF000}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{9C1A40D3-C967-414B-8AC9-650551AD9C34}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{37A8000C-0489-4258-A4A1-B481A9CD3980}D:\programs\matlab\bin\win64\matlab.exe] => (Block) D:\programs\matlab\bin\win64\matlab.exe
FirewallRules: [UDP Query User{217541C3-A312-4BA4-B4A2-3372640BCBDE}D:\programs\matlab\bin\win64\matlab.exe] => (Block) D:\programs\matlab\bin\win64\matlab.exe
FirewallRules: [TCP Query User{00EF37B2-3EB8-495C-A968-794EE33CC661}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{36621540-60E3-4748-8010-9247C6951029}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [{A7A59067-06CA-48CE-B798-E74033CB34E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2EBEAB7-981C-46F4-A7A7-0B68F365A965}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4BADE8E-E02B-4B9F-91E0-A43A183CF7C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E9BAA407-07B5-40FC-9BB0-E6433AB00A12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{C4C2359C-2CB9-4C30-91CB-7AFEAB90B949}C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe
FirewallRules: [UDP Query User{7434BB7D-48CA-4945-83BA-0EF158CFD540}C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe
FirewallRules: [TCP Query User{E0D3C6A8-23B2-46A8-83B1-EDCD9DDE3EF9}C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe
FirewallRules: [UDP Query User{FB26FA68-FA1E-4030-9B41-2F222B36C122}C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe
FirewallRules: [TCP Query User{696C3689-F155-4029-94F0-5EE383EA2E4A}C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe
FirewallRules: [UDP Query User{62B81FD1-CFAA-4718-8AEC-F88EF93AD243}C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe
FirewallRules: [TCP Query User{AB7B46E4-A8FC-4CD3-AC59-724196F305A3}C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe
FirewallRules: [UDP Query User{83FEAA0A-BC1B-42AD-B0CC-F5B706EF8875}C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe
FirewallRules: [TCP Query User{369943DF-A3C5-49B9-8F23-478E2E90062D}D:\games\hearthstone\battle.net\battle.net.8098\battle.net.exe] => (Allow) D:\games\hearthstone\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{8891662F-E1CF-4BCC-94B5-C5A753C13C12}D:\games\hearthstone\battle.net\battle.net.8098\battle.net.exe] => (Allow) D:\games\hearthstone\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{082772CF-B87C-4495-B317-44CC69E21E30}D:\games\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{63B65268-6E9F-4334-9DFF-585A364B69D0}D:\games\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{CEF2CA27-8AAF-4DB3-8F73-7C55F491C7D3}D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AB2F54B4-0672-4194-89DB-EE0FC50D83FF}D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [{EC2770D7-2330-4025-AAA1-58747F07F220}] => (Allow) D:\Programs\Itunes\iTunes.exe
FirewallRules: [{EFF11EBD-20D5-4AB2-B9E1-7D96B589E59F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
FirewallRules: [{13226D6A-B628-4E3C-8B62-6DCD5084B309}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
FirewallRules: [{E964785F-BFF6-4B20-B5AB-989CE62C4D1F}] => (Allow) C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe
FirewallRules: [{ADDE1004-630C-4C2A-978A-833755360E22}] => (Allow) C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe
FirewallRules: [{612F17E8-F9FC-4D09-8EFB-00632A763162}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{4A7971E6-1DA0-42AC-AADF-C3215C938B31}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{80705D78-44D3-4217-9AB1-759A5E761655}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{53ED7802-F88A-4C8C-A27F-F28FF3678D48}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{1F9EFA76-A316-4EF0-B6C1-ED301C24E4B1}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{DD09D58C-8D76-4636-B268-C45B405044E2}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{29F186B0-811E-4FD4-97EC-96DE955AE34E}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{9D55E9F3-D757-472F-9AD4-206DE87E04E6}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BDCAABC8-1989-4A27-847D-5D448AD8391F}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{61BE3CC9-9947-407C-A65A-97CD617F4F64}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Points de restauration =========================

11-03-2017 16:38:54 zoek.exe restore point

==================== Éléments en erreur du Gestionnaire de périphériques =============


==================== Erreurs du Journal des événements: =========================

Erreurs Application:
==================
Error: (03/11/2017 05:34:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Programs\VisualStudio\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/11/2017 05:33:50 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (03/11/2017 05:14:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Programs\VisualStudio\VC\redist\1033\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/11/2017 05:09:30 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry information for WSearchIdxPi for instance due to the following error: The operation completed successfully. 0x0.

Error: (03/11/2017 05:09:30 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalogue

Error: (03/11/2017 05:09:30 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (03/11/2017 05:09:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x582c4836
Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp: 0x58256d37
Exception code: 0xe0434352
Fault offset: 0x000da832
Faulting process ID: 0xb80
Faulting application start time: 0x01d29a81d844fef4
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 0b1f08cc-8e58-4cbf-967f-ecf56682ce5f
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2017 05:09:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/11/2017 04:39:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffeee2633a8
Faulting process ID: 0x2c58
Faulting application start time: 0x01d29a7d9cb08025
Faulting application path: C:\Users\Bernard\AppData\Local\Temp\DaS_21.exe
Faulting module path: unknown
Report ID: 87068042-f46e-4124-8839-3917bc7155a8
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2017 04:39:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at DriverAndServicesOut.GetProcess.GetPathName(System.String)
at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
at DriverAndServicesOut.Program.Main(System.String[])


Erreurs système:
=============
Error: (03/11/2017 05:09:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 05:09:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 05:09:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 05:09:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 05:09:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 05:09:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 05:09:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinSnare service terminated with the following error:
The specified module could not be found.

Error: (03/11/2017 05:08:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 04:50:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/11/2017 04:50:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


CodeIntegrity:
===================================
Date: 2017-03-09 18:25:16.163
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-08 23:52:48.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-08 16:15:36.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-07 18:06:16.249
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-28 12:57:44.949
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-26 14:13:10.918
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-13 22:47:44.846
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-07 16:43:03.816
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-30 17:19:50.501
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-29 19:36:39.122
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Infos Mémoire ===========================

Processeur: Intel® Core™ i7-4750HQ CPU @ 2.00GHz
Pourcentage de mémoire utilisée: 23%
Mémoire physique - RAM - totale: 16273 MB
Mémoire physique - RAM - disponible: 12465.07 MB
Mémoire virtuelle totale: 17297 MB
Mémoire virtuelle disponible: 13934.46 MB

==================== Lecteurs ================================

Drive c: (OS) (Fixed) (Total:118.48 GB) (Free:44.26 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:599.05 GB) NTFS

==================== MBR & Table des partitions ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 378EBD61)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: ECDF7353)

Partition: GPT.

==================== Fin de Addition.txt ============================

 

I think that's all! Hope it actually was the way you wanted logs to be formatted. If not just say so. :)

Thanks again.

 

 

 

P.S.I: In case you'd prefer actual logs :

1) http://pastebin.com/tDMA8nSA

2) http://pastebin.com/HGy4BJB3

3) http://pastebin.com/G9vQwP9f

4) http://pastebin.com/w9PiMydH

 

P.S.II: I just noticed the two last logs were in French. No idea why though I just downloaded FRST from your link, so maybe it is the way it is supposed to be?


Edited by UnhappyCyborg, 11 March 2017 - 01:26 PM.


#9 satchfan

satchfan

  • Malware Response Team
  • 2,850 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:04 AM

Posted 11 March 2017 - 12:19 PM

I just noticed the two last logs were in French. No idea why though I just downloaded FRST from your link, so maybe it is the way it is supposed to be?

 

No problem.

 

Hope it actually was the way you wanted logs to be formatted.

 

In future, I'd prefer if you copy/paste the results into your reply.

 

I'll check your logs when I return and send the next set of instructions later.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 UnhappyCyborg

UnhappyCyborg
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 11 March 2017 - 12:28 PM

You mean without spoilers in, like, a code container? Fare well.



#11 satchfan

satchfan

  • Malware Response Team
  • 2,850 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:04 AM

Posted 11 March 2017 - 12:46 PM

You mean without spoilers in, like, a code container?

 

 

No. When a log opens in Notepad, highlight it all, (Ctrl+A), then copy it and paste it directly into your post.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 UnhappyCyborg

UnhappyCyborg
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 11 March 2017 - 01:26 PM

Oh, right. Edited first post to comply with this standard.



#13 satchfan

satchfan

  • Malware Response Team
  • 2,850 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:04 AM

Posted 11 March 2017 - 06:11 PM

There are definitely many infections on your computer but you may have illegal software on it and, besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code. If that is the case, that is probably how it became infected.

Continuing to help you could be viewed as supporting/condoning this so if you want to continue, I need you to uninstall all the illegal software that you have downloaded and installed.

 

When you have done that, do the following:

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

CKFiles.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 UnhappyCyborg

UnhappyCyborg
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 11 March 2017 - 06:39 PM

Hi again,

 

Allright then *starts crying*. Removed all illegal software.

 

ckfiles.txt

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\git\usr\bin\ssh-keygen.exe
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
c:\program files (x86)\tribler\twisted\conch\scripts\ckeygen.pyo
c:\program files (x86)\tribler\twisted\conch\test\test_ckeygen.pyo
scanner sequence 3.DF.11.VKAPGZ
 ----- EOF -----
 

FRST.txt

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Exécuté par Jean-Michel Crapaud (administrateur) sur BERNARD (12-03-2017 00:55:08)
Exécuté depuis C:\Users\Bernard\Desktop
Profils chargés: Jean-Michel Crapaud (Profils disponibles: Jean-Michel Crapaud)
Platform: Windows 10 Home Version 1607 (X64) Langue: French (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IEC) C:\Program Files (x86)\BikaQRss\BikaQ.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TorrentsTime) C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Copyright 2017.) D:\Programs\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) D:\Programs\Itunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Copyright 2017.) D:\Programs\Zemana AntiMalware\ZAM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(hxxp://www.amuleall.org/) C:\Program Files (x86)\amulell\ed2k.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-01] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [iTunesHelper] => D:\Programs\Itunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [ZAM] => D:\Programs\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\RunOnce: [Uninstall C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\RunOnce: [Uninstall C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\MountPoints2: {a460b90a-2572-11e6-8f67-7c5cf849ee99} - "F:\BioPrint.exe"
HKLM\...\Providers\l5g3jx5f: C:\Program Files (x86)\Qertochreewile Server\local64spl.dll
ShellExecuteHooks: Pas de nom - {39BE6DD8-FFDC-11E6-B0D9-64006A5CFC23} - C:\Users\Bernard\AppData\Roaming\Coabesedapy\Pedotion.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Pas de fichier

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6294c69e-c4d6-4c59-9dfd-1b863750bd2e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7a7a659-660b-4bc5-8879-07c85ed745e0}: [DhcpNameServer] 62.197.111.140 109.88.203.3

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope la valeur est absente
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2792659385-62999317-2928674910-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2792659385-62999317-2928674910-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> D:\Programs\VisualStudio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466 [2017-03-12]
FF Homepage: Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466 -> about:home
FF Extension: (uBlock Origin) - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466\Extensions\uBlock0@raymondhill.net.xpi [2017-03-08]
FF Extension: (iMacros for Firefox) - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\qarxcnrs.default-1489000847466\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2017-03-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2792659385-62999317-2928674910-1001: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [2017-01-17] (Torrents Time)
FF Plugin HKU\S-1-5-21-2792659385-62999317-2928674910-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\Bernard\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll [2014-10-27] (VASCO Data Security)
FF Plugin HKU\S-1-5-21-2792659385-62999317-2928674910-1001: vasco.com/VascoCardReaderPlugin64 -> C:\Users\Bernard\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll [2014-10-27] (VASCO Data Security)

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-28] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [384512 2016-06-27] (Digital Wave Ltd.) [Fichier non signé]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 ed2kidle; C:\Program Files (x86)\amulell\ed2k.exe [214528 2017-03-10] (hxxp://www.amuleall.org/) [Fichier non signé]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2016-11-16] (Freemake) [Fichier non signé]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [Fichier non signé]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Fichier non signé]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [Fichier non signé]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [323824 2016-03-16] (Locktime Software)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Fichier non signé]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Fichier non signé]
R2 TTService; C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3278336 2017-01-27] (TorrentsTime) [Fichier non signé]
S3 VSStandardCollectorService140; D:\Programs\VisualStudio\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSnare; C:\Users\Bernard\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-10] (InterSect Alliance Pty Ltd) [Fichier non signé] <==== ATTENTION
R2 ZAMSvc; D:\Programs\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUS Corporation)
S3 blackberryncm; C:\WINDOWS\System32\drivers\blackberryncm6_AMD64.sys [36360 2016-04-24] (BlackBerry)
S3 BrSerIf; C:\WINDOWS\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-04-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-04-23] (Disc Soft Ltd)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-03-07] (REALiX™)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
R1 MpKslec17fda1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA1D1EA4-57B2-4DA3-8B3B-F6ADC1514A82}\MpKslec17fda1.sys [44928 2017-03-12] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3515664 2016-01-29] (Intel Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [128328 2016-03-16] (Locktime Software)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_09482e89528c3434\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2016-04-24] (Research In Motion Limited)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-07-28] (Realtek                                            )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [Fichier non signé]
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [437160 2016-09-11] (IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-08] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-03-12 00:54 - 2017-03-12 00:55 - 00027308 _____ C:\Users\Bernard\Desktop\FRST.txt
2017-03-12 00:52 - 2017-03-12 00:52 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-12 00:52 - 2017-03-12 00:52 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\aMule
2017-03-12 00:52 - 2017-03-12 00:52 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-12 00:51 - 2017-03-12 00:51 - 00003326 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-12 00:51 - 2017-03-12 00:51 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\WinSnare
2017-03-12 00:51 - 2017-03-12 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-03-12 00:51 - 2017-03-12 00:51 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.8)
2017-03-12 00:51 - 2017-03-12 00:51 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-12 00:30 - 2017-03-12 00:30 - 00000373 _____ C:\Users\Bernard\Desktop\ckfiles.txt
2017-03-12 00:28 - 2017-03-12 00:28 - 02424320 _____ (Farbar) C:\Users\Bernard\Desktop\FRST64.exe
2017-03-12 00:28 - 2017-03-12 00:28 - 00468480 _____ () C:\Users\Bernard\Desktop\CKScanner.exe
2017-03-11 21:54 - 2017-03-11 22:00 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\discord
2017-03-11 19:46 - 2017-03-12 00:52 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-11 17:35 - 2017-03-12 00:55 - 00000000 ____D C:\FRST
2017-03-11 17:14 - 2017-03-11 17:14 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-11 17:13 - 2017-03-11 17:34 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-11 17:13 - 2017-03-11 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-11 17:13 - 2017-03-11 17:13 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-11 16:53 - 2017-03-11 16:37 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-03-11 16:37 - 2017-03-11 16:50 - 00000000 ____D C:\zoek_backup
2017-03-11 14:37 - 2017-03-11 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-11 14:35 - 2017-03-11 15:56 - 00007603 _____ C:\Users\Bernard\AppData\Local\Resmon.ResmonCfg
2017-03-10 15:47 - 2017-03-10 15:47 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-10 15:47 - 2017-03-10 15:47 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-10 15:46 - 2017-03-10 15:46 - 00000388 _____ C:\WINDOWS\SysWOW64\data.bin
2017-03-10 13:35 - 2017-03-10 13:35 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-03-09 10:15 - 2017-03-11 19:45 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-03-09 10:15 - 2017-03-09 10:15 - 00000000 ____D C:\Program Files (x86)\l5g3jx5f
2017-03-08 20:25 - 2017-03-08 20:25 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-03-08 20:18 - 2017-03-08 20:18 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-03-08 20:15 - 2017-03-08 20:15 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-03-08 20:14 - 2017-03-08 20:18 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-08 20:06 - 2017-03-12 00:55 - 00116943 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-08 20:06 - 2017-03-12 00:55 - 00029382 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-08 20:06 - 2017-03-08 20:06 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-08 20:06 - 2017-03-08 20:06 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-08 20:06 - 2017-03-08 20:06 - 00000000 ____D C:\Users\Bernard\AppData\Local\Zemana
2017-03-08 20:06 - 2017-03-08 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-08 19:05 - 2017-03-08 19:05 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2017-03-08 18:46 - 2017-03-12 00:52 - 00000000 ____D C:\Program Files (x86)\Drjother
2017-03-08 18:46 - 2017-03-08 20:12 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Coabesedapy
2017-03-08 18:46 - 2017-03-08 18:46 - 00006102 _____ C:\WINDOWS\System32\Tasks\Qertochreewile Server
2017-03-08 18:45 - 2017-03-08 18:48 - 00000000 ____D C:\Users\Bernard\AppData\Local\FindIp
2017-03-08 13:55 - 2017-03-08 13:55 - 00000000 ____D C:\Users\Bernard\AppData\Local\Steam
2017-03-08 08:58 - 2017-03-11 17:09 - 00000008 __RSH C:\Users\Bernard\ntuser.pol
2017-03-08 00:00 - 2017-03-08 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7GIF
2017-03-07 18:45 - 2017-03-11 17:09 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-07 18:45 - 2017-03-08 20:09 - 00000000 ___HD C:\ProgramData\9143B8360B8160r2323
2017-03-07 18:45 - 2017-03-07 18:45 - 00027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-03-07 18:45 - 2017-03-07 18:45 - 00000000 ____D C:\WINDOWS\IObit
2017-03-07 16:16 - 2017-03-07 16:23 - 00000944 _____ C:\Users\Bernard\Desktop\Spartiti - Shortcut.lnk
2017-03-07 16:16 - 2017-03-07 16:23 - 00000898 _____ C:\Users\Bernard\Desktop\Work - Shortcut.lnk
2017-03-07 16:15 - 2017-03-07 16:24 - 00000923 _____ C:\Users\Bernard\Desktop\Paperasse - Shortcut.lnk
2017-03-07 16:15 - 2017-03-07 16:22 - 00000914 _____ C:\Users\Bernard\Desktop\Prog - Shortcut.lnk
2017-03-07 16:15 - 2017-03-07 16:18 - 00001668 _____ C:\Users\Bernard\Desktop\BATs - Shortcut.lnk
2017-03-07 16:15 - 2017-03-07 16:17 - 00001675 _____ C:\Users\Bernard\Desktop\Notes - Shortcut.lnk
2017-03-07 16:15 - 2017-03-07 16:17 - 00000972 _____ C:\Users\Bernard\Desktop\Graphic Design - Shortcut.lnk
2017-03-07 10:56 - 2017-03-07 18:45 - 00000000 ____D C:\ProgramData\IObit
2017-03-07 10:56 - 2017-03-07 10:56 - 00003110 _____ C:\WINDOWS\System32\Tasks\IObitSelfCheckTask
2017-03-07 10:56 - 2017-03-07 10:56 - 00003106 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2017-03-07 10:56 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2017-03-07 10:56 - 2016-03-22 11:02 - 00036824 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2017-03-07 10:56 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2017-03-07 10:55 - 2017-03-07 10:56 - 00000000 ____D C:\Users\Bernard\AppData\LocalLow\IObit
2017-03-07 10:55 - 2017-03-07 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-03-07 10:54 - 2017-03-07 18:45 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\IObit
2017-03-07 09:48 - 2017-03-07 09:48 - 00000000 ____D C:\Users\Bernard\Documents\Amanote
2017-03-07 09:46 - 2017-03-07 09:46 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amaplex Software
2017-03-07 09:46 - 2017-03-07 09:46 - 00000000 ____D C:\Users\Bernard\AppData\Local\Amanote
2017-03-06 21:50 - 2017-03-06 21:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-06 15:55 - 2017-03-06 15:55 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\WildTangent
2017-02-26 15:41 - 2017-03-06 15:49 - 00000000 ____D C:\Users\Bernard\AppData\Local\LOOT
2017-02-25 15:33 - 2017-02-28 11:25 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Bioshock
2017-02-25 15:33 - 2017-02-25 15:56 - 00000000 ____D C:\Users\Bernard\Documents\Bioshock
2017-02-15 21:46 - 2017-02-15 21:46 - 00000000 ____D C:\Users\Bernard\Documents\League of Legends
2017-02-14 22:58 - 2017-02-14 22:58 - 00001307 _____ C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bnet.lnk
2017-02-14 09:11 - 2017-02-14 20:31 - 00038448 _____ C:\Users\Bernard\Documents\Drawing1.dwg
2017-02-14 08:55 - 2017-02-14 09:11 - 00000000 ____D C:\Users\Bernard\Documents\AutoCAD Sheet Sets
2017-02-13 22:38 - 2017-02-13 22:38 - 00000000 ____D C:\ProgramData\FLEXnet
2017-02-13 22:36 - 2017-02-13 22:36 - 00000000 ____D C:\Users\Bernard\Documents\Autodesk Application Manager
2017-02-13 22:35 - 2017-02-14 08:54 - 00000000 ____D C:\Users\Bernard\AppData\Local\Autodesk
2017-02-13 22:35 - 2017-02-13 22:35 - 00000000 ____D C:\Users\Bernard\Documents\Inventor Server SDK ACAD 2016
2017-02-13 22:33 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-02-13 22:33 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-02-13 22:33 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-02-13 22:33 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-02-13 22:33 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-02-13 22:33 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-02-13 22:33 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-02-13 22:33 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-02-13 22:33 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-02-13 22:33 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-02-13 22:33 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-02-13 22:33 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-02-13 22:33 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-02-13 22:33 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-02-13 22:33 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-02-13 22:33 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-02-13 22:33 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-02-13 22:33 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-02-13 22:31 - 2017-03-06 15:52 - 00000000 ____D C:\ProgramData\Autodesk
2017-02-13 22:31 - 2017-03-06 15:50 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Autodesk
2017-02-10 19:42 - 2017-02-10 19:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-10 19:42 - 2017-02-10 19:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-03-12 00:53 - 2016-11-18 22:12 - 00000000 ____D C:\Users\Bernard\AppData\LocalLow\Mozilla
2017-03-12 00:52 - 2016-11-12 10:41 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-03-12 00:52 - 2016-10-01 13:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-12 00:52 - 2016-10-01 13:02 - 00000000 ____D C:\Users\Bernard
2017-03-12 00:52 - 2016-10-01 13:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-12 00:52 - 2016-10-01 13:01 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-12 00:52 - 2016-10-01 13:00 - 04851632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-12 00:52 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-12 00:52 - 2016-04-20 18:25 - 00000165 _____ C:\Users\Bernard\AppData\Roaming\sp_data.sys
2017-03-12 00:49 - 2016-04-23 16:28 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-03-12 00:48 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-12 00:48 - 2016-02-13 14:01 - 00000000 ____D C:\WINDOWS\ShellNew
2017-03-12 00:26 - 2016-06-14 02:02 - 00000000 ____D C:\Users\Bernard\AppData\Local\Apowersoft
2017-03-11 23:11 - 2016-05-03 03:51 - 00000000 ____D C:\Users\Bernard\AppData\Local\CrashDumps
2017-03-11 21:37 - 2016-04-20 19:35 - 00000000 ____D C:\Users\Bernard\AppData\Local\Battle.net
2017-03-11 19:49 - 2016-10-01 13:02 - 01070556 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-11 19:49 - 2016-07-16 23:40 - 00595498 _____ C:\WINDOWS\system32\perfh00C.dat
2017-03-11 19:49 - 2016-07-16 23:40 - 00148190 _____ C:\WINDOWS\system32\perfc00C.dat
2017-03-11 19:45 - 2017-01-28 09:35 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-11 19:45 - 2016-10-01 13:00 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-11 19:45 - 2016-04-21 02:58 - 00549390 ____N C:\WINDOWS\Minidump\031117-6890-01.dmp
2017-03-11 18:33 - 2017-02-09 11:23 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Racket
2017-03-11 17:32 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-11 17:24 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-03-11 14:37 - 2015-08-18 06:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-11 12:00 - 2016-10-01 13:16 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-03-11 12:00 - 2016-10-01 13:16 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-03-11 10:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-10 15:52 - 2016-04-25 10:06 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-10 15:07 - 2016-07-16 12:43 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2017-03-10 15:07 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-10 06:31 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 14:00 - 2016-04-30 13:37 - 00000000 ____D C:\Users\Bernard\Documents\Visual Studio 2015
2017-03-08 22:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-08 21:57 - 2016-04-20 19:56 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\vlc
2017-03-08 20:12 - 2016-04-20 19:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-08 20:09 - 2016-04-20 18:25 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Adobe
2017-03-08 19:20 - 2016-11-18 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-07 16:15 - 2016-04-23 11:47 - 00000000 ____D C:\Users\Bernard\AppData\LocalLow\Adobe
2017-03-07 16:15 - 2016-04-23 11:46 - 00000000 ____D C:\Users\Bernard\AppData\Local\Adobe
2017-03-07 16:15 - 2016-04-23 11:46 - 00000000 ____D C:\ProgramData\Adobe
2017-03-07 09:46 - 2016-05-23 10:21 - 00000000 ____D C:\Users\Bernard\AppData\Local\SquirrelTemp
2017-03-06 15:58 - 2016-04-20 18:27 - 00000000 ___RD C:\Users\Bernard\OneDrive
2017-03-06 15:55 - 2015-08-18 06:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-06 15:55 - 2015-08-18 06:28 - 00000000 ____D C:\ProgramData\WildTangent
2017-03-06 15:51 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-06 15:48 - 2016-10-21 12:43 - 00000000 ____D C:\Users\Bernard\Documents\My Games
2017-03-06 14:19 - 2017-01-27 11:41 - 00003302 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-01 00:41 - 2016-06-01 01:13 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\tixati
2017-02-28 16:24 - 2016-05-05 12:51 - 00000000 ____D C:\Users\Bernard\AppData\Local\Eclipse
2017-02-28 16:24 - 2016-05-03 13:30 - 00000000 ____D C:\Users\Bernard\.p2
2017-02-26 20:07 - 2016-04-30 14:58 - 00000000 ____D C:\Users\Bernard\Documents\Nexus Mod Manager
2017-02-25 16:03 - 2016-04-24 22:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-25 13:07 - 2016-10-13 22:39 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-24 10:19 - 2016-04-20 19:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 10:18 - 2016-04-20 19:34 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 10:51 - 2016-04-23 11:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-17 14:40 - 2016-10-17 13:19 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Audacity
2017-02-16 01:13 - 2016-10-01 13:16 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-16 01:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 01:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-15 19:32 - 2016-04-21 09:23 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Riot Games
2017-02-13 19:44 - 2016-04-21 10:43 - 00000000 ____D C:\Users\Bernard\AppData\Local\ElevatedDiagnostics
2017-02-12 22:56 - 2016-04-22 20:01 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Skype
2017-02-11 04:47 - 2016-08-27 18:03 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\WebTorrent
2017-02-11 04:47 - 2016-08-27 18:03 - 00000000 ____D C:\Users\Bernard\AppData\Local\WebTorrent
2017-02-11 02:59 - 2016-08-27 18:03 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebTorrent

==================== Fichiers à la racine de certains dossiers =======

2016-08-26 20:34 - 2016-08-26 20:34 - 0000132 _____ () C:\Users\Bernard\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2016-07-06 00:15 - 2017-01-30 19:14 - 0000132 _____ () C:\Users\Bernard\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-23 17:13 - 2017-01-28 09:45 - 0000034 _____ () C:\Users\Bernard\AppData\Roaming\AdobeWLCMCache.dat
2016-10-16 14:25 - 2016-10-16 15:16 - 0000490 _____ () C:\Users\Bernard\AppData\Roaming\CascView.ini
2016-04-20 18:25 - 2017-03-12 00:52 - 0000165 _____ () C:\Users\Bernard\AppData\Roaming\sp_data.sys
2016-06-01 01:18 - 2016-06-01 01:20 - 0010991 _____ () C:\Users\Bernard\AppData\Roaming\tribler.exe.log
2016-10-06 18:22 - 2016-10-06 18:22 - 305520897 _____ () C:\Users\Bernard\AppData\Local\ACCCx3_8_0_310.zip.aamdownload
2016-10-06 18:22 - 2016-10-06 18:22 - 0003413 _____ () C:\Users\Bernard\AppData\Local\ACCCx3_8_0_310.zip.aamdownload.aamd
2016-08-26 20:29 - 2017-01-28 09:50 - 0001456 _____ () C:\Users\Bernard\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-11-03 17:49 - 2016-11-03 17:49 - 0002450 _____ () C:\Users\Bernard\AppData\Local\recently-used.xbel
2017-03-11 14:35 - 2017-03-11 15:56 - 0007603 _____ () C:\Users\Bernard\AppData\Local\Resmon.ResmonCfg
2016-10-01 13:01 - 2016-10-01 13:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Certains fichiers dans TEMP:
====================
2017-03-11 17:13 - 2016-11-11 11:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Bernard\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2017-03-08 16:15

==================== Fin de FRST.txt ============================

 

Addition.txt

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Exécuté par Jean-Michel Crapaud (12-03-2017 00:55:31)
Exécuté depuis C:\Users\Bernard\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-01 12:17:01)
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================

Administrateur (S-1-5-21-2792659385-62999317-2928674910-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2792659385-62999317-2928674910-503 - Limited - Disabled)
Invité (S-1-5-21-2792659385-62999317-2928674910-501 - Limited - Disabled)
Jean-Michel Crapaud (S-1-5-21-2792659385-62999317-2928674910-1001 - Administrator - Enabled) => C:\Users\Bernard

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

7GIF (HKLM\...\{D27A1E28-51AD-4CB7-9AAD-11D8DDA3B619}_is1) (Version: 1.2.0.1280 - Xtreme-LAb®)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC5}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Amanote (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Amanote) (Version: 0.9.7 - Amaplex Software)
amulesw (HKLM-x32\...\{13D7C2E9-08E7-4889-94FF-87E707184E53}) (Version: 1.0.7 - amules) <==== ATTENTION
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
AssaultCube v1.2.0.2 (HKLM-x32\...\AssaultCube) (Version: 1.2.0.2 - )
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.97 - ICEpower a/s)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BikaQ Rss (HKLM-x32\...\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}) (Version:  - ) <==== ATTENTION
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blisk (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Blisk) (Version: 0.59.2490.71 - Blisk)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CMake (HKLM-x32\...\{39237166-D5CD-4F15-AC14-83287D8F372D}) (Version: 3.5.2 - Kitware)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.19.1 (x32 Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Downloader 4.1.509 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.24.627 - Digital Wave Ltd)
Freemake Audio Converter version 1.1.8 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.8 - Ellora Assets Corporation)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Git version 2.10.0 (HKLM\...\Git_is1) (Version: 2.10.0 - The Git Development Community)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version:  - Ansgar Becker)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Instagiffer version 1.75 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.75 - Justin Todd)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
IZArc 4.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.2 - Ivan Zahariev)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 91 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180910}) (Version: 8.0.910.14 - Oracle Corporation)
Kit de développement logiciel (SDK) Microsoft .NET Framework 4.6.1 (Français) (HKLM-x32\...\{9369E1F2-44C9-4864-843E-159725E660CB}) (Version: 4.6.01055 - Microsoft Corporation)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (Français) (HKLM-x32\...\{AD054CB0-F527-48AD-832B-E65D46237C88}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB RC0 (HKLM\...\{9CED5D08-5664-4668-A927-CD6C60C4175D}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (HKLM-x32\...\{948B5F49-A57E-46B4-9F1E-145D7A9E66D7}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (x64) (HKLM\...\{F6F8053F-D328-4ACA-93A1-A49E495899F2}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service RC0 (HKLM-x32\...\{1852BD30-570B-4E47-8752-461448E8E250}) (Version: 13.0.12000.52 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom RC0 (HKLM\...\{D9F55D00-A8AB-4518-A56E-D9D5E615542A}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60311.1) (HKLM-x32\...\{28292CA9-8D65-4E37-95A3-753EEB38F122}) (Version: 14.0.60311.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM\...\{495CC0B4-D4C3-4D87-8317-F66BA48C5552}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM-x32\...\{3A87F9F2-D65D-4BA9-8459-E5BBE31EA64D}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ vNext Redistributable (x86) - 14.10.24629 (HKLM-x32\...\{7d9c81d7-a921-4503-8518-38fc0c94b692}) (Version: 14.10.24629.0 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 (HKLM-x32\...\{aaff6d8c-30d0-4446-82ae-1f1650eab4b9}) (Version: 14.0.23107.178 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 with Update 3 (HKLM-x32\...\{71688083-99e8-4e10-9522-8e98a130c438}) (Version: 12.0.30723 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Mumble 1.3.0 (HKLM\...\{3762C24D-5EED-4EE6-B719-5E606E11E487}) (Version: 1.3.0 - The Mumble Developers)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.19.0) (Version: 4.0.19.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.19.0 - Locktime Software) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenSSL 1.0.2h (64-bit) (HKLM\...\OpenSSL (64-bit)_is1) (Version:  - OpenSSL Win64 Installer Team)
osu! (HKLM-x32\...\{d6cfd292-21e7-4a8f-8b35-dd9bf1190d7b}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Popcorn-Time (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT RC0 (HKLM-x32\...\{AB72EB1C-9CF4-4274-984D-5EDA8BF37A08}) (Version: 13.0.1100.286 - Microsoft Corporation)
Python 2.7 pygtk-2.24.0 (HKLM-x32\...\pygtk-py2.7) (Version:  - )
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Quartus II 11.0 Web Edition (HKLM-x32\...\{02690396-E5D9-42C7-AFBE-4D80DAD1822C}) (Version:  - )
Racket v6.8 (x86_64) (HKLM-x32\...\Racket-x86_64-6.8) (Version: 6.8 - PLT Design Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7599 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25126 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2013.11 - Nils Maier)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.0 - IObit)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 2 (x32 Version: 14.95.25118 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Tixati (HKLM-x32\...\tixati) (Version:  - )
TorrentsTime Media Player (HKLM\...\TorrentsTime Media Player_is1) (Version: 1.1.9.7 - Torrents Time)
Tribler (HKLM-x32\...\Tribler) (Version: 6.5.1 - The Tribler Team)
TypeScript Power Tool (x32 Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.30.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update_msi (HKLM-x32\...\{59B5A9CD-253D-4C41-A073-B387D4C9672D}) (Version: 1.0.0 - Default Company Name)
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.4 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\{c77cb28d-ddd3-46f7-b51a-14a599127ba7}) (Version: 3.2.3.4 - VASCO Data Security)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.18a - IDRIX)
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebTorrent (HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\WebTorrent) (Version: 0.18.0 - WebTorrent, LLC)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinSnare (HKLM-x32\...\{F173D6F1-284D-4B18-9F6E-57DDC05E34EA}) (Version:  - ) <==== ATTENTION
WiX Toolset v3.10 Core (x32 Version: 3.10.3007 - .NET Foundation) Hidden
WiX Toolset v3.10 Managed SDK (x32 Version: 3.10.3007 - .NET Foundation) Hidden
WiX Toolset v3.10 Native 2015 SDK (x32 Version: 3.10.3007 - .NET Foundation) Hidden
WiX Toolset v3.10 Visual Studio Integration (x32 Version: 3.10.3007 - .NET Foundation) Hidden
WiX Toolset v3.10 X64 (Version: 3.10.3007 - .NET Foundation) Hidden
WiX Toolset v3.10.3.3007 (HKLM-x32\...\{d812c5ae-99d2-4e55-b7f0-d73e687f1069}) (Version: 3.10.3.3007 - .NET Foundation)
Wwise Launcher (HKLM-x32\...\{3C824A97-6066-4179-87F7-406EFE8EC961}) (Version: 16.12.13.546 - Audiokinetic Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)

==================== Personnalisé CLSID (Avec liste blanche): ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> D:\Programs\Autodesk\AutoCAD 2016\acad.exe /Automation => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> D:\Programs\Autodesk\AutoCAD 2016\acad.exe => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Pas de (l'élément de données a 8 caractères en plus).
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> D:\Programs\Autodesk\AutoCAD 2016\acad.exe /Automation => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Pas de (l'élément de données a 8 caractères en plus).
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Pas de (l'élément de données a 8 caractères en plus).
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => Pas de (l'élément de données a 8 caractères en plus).
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\Bernard\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll (VASCO Data Security)
CustomCLSID: HKU\S-1-5-21-2792659385-62999317-2928674910-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Programs\Autodesk\AutoCAD 2016\en-US\acadficn.dll => Pas de fichier

==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {09F00F5B-168C-438A-BF9D-07EE65DAC659} - \9143B8360B8160r2323-dll -> Pas de fichier <==== ATTENTION
Task: {0F71139B-44DA-4814-95B3-36544058B19C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {11ECFA2A-2579-424C-936E-AC88E6E7EBCF} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {12168201-5953-41C4-8860-71103A67AD03} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {1FFB95FA-34B1-4412-B041-E88B6314B0F8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {210C10D7-5D4C-4387-A0F7-3FB3D2CF9184} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {26713E49-3E24-4E22-B91F-312F5778DDC3} - \manager -> Pas de fichier <==== ATTENTION
Task: {275FC4DC-0A54-402A-9EDD-0D51B91C51FB} - \firefox -> Pas de fichier <==== ATTENTION
Task: {2B87FDF9-B9DF-4CD4-9DF1-50FBE78A69CE} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {32AAA3BF-B4C2-4979-B834-BC39BBA1C653} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-09-03] (Realtek Semiconductor)
Task: {46FFA8F1-A71D-4889-A0E6-E43E3CB58C56} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-28] (Dropbox, Inc.)
Task: {4EC210E5-B235-4137-BBD2-427C62C854F0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-28] (Dropbox, Inc.)
Task: {51ED882E-8978-4F18-96F8-628BE5329D8A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-06-30] (AsusTek)
Task: {537F6342-8E96-49F9-B2EB-7E1B07321FCE} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {6D50B90D-5BD2-469A-A5A3-D23728251E2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-10] (Google Inc.)
Task: {6DFB6580-98CC-48C0-93A1-6A6F81A548C0} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {6F2BD888-20D7-4B9C-B113-4755AC48BE2F} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ATTENTION
Task: {7584608F-51D3-4FC3-9291-8717262D81F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {7A36BC34-7ACC-4C8B-8697-AFDA519761AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {7C720513-3134-4668-A97E-BA9D80397A73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-10] (Google Inc.)
Task: {7C92670C-495F-41CE-9845-411809803411} - \updater -> Pas de fichier <==== ATTENTION
Task: {8379CE09-6581-4A5F-AA30-B0FE1CF4C6FB} - System32\Tasks\SmartDefrag_Update => D:\Programs\Smart Defrag\AutoUpdate.exe [2017-02-17] (IObit)
Task: {9FBC163F-0316-4AA2-A02B-36315647959D} - System32\Tasks\Qertochreewile Server => C:\Program Files (x86)\Drjother\xchpogh.exe
Task: {AD201924-97CB-4641-AB9A-627F942AC195} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {BE4AB1FA-6C8E-4BF4-95DE-2ECB26572247} - \boustrocode -> Pas de fichier <==== ATTENTION
Task: {CDA891B3-8971-4765-BCD7-CA021139E6F2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Pas de fichier <==== ATTENTION
Task: {E5F993D8-F518-4B34-88E5-896FDB30EE3B} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Programs\VisualStudio\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation)
Task: {ED8AB50B-648D-47F6-94E4-B53B56F608E7} - System32\Tasks\IObitSelfCheckTask => D:\Programs\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {F24C54BB-60DE-4B9B-8312-EFE2CFDB8014} - \Rercagerejek -> Pas de fichier <==== ATTENTION
Task: {F31F623D-9278-4441-A7B3-B33AD45B396E} - \9143B8360B8160r2323 -> Pas de fichier <==== ATTENTION
Task: {FD28FE43-1CC3-4F86-87F3-381704EE1AB4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-09-03] (Realtek Semiconductor)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Raccourcis =============================

(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

Shortcut: C:\Users\Bernard\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm

==================== Modules chargés (Avec liste blanche) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 19:14 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-19 10:11 - 2015-05-19 10:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2016-05-02 01:35 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-10-01 13:01 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-05-02 01:35 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-12-13 19:14 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-03-08 20:06 - 2017-03-08 20:06 - 00154480 _____ () D:\Programs\Zemana AntiMalware\ZAMShellExt64.dll
2015-09-07 03:04 - 2016-11-30 21:57 - 00401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-01 13:57 - 2016-10-01 13:57 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 16:15 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 16:15 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 16:15 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 16:15 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 16:15 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 16:15 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 16:37 - 2017-02-22 16:37 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 16:37 - 2017-02-22 16:37 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 16:37 - 2017-02-22 16:37 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 21:08 - 2017-02-06 21:08 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-06-30 18:04 - 2016-06-27 13:52 - 00112552 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-06-30 18:04 - 2016-06-27 13:52 - 00105896 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-06-30 18:04 - 2016-06-27 13:52 - 00021928 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-06-30 18:04 - 2016-06-27 13:52 - 00045992 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-02-02 21:59 - 2017-01-17 16:20 - 03843584 _____ () C:\Program Files (x86)\TorrentsTime Media Player\bin\torrent.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-11-24 19:47 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-07 02:09 - 2015-08-07 02:09 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)


==================== Mode sans échec (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)


==================== Association (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)

HKU\S-1-5-21-2792659385-62999317-2928674910-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer sites de confiance/sensibles ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)


==================== Hosts contenu: ==========================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2015-07-10 12:04 - 2016-04-23 17:09 - 00001030 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

==================== Autres zones ============================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKU\S-1-5-21-2792659385-62999317-2928674910-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\Wallpapers\EdinburghNight.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.

==================== MSCONFIG/TASK MANAGER éléments désactivés ==

MSCONFIG\Services: lfsvc => 3
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2792659385-62999317-2928674910-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== RèglesPare-feu (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{0D2477E8-5638-43C8-8E07-235D61880769}D:\games\assaultcube\bin_win32\ac_server.exe] => (Allow) D:\games\assaultcube\bin_win32\ac_server.exe
FirewallRules: [TCP Query User{E463214A-D4AB-41CA-9DCA-01F972F94214}D:\games\assaultcube\bin_win32\ac_server.exe] => (Allow) D:\games\assaultcube\bin_win32\ac_server.exe
FirewallRules: [UDP Query User{3B03F5D1-8C7E-44C8-80DD-C89D8193037F}C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe
FirewallRules: [TCP Query User{6972D8BB-B14F-45BD-8D74-03A2E0370CC7}C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.14.0\webtorrent.exe
FirewallRules: [UDP Query User{C8537B6E-9099-47C1-9D48-DE62CCA1ACBD}D:\programs\popcorntime\nw.exe] => (Allow) D:\programs\popcorntime\nw.exe
FirewallRules: [TCP Query User{89520622-8CD8-4B9C-99D0-58B2C06D3328}D:\programs\popcorntime\nw.exe] => (Allow) D:\programs\popcorntime\nw.exe
FirewallRules: [UDP Query User{E66B562D-05B6-485F-84EC-31B7D2C16023}C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe
FirewallRules: [TCP Query User{3C859870-BD11-4564-9613-FED00E5377F1}C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.12.0\webtorrent.exe
FirewallRules: [UDP Query User{67961530-7FA4-4410-B242-08CA769D1733}C:\users\bernard\desktop\zerobundle\python\python.exe] => (Allow) C:\users\bernard\desktop\zerobundle\python\python.exe
FirewallRules: [TCP Query User{40622EC6-3346-46E7-9FFD-F08E36E3BE06}C:\users\bernard\desktop\zerobundle\python\python.exe] => (Allow) C:\users\bernard\desktop\zerobundle\python\python.exe
FirewallRules: [UDP Query User{68848D9A-B6FB-4B6D-94CB-B81FA2E4AA54}D:\programs\matlab\bin\win64\matlab.exe] => (Block) D:\programs\matlab\bin\win64\matlab.exe
FirewallRules: [TCP Query User{D4925BE8-C780-4915-AF38-98DBD72C4C72}D:\programs\matlab\bin\win64\matlab.exe] => (Block) D:\programs\matlab\bin\win64\matlab.exe
FirewallRules: [UDP Query User{5C337599-0A71-4794-BA65-00E078AB7B65}D:\programs\tixati\tixati.exe] => (Allow) D:\programs\tixati\tixati.exe
FirewallRules: [TCP Query User{E930069F-0A90-4C6B-967E-79605DE804D0}D:\programs\tixati\tixati.exe] => (Allow) D:\programs\tixati\tixati.exe
FirewallRules: [UDP Query User{9A708FC5-BDAC-4C36-97CA-DBCF8CBE621C}D:\programs\deluge\deluged.exe] => (Allow) D:\programs\deluge\deluged.exe
FirewallRules: [TCP Query User{92F2FB31-CC9C-4846-9630-725E1BD981C7}D:\programs\deluge\deluged.exe] => (Allow) D:\programs\deluge\deluged.exe
FirewallRules: [{E8B3FC38-4105-427C-AAE8-7992836D1C3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D4E89A81-AD31-4741-A2BE-77339FD22BB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A1EBA3CC-3BBD-4CD4-AFA8-8E9A7181D666}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D762D88C-52A5-4ED7-9750-CB6280111261}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{918C12DF-40CE-41DC-A5E1-8CB2108A2486}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5E65F483-1E60-4EF5-9988-6DA2B866E3D2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8E502335-6DDB-4054-97FE-AE71C63C28EA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A788445D-B071-47EE-B318-ABD434A02592}] => (Allow) C:\Program Files (x86)\Tribler\tribler.exe
FirewallRules: [{00E93B83-E71B-4B4B-A615-8E8B1F3B4830}] => (Allow) C:\Program Files (x86)\Tribler\tribler.exe
FirewallRules: [{C52A3ABC-2408-4A51-A7D9-6020A859AAC1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04CFFC58-E67D-4085-A023-FA5E0978463F}] => (Allow) LPort=5000
FirewallRules: [{F1EC17C4-C5AD-4AEB-B049-052560EEB005}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{4E1C8556-5C84-4E0E-8F78-7DE466F261F3}C:\program files (x86)\tribler\tribler.exe] => (Allow) C:\program files (x86)\tribler\tribler.exe
FirewallRules: [UDP Query User{C1DBE531-E32D-4358-8469-2648E75F2F81}C:\program files (x86)\tribler\tribler.exe] => (Allow) C:\program files (x86)\tribler\tribler.exe
FirewallRules: [{C653BE90-E223-425D-87CE-BA2BB8F2A15C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34F2AC2B-E5A4-469F-B93D-067A60F725D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{870A0071-E3E9-4260-B8BB-487444E7752D}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [UDP Query User{37745461-C47E-440D-9677-EA9CFD1F8205}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [TCP Query User{689FCA0D-E43D-40FE-8A78-F06F6C8A3C26}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{96E7FB29-C4C3-467F-AB9E-8F6F3B3D5B04}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [{82908F8C-442F-469B-8298-31E16152D0E7}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{0875C0D1-F1CF-4D14-A547-E52CF854FD40}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{4101852C-6DD7-44BE-925C-DA9CE820B76F}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{67469939-FF9A-4794-A074-043D61E08741}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{060B08D9-5EC3-46F2-AB64-CF2C3A8443BD}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{A38CB6BF-4706-496D-A541-E469932DF000}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [{9C1A40D3-C967-414B-8AC9-650551AD9C34}] => (Allow) D:\Programs\VisualStudio\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{37A8000C-0489-4258-A4A1-B481A9CD3980}D:\programs\matlab\bin\win64\matlab.exe] => (Block) D:\programs\matlab\bin\win64\matlab.exe
FirewallRules: [UDP Query User{217541C3-A312-4BA4-B4A2-3372640BCBDE}D:\programs\matlab\bin\win64\matlab.exe] => (Block) D:\programs\matlab\bin\win64\matlab.exe
FirewallRules: [TCP Query User{00EF37B2-3EB8-495C-A968-794EE33CC661}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{36621540-60E3-4748-8010-9247C6951029}D:\games\overwatch\overwatch.exe] => (Allow) D:\games\overwatch\overwatch.exe
FirewallRules: [{A7A59067-06CA-48CE-B798-E74033CB34E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2EBEAB7-981C-46F4-A7A7-0B68F365A965}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4BADE8E-E02B-4B9F-91E0-A43A183CF7C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E9BAA407-07B5-40FC-9BB0-E6433AB00A12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{C4C2359C-2CB9-4C30-91CB-7AFEAB90B949}C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe
FirewallRules: [UDP Query User{7434BB7D-48CA-4945-83BA-0EF158CFD540}C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.0-ia32\webtorrent.exe
FirewallRules: [TCP Query User{E0D3C6A8-23B2-46A8-83B1-EDCD9DDE3EF9}C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe
FirewallRules: [UDP Query User{FB26FA68-FA1E-4030-9B41-2F222B36C122}C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.0\webtorrent.exe
FirewallRules: [TCP Query User{696C3689-F155-4029-94F0-5EE383EA2E4A}C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe
FirewallRules: [UDP Query User{62B81FD1-CFAA-4718-8AEC-F88EF93AD243}C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.1\webtorrent.exe
FirewallRules: [TCP Query User{AB7B46E4-A8FC-4CD3-AC59-724196F305A3}C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe
FirewallRules: [UDP Query User{83FEAA0A-BC1B-42AD-B0CC-F5B706EF8875}C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe] => (Allow) C:\users\bernard\appdata\local\webtorrent\app-0.17.2\webtorrent.exe
FirewallRules: [TCP Query User{369943DF-A3C5-49B9-8F23-478E2E90062D}D:\games\hearthstone\battle.net\battle.net.8098\battle.net.exe] => (Allow) D:\games\hearthstone\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{8891662F-E1CF-4BCC-94B5-C5A753C13C12}D:\games\hearthstone\battle.net\battle.net.8098\battle.net.exe] => (Allow) D:\games\hearthstone\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{082772CF-B87C-4495-B317-44CC69E21E30}D:\games\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{63B65268-6E9F-4334-9DFF-585A364B69D0}D:\games\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{CEF2CA27-8AAF-4DB3-8F73-7C55F491C7D3}D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AB2F54B4-0672-4194-89DB-EE0FC50D83FF}D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [{EC2770D7-2330-4025-AAA1-58747F07F220}] => (Allow) D:\Programs\Itunes\iTunes.exe
FirewallRules: [{EFF11EBD-20D5-4AB2-B9E1-7D96B589E59F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
FirewallRules: [{13226D6A-B628-4E3C-8B62-6DCD5084B309}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
FirewallRules: [{E964785F-BFF6-4B20-B5AB-989CE62C4D1F}] => (Allow) C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe
FirewallRules: [{ADDE1004-630C-4C2A-978A-833755360E22}] => (Allow) C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe
FirewallRules: [{612F17E8-F9FC-4D09-8EFB-00632A763162}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{4A7971E6-1DA0-42AC-AADF-C3215C938B31}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{80705D78-44D3-4217-9AB1-759A5E761655}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{53ED7802-F88A-4C8C-A27F-F28FF3678D48}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{1F9EFA76-A316-4EF0-B6C1-ED301C24E4B1}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{DD09D58C-8D76-4636-B268-C45B405044E2}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{29F186B0-811E-4FD4-97EC-96DE955AE34E}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{9D55E9F3-D757-472F-9AD4-206DE87E04E6}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BDCAABC8-1989-4A27-847D-5D448AD8391F}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{61BE3CC9-9947-407C-A65A-97CD617F4F64}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Points de restauration =========================

11-03-2017 16:38:54 zoek.exe restore point

==================== Éléments en erreur du Gestionnaire de périphériques =============


==================== Erreurs du Journal des événements: =========================

Erreurs Application:
==================
Error: (03/12/2017 12:52:46 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry information for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (03/12/2017 12:52:46 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalogue

Error: (03/12/2017 12:52:46 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (03/12/2017 12:52:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x582c4836
Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp: 0x58256d37
Exception code: 0xe0434352
Fault offset: 0x000da832
Faulting process ID: 0xb18
Faulting application start time: 0x01d29ac2922f6064
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 2dc33de2-990b-492b-8b78-00e36c383e9e
Faulting package full name:
Faulting package-relative application ID:

Error: (03/12/2017 12:52:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
   at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/12/2017 12:52:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2084.9592, time stamp: 0x57605ac0
Faulting module name: NvMdnsPlugin.dll_unloaded, version: 0.0.0.0, time stamp: 0x57605fbb
Exception code: 0xc0000005
Fault offset: 0x00000000000d45a0
Faulting process ID: 0x1328
Faulting application start time: 0x01d29a97a0fc9bc4
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
Faulting module path: NvMdnsPlugin.dll
Report ID: c497cf9e-1a64-4b69-84f6-d85cba59ae78
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2017 11:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Roots.exe, version: 0.1.1.0, time stamp: 0x58c47605
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffdd58a26c8
Faulting process ID: 0xea4
Faulting application start time: 0x01d29ab467e2f136
Faulting application path: D:\Desktop\Prog\Roots\x64\Release\Roots.exe
Faulting module path: unknown
Report ID: cc8c4215-c06d-42b1-b497-6e86af403e7e
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2017 11:11:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Roots.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at <Module>.Animus.apply(Animus*, Boolean)
   at <Module>.Encryption.crypt(Encryption*, UInt32)
   at <Module>.Encryption.encrypt(Encryption*, System.String, Combination)
   at Preference.serialize()
   at Preference.~Preference()
   at Preference.Dispose(Boolean)
   at Preference.Dispose()
   at Boustrocode.MainWindow.~MainWindow()
   at Boustrocode.MainWindow.Dispose(Boolean)
   at System.ComponentModel.Component.Dispose()
   at System.Windows.Forms.Application+ThreadWindows.Dispose()
   at System.Windows.Forms.Application+ThreadContext.DisposeThreadWindows()
   at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   at <Module>.Main(System.String[])

Error: (03/11/2017 07:49:31 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Unable to read the "First Counter" value under the usbperf\Performance Key. Status codes returned in data.

Error: (03/11/2017 07:47:22 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Unable to read the "First Counter" value under the usbperf\Performance Key. Status codes returned in data.


Erreurs système:
=============
Error: (03/12/2017 12:52:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (03/12/2017 12:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2017 12:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2017 12:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2017 12:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2017 12:52:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2017 12:52:12 AM) (Source: DCOM) (EventID: 10010) (User: BERNARD)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (03/12/2017 12:52:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2017 12:48:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 3 time(s).

Error: (03/12/2017 12:31:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WinSnare service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 21600000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-03-09 18:25:16.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-08 23:52:48.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-08 16:15:36.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-07 18:06:16.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-28 12:57:44.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-26 14:13:10.918
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 22:47:44.846
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 16:43:03.816
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-30 17:19:50.501
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-29 19:36:39.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Infos Mémoire ===========================

Processeur: Intel® Core™ i7-4750HQ CPU @ 2.00GHz
Pourcentage de mémoire utilisée: 16%
Mémoire physique - RAM - totale: 16273 MB
Mémoire physique - RAM - disponible: 13599.68 MB
Mémoire virtuelle totale: 17297 MB
Mémoire virtuelle disponible: 14721.38 MB

==================== Lecteurs ================================

Drive c: (OS) (Fixed) (Total:118.48 GB) (Free:45 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:608.66 GB) NTFS

==================== MBR & Table des partitions ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 378EBD61)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: ECDF7353)

Partition: GPT.

==================== Fin de Addition.txt ============================

 

Thank you once again and sorry for having put you in that uncomfortable position.


Edited by UnhappyCyborg, 11 March 2017 - 06:57 PM.


#15 UnhappyCyborg

UnhappyCyborg
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 11 March 2017 - 06:46 PM

Oops forgot one particular piece of software, removing it straightaway, rescanning afterwards. :)

// DONE


Edited by UnhappyCyborg, 11 March 2017 - 06:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users