Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bitdefender trouble


  • This topic is locked This topic is locked
4 replies to this topic

#1 ZhiZed

ZhiZed

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 July 2017 - 08:39 AM

Hello,

 

As suggested by boopme, I'm starting this topic...

 

I've been getting some threat messages by Avast, my previous thread on this issue is here: https://www.bleepingcomputer.com/forums/t/651151/infection-or-false-positive/#entry4284058

Please read before proceeding.

 

Anyway, I was wondering if there is a way to remove Bitdefender without having to do a clean system installation...

For now, I haven't tried getting the BD password from my providers, I truly doubt that I will get it, so I'd like to try alternative solutions, if there are any.

 

Thanks in advance!  :)

 

Here's the FRST log

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Exécuté par ZDENKA (administrateur) sur PORT-FANX70442 (17-07-2017 12:17:56)
Exécuté depuis c:\Users\ZDENKA\Desktop
Profils chargés: ZDENKA (Profils disponibles: ZDENKA & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
 
==================== Processus (Avec liste blanche) =================
 
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
 
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FingerPrint\511\AsusFPService_x64.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\USB Lock\svchost.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Bomgar) C:\ProgramData\bomgar-scc-0x57ac49b8\bomgar-scc.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe
(Bomgar) C:\ProgramData\bomgar-scc-0x57ac49b8\bomgar-scc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epag.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epintegrationservice.exe
(Synology Inc.) C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epsecurityservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epupdateservice.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Synology Inc.) C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
(Synology Inc.) C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn\sqlservr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
 
==================== Registre (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-10-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [423424 2017-04-06] (LogMeIn, Inc.)
HKLM\...\Run: [Veeam.EndPoint.Tray.exe] => C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe [483784 2015-09-29] (Veeam Software AG)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-04] (AVAST Software)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-03-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [406328 2014-05-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [209720 2014-06-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3272451265-1829585603-1510885610-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
Startup: C:\Users\ZDENKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2017-07-17]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)
 
==================== Internet (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
 
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{770E6294-921E-4CD5-8391-C7D4B26560AA}: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{BB6ED0B3-4DB3-4BAA-8435-9FE0DD40EC39}: [DhcpNameServer] 192.15.128.24
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3272451265-1829585603-1510885610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3272451265-1829585603-1510885610-1001 -> DefaultScope {BD6B1B21-7A98-4B44-8094-6B758AC95D80} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3272451265-1829585603-1510885610-1001 -> {BD6B1B21-7A98-4B44-8094-6B758AC95D80} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-04] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-07-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-04] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\ZDENKA\AppData\Roaming\Mozilla\Firefox\Profiles\zcqqnpdn.default-1490195545146 [2017-07-07]
FF Extension: (Avast SafePrice) - C:\Users\ZDENKA\AppData\Roaming\Mozilla\Firefox\Profiles\zcqqnpdn.default-1490195545146\Extensions\sp@avast.com.xpi [2017-07-04]
FF Extension: (Avast Online Security) - C:\Users\ZDENKA\AppData\Roaming\Mozilla\Firefox\Profiles\zcqqnpdn.default-1490195545146\Extensions\wrc@avast.com.xpi [2017-07-04]
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.facebook.com/"
CHR NewTab: Default ->  Active:"chrome-extension://mefhakmgclhhfbdadeojlkbllmecialg/public/index.html"
CHR Profile: C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default [2017-07-17]
CHR Extension: (Google Slides) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-04]
CHR Extension: (Google Docs) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-04]
CHR Extension: (Google Drive) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-04]
CHR Extension: (YouTube) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-04]
CHR Extension: (Adblock Plus) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Christmas Lights Theme) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojhihmbofgblnnjkgilnggdbkabdpbf [2017-07-03]
CHR Extension: (Avast SafePrice) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-07-05]
CHR Extension: (What Facebook Thinks You Like) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoknmaajkanapojcdeccofmeimpddoim [2016-10-03]
CHR Extension: (Google Sheets) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-04]
CHR Extension: (Google Docs hors connexion) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04]
CHR Extension: (Avast Online Security) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-05]
CHR Extension: (Meta4 ClickOnce Launcher) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkncabbipkgbconhaajbapbhokpbgkdc [2017-01-12]
CHR Extension: (Tabby Cat) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg [2017-06-09]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (TunnelBear VPN) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2017-06-09]
CHR Extension: (Gmail) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
R2 ASNB4LDRSvc; C:\Program Files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe [33912 2014-10-02] (ASUS)
R2 AsusFPService; C:\Program Files (x86)\ASUS\FingerPrint\511\AsusFPService_x64.exe [872448 2015-03-28] (ASUSTek Computer Inc.) [Fichier non signé]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-04] (AVAST Software)
S4 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [41176 2015-03-03] (Realtek Semiconductor Corporation)
S2 bomgar-ps-57AC49B8-1481128281; C:\ProgramData\bomgar-scc-0x57ac49b8\bomgar-scc.exe [9346832 2017-03-15] (Bomgar)
R2 bomgar-ps-58B44737-1490045053; C:\ProgramData\bomgar-scc-0x57ac49b8\bomgar-scc.exe [9346832 2017-03-15] (Bomgar)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [108248 2015-03-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287256 2016-07-04] ()
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [210744 2015-06-30] ()
R2 epag; C:\Program Files\Bitdefender\Endpoint Security\epag.exe [3559152 2017-07-10] (Bitdefender)
R2 EPIntegrationService; C:\Program Files\Bitdefender\Endpoint Security\EPIntegrationService.exe [100392 2017-07-04] (Bitdefender)
R2 EPSecurityService; C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe [100392 2017-07-04] (Bitdefender)
R2 EPUpdateService; C:\Program Files\Bitdefender\Endpoint Security\EPUpdateService.exe [100392 2017-07-04] (Bitdefender)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
R2 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-13] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [353720 2015-07-14] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2014-10-03] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [156960 2015-02-25] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2017-06-17] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [524776 2017-06-17] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [135168 2012-06-29] (Nalpeiron Ltd.) [Fichier non signé]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-06-29] (Nalpeiron Ltd.) [Fichier non signé]
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [51416 2015-01-04] (Realtek Semiconductor Corporation)
R2 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [2248192 2012-09-11] (Validity Sensors, Inc.) [Fichier non signé]
R2 vcsFPService; C:\Windows\SysWOW64\vcsFPService.exe [1933312 2012-09-11] (Validity Sensors, Inc.) [Fichier non signé]
R2 VeeamEndpointBackupSvc; C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe [91648 2015-09-29] (Veeam Software AG) [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-28] (Microsoft Corporation)
 
===================== Pilotes (Avec liste blanche) ======================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-07-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-07-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-07-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-07-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146664 2017-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-04] (AVAST Software)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [73512 2015-03-18] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1612648 2017-05-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [879600 2017-05-23] (BitDefender)
R1 Bdfwfpf; C:\Program Files\Bitdefender\Endpoint Security\bdfwfpf.sys [133088 2017-07-04] (BitDefender LLC)
R3 dptf_cpu; C:\Windows\System32\DRIVERS\dptf_cpu.sys [38720 2014-09-18] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\DRIVERS\dptf_pch.sys [38208 2014-09-18] (Intel Corporation)
R3 esif_lf; C:\Windows\System32\DRIVERS\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [178384 2017-01-30] (BitDefender LLC)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30960 2015-02-09] (Intel Corporation)
R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; pas de ImagePath
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-17] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [593112 2015-03-18] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3511512 2015-03-04] (Realtek Semiconductor Corporation                           )
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [439576 2017-05-23] (BitDefender S.R.L.)
 
==================== NetSvcs (Avec liste blanche) ===================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
 
==================== Un mois - Créés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2017-07-17 12:17 - 2017-07-17 12:35 - 00025057 _____ C:\Users\ZDENKA\Desktop\FRST.txt
2017-07-17 12:10 - 2017-07-17 12:17 - 00000000 ____D C:\FRST
2017-07-17 12:07 - 2017-07-17 12:07 - 02435584 _____ (Farbar) C:\Users\ZDENKA\Desktop\FRST64.exe
2017-07-17 10:33 - 2017-07-17 10:33 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-17 09:25 - 2017-07-17 09:25 - 00006778 ___RH C:\farstone_pe.letter
2017-07-13 16:58 - 2017-07-13 16:59 - 06109488 _____ C:\Users\ZDENKA\Downloads\BEST_Uninstalltool_new.exe
2017-07-13 15:20 - 2017-07-13 15:20 - 00000000 ____D C:\Users\ZDENKA\Downloads\Autoruns
2017-07-13 15:18 - 2017-07-13 15:18 - 01305367 _____ C:\Users\ZDENKA\Downloads\Autoruns.zip
2017-07-13 13:17 - 2017-07-13 13:17 - 00003536 ____N C:\bootsqm.dat
2017-07-12 11:16 - 2017-07-12 11:16 - 00088565 _____ C:\ProgramData\1499850866.bdinstall.bin
2017-07-12 11:13 - 2017-07-06 06:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-12 11:13 - 2017-06-30 06:15 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 11:13 - 2017-06-30 05:32 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 11:13 - 2017-06-30 04:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 11:13 - 2017-06-30 04:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 11:13 - 2017-06-30 04:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 11:13 - 2017-06-30 04:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 11:13 - 2017-06-29 08:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 11:13 - 2017-06-29 08:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 11:13 - 2017-06-29 08:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 11:13 - 2017-06-29 08:02 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 11:13 - 2017-06-29 08:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 11:13 - 2017-06-29 07:55 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 11:13 - 2017-06-29 07:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 11:13 - 2017-06-29 07:51 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 11:13 - 2017-06-29 07:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 11:13 - 2017-06-29 07:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 11:13 - 2017-06-29 07:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 11:13 - 2017-06-29 07:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 11:13 - 2017-06-29 07:43 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 11:13 - 2017-06-29 07:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 11:13 - 2017-06-29 07:31 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 11:13 - 2017-06-29 07:31 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 11:13 - 2017-06-29 07:30 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 11:13 - 2017-06-29 07:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 11:13 - 2017-06-29 07:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 11:13 - 2017-06-29 07:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 11:13 - 2017-06-29 07:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 11:13 - 2017-06-29 07:23 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 11:13 - 2017-06-29 07:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 11:13 - 2017-06-29 07:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 11:13 - 2017-06-29 07:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 11:13 - 2017-06-29 07:19 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 11:13 - 2017-06-29 07:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 11:13 - 2017-06-29 07:14 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 11:13 - 2017-06-29 07:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 11:13 - 2017-06-29 07:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 11:13 - 2017-06-29 07:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 11:13 - 2017-06-29 07:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 11:13 - 2017-06-29 07:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 11:13 - 2017-06-29 07:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 11:13 - 2017-06-29 07:07 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 11:13 - 2017-06-29 07:05 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 11:13 - 2017-06-29 07:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 11:13 - 2017-06-29 07:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 11:13 - 2017-06-29 07:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 11:13 - 2017-06-29 06:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 11:13 - 2017-06-29 06:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 11:13 - 2017-06-29 06:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 11:13 - 2017-06-29 06:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 11:13 - 2017-06-29 06:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 11:13 - 2017-06-29 06:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 11:13 - 2017-06-29 06:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 11:13 - 2017-06-29 06:48 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 11:13 - 2017-06-29 06:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 11:13 - 2017-06-29 06:46 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 11:13 - 2017-06-29 06:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 11:13 - 2017-06-29 06:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 11:13 - 2017-06-29 06:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 11:13 - 2017-06-29 06:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 11:13 - 2017-06-29 06:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 11:13 - 2017-06-22 16:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 11:13 - 2017-06-15 22:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 11:13 - 2017-06-13 00:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 11:13 - 2017-06-13 00:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 11:13 - 2017-06-13 00:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 11:13 - 2017-06-13 00:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 11:13 - 2017-06-13 00:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 11:13 - 2017-06-13 00:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 11:13 - 2017-06-13 00:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 11:13 - 2017-06-13 00:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 11:13 - 2017-06-13 00:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 11:13 - 2017-06-13 00:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 11:13 - 2017-06-13 00:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 11:13 - 2017-06-13 00:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 11:13 - 2017-06-13 00:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 11:13 - 2017-06-13 00:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 11:13 - 2017-06-13 00:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 11:13 - 2017-06-13 00:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 11:13 - 2017-06-13 00:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 11:13 - 2017-06-13 00:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 11:13 - 2017-06-13 00:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 11:13 - 2017-06-13 00:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 11:13 - 2017-06-13 00:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 11:13 - 2017-06-10 17:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 11:13 - 2017-06-10 17:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 11:13 - 2017-06-09 17:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 11:13 - 2017-06-06 17:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 11:13 - 2017-06-06 17:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 11:13 - 2017-05-30 06:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 11:13 - 2017-05-30 06:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 11:13 - 2017-05-30 06:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 11:13 - 2017-05-16 17:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 11:13 - 2017-05-16 17:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 11:12 - 2017-06-30 04:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 11:12 - 2017-06-30 04:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 11:12 - 2017-06-30 04:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 11:12 - 2017-06-30 04:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 11:12 - 2017-06-30 04:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 11:12 - 2017-06-30 04:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 11:12 - 2017-06-30 04:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 11:12 - 2017-06-30 04:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 11:12 - 2017-06-30 04:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 11:12 - 2017-06-30 04:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 11:12 - 2017-06-30 04:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 11:12 - 2017-06-30 04:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 11:12 - 2017-06-30 04:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 11:12 - 2017-06-30 04:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 11:12 - 2017-06-30 04:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 11:12 - 2017-06-30 04:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 11:12 - 2017-06-30 04:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 11:12 - 2017-06-30 04:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 11:12 - 2017-06-30 04:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 11:12 - 2017-06-30 04:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 11:12 - 2017-06-30 04:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 11:12 - 2017-06-30 04:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 11:12 - 2017-06-29 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 11:12 - 2017-06-29 08:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 11:12 - 2017-06-29 08:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 11:12 - 2017-06-29 08:02 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 11:12 - 2017-06-29 07:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 11:12 - 2017-06-29 07:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 11:12 - 2017-06-29 07:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 11:12 - 2017-06-29 07:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 11:12 - 2017-06-29 07:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 11:12 - 2017-06-29 07:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 11:12 - 2017-06-29 06:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 11:12 - 2017-06-29 06:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 11:12 - 2017-06-13 00:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 11:12 - 2017-06-13 00:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 11:12 - 2017-06-13 00:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 11:12 - 2017-06-13 00:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 11:12 - 2017-06-13 00:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 11:12 - 2017-06-13 00:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 11:12 - 2017-06-13 00:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 11:12 - 2017-06-13 00:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 11:12 - 2017-06-13 00:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 11:12 - 2017-06-13 00:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 11:12 - 2017-06-13 00:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 11:12 - 2017-06-13 00:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 11:12 - 2017-06-13 00:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 11:12 - 2017-06-13 00:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 11:12 - 2017-06-13 00:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 11:12 - 2017-06-13 00:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 11:12 - 2017-06-13 00:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 11:12 - 2017-06-13 00:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 11:12 - 2017-06-13 00:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 11:12 - 2017-06-13 00:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 11:12 - 2017-06-13 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 11:12 - 2017-06-13 00:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 11:12 - 2017-05-21 06:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 11:12 - 2017-05-21 06:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 11:12 - 2017-05-16 17:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 11:07 - 2017-05-03 17:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 11:07 - 2017-05-03 17:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 11:07 - 2017-05-03 15:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 11:07 - 2017-05-03 15:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 11:07 - 2017-05-03 15:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 11:07 - 2017-05-03 15:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 11:07 - 2017-05-03 15:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-12 11:07 - 2017-05-03 15:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 11:07 - 2017-05-03 15:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-12 11:07 - 2017-03-23 04:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-11 10:17 - 2017-07-11 10:17 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ZDENKA\Desktop\rkill2.exe
2017-07-11 10:12 - 2017-07-11 10:13 - 00233506 _____ C:\TDSSKiller.3.1.0.15_11.07.2017_10.12.03_log.txt
2017-07-11 09:51 - 2017-07-11 09:51 - 04922400 _____ (AO Kaspersky Lab) C:\Users\ZDENKA\Desktop\tdsskiller.exe
2017-07-07 14:20 - 2015-03-04 20:13 - 03511512 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
2017-07-07 14:19 - 2017-07-07 14:19 - 00000093 _____ C:\Windows\HPSetLog.txt
2017-07-07 14:19 - 2017-07-07 14:19 - 00000000 ____D C:\SWSetup
2017-07-07 09:44 - 2017-07-07 09:51 - 00000000 ____D C:\Users\ZDENKA\AppData\LocalLow\Mozilla
2017-07-05 17:39 - 2017-07-06 10:25 - 00439198 _____ C:\Windows\ntbtlog.txt
2017-07-05 17:35 - 2017-07-05 17:35 - 01663672 _____ (Malwarebytes) C:\Users\ZDENKA\Desktop\JRT.exe
2017-07-05 14:43 - 2017-07-05 14:43 - 00000000 ____D C:\ProgramData\Adobe
2017-07-05 14:22 - 2017-07-05 14:23 - 00000000 ____D C:\totalcmd
2017-07-05 14:22 - 2017-07-05 14:22 - 00000000 ____D C:\Users\ZDENKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2017-07-05 14:22 - 2017-07-05 14:22 - 00000000 ____D C:\Users\ZDENKA\AppData\Roaming\GHISLER
2017-07-05 14:22 - 2012-08-03 08:01 - 00000545 _____ C:\Windows\UC.PIF
2017-07-05 14:22 - 2012-08-03 08:01 - 00000545 _____ C:\Windows\RAR.PIF
2017-07-05 14:22 - 2012-08-03 08:01 - 00000545 _____ C:\Windows\PKZIP.PIF
2017-07-05 14:22 - 2012-08-03 08:01 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2017-07-05 14:22 - 2012-08-03 08:01 - 00000545 _____ C:\Windows\LHA.PIF
2017-07-05 14:22 - 2012-08-03 08:01 - 00000545 _____ C:\Windows\ARJ.PIF
2017-07-04 16:59 - 2017-07-04 16:59 - 00000000 ____D C:\Users\ZDENKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-04 16:07 - 2017-07-13 15:40 - 00003926 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1499177260
2017-07-04 16:07 - 2017-07-04 16:07 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-04 16:06 - 2017-07-04 16:06 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-04 16:04 - 2017-07-04 16:04 - 00000000 ____D C:\Users\ZDENKA\AppData\Roaming\AVAST Software
2017-07-04 16:02 - 2017-07-05 17:41 - 00002081 _____ C:\Users\Public\Desktop\Avast Antivirus Gratuit.lnk
2017-07-04 16:02 - 2017-07-04 16:02 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-04 16:02 - 2017-07-04 16:02 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-04 16:02 - 2017-07-04 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-07-04 16:02 - 2017-07-04 16:01 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-04 16:02 - 2017-07-04 16:01 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-04 16:02 - 2017-07-04 16:01 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-04 16:01 - 2017-07-04 16:01 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-04 16:01 - 2017-07-04 16:01 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-04 16:01 - 2017-07-04 16:01 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-04 16:01 - 2017-07-04 16:01 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-04 16:01 - 2017-07-04 16:00 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-04 16:01 - 2017-07-04 16:00 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-04 16:01 - 2017-07-04 16:00 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-04 16:01 - 2017-07-04 16:00 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-04 16:01 - 2017-07-04 16:00 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-04 15:57 - 2017-07-04 16:06 - 00000000 ____D C:\Program Files\AVAST Software
2017-07-04 15:56 - 2017-07-04 15:56 - 06922168 _____ (AVAST Software) C:\Users\ZDENKA\Downloads\avast_free_antivirus_setup_online.exe
2017-06-28 09:27 - 2017-06-28 09:27 - 00000241 _____ C:\ProgramData\proxy-172482.tmp
 
==================== Un mois - Modifiés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2017-07-17 12:38 - 2016-08-11 11:47 - 00000000 ____D C:\ProgramData\bomgar-scc-0x57ac49b8
2017-07-17 12:35 - 2016-05-04 09:34 - 00000000 ____D C:\Users\ZDENKA\AppData\Roaming\Skype
2017-07-17 12:32 - 2016-05-04 09:35 - 00000000 ____D C:\Users\ZDENKA\Documents\Fichiers Outlook
2017-07-17 10:59 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-17 10:59 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-17 10:38 - 2017-03-27 09:58 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-17 10:37 - 2017-03-27 09:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-17 09:26 - 2016-04-12 13:58 - 00000000 __SHD C:\Users\ZDENKA\IntelGraphicsProfiles
2017-07-17 09:23 - 2016-07-22 17:09 - 00000000 ___RD C:\Users\ZDENKA\CloudStation
2017-07-17 09:22 - 2016-04-12 13:58 - 00000000 ____D C:\Users\ZDENKA
2017-07-17 09:22 - 2016-04-12 09:38 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2017-07-17 09:22 - 2016-04-12 09:38 - 00000000 ____D C:\ProgramData\LogMeIn
2017-07-17 09:22 - 2015-10-29 11:11 - 00000025 ___SH C:\Windows\SysWOW64\ReadTag.ini
2017-07-17 09:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-13 17:08 - 2016-05-10 16:54 - 00000000 ____D C:\Users\ZDENKA\AppData\Roaming\vlc
2017-07-13 16:11 - 2011-02-19 11:13 - 00749042 _____ C:\Windows\system32\perfh00C.dat
2017-07-13 16:11 - 2011-02-19 11:13 - 00150518 _____ C:\Windows\system32\perfc00C.dat
2017-07-13 16:11 - 2009-07-14 07:13 - 01668256 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-13 16:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-13 15:39 - 2016-11-04 19:14 - 00003124 _____ C:\Windows\System32\Tasks\BDAntiCryptoWallTask
2017-07-13 15:39 - 2016-05-04 11:38 - 00003374 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-13 13:23 - 2014-03-28 12:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-13 13:20 - 2009-07-14 06:45 - 00342912 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-13 12:21 - 2016-04-14 18:18 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-13 09:55 - 2016-05-09 15:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-13 09:52 - 2016-04-13 23:04 - 00000000 ____D C:\Windows\system32\MRT
2017-07-13 09:42 - 2016-04-13 23:04 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 10:25 - 2017-03-27 10:51 - 00000000 ____D C:\Users\ZDENKA\Desktop\Anti-malware
2017-07-11 10:31 - 2016-07-07 15:44 - 00000000 ____D C:\Users\ZDENKA\AppData\Roaming\qBittorrent
2017-07-11 10:05 - 2016-09-27 17:15 - 00000132 _____ C:\Users\ZDENKA\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-07-10 09:36 - 2016-07-22 17:05 - 00000000 ____D C:\Users\ZDENKA\AppData\Local\CloudStation
2017-07-07 14:49 - 2014-03-28 12:16 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-07 14:20 - 2015-10-29 10:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-07 14:20 - 2015-10-29 10:28 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-07-07 10:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-07-05 16:00 - 2016-05-09 15:22 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-07-05 10:57 - 2017-02-09 16:53 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-05 09:28 - 2017-03-29 16:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-07-05 09:28 - 2017-03-29 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-04 17:00 - 2017-03-22 17:15 - 00000000 ____D C:\Program Files (x86)\Java
2017-07-04 16:59 - 2016-05-10 16:54 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-07-04 16:59 - 2016-04-12 09:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-04 16:59 - 2016-04-12 09:38 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-07-04 16:58 - 2016-09-26 14:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-04 16:29 - 2016-05-04 09:34 - 00000000 ____D C:\ProgramData\Skype
2017-07-04 16:28 - 2016-05-04 09:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-04 13:40 - 2016-05-04 16:45 - 00000000 ____D C:\Users\ZDENKA\Documents\_BOULOT_
2017-06-27 09:46 - 2016-05-04 11:38 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 09:46 - 2016-05-04 11:38 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-19 15:25 - 2016-09-01 10:44 - 00006104 _____ C:\Users\ZDENKA\Desktop\Gasoil - Raccourci.lnk
2017-06-19 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-06-19 09:08 - 2017-03-27 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-17 11:37 - 2016-04-12 09:38 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2017-06-17 11:36 - 2016-04-12 09:38 - 00114688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2017-06-17 11:36 - 2016-04-12 09:38 - 00109024 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2017-06-17 11:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-17 11:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
 
==================== Fichiers à la racine de certains dossiers =======
 
2016-06-24 10:29 - 2016-06-27 09:44 - 0000132 _____ () C:\Users\ZDENKA\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-09-27 17:15 - 2017-07-11 10:05 - 0000132 _____ () C:\Users\ZDENKA\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-12 13:59 - 2017-07-13 13:23 - 9850028 _____ () C:\Users\ZDENKA\AppData\Local\BTServer.log
2017-07-12 11:16 - 2017-07-12 11:16 - 0088565 _____ () C:\ProgramData\1499850866.bdinstall.bin
2016-11-18 10:28 - 2016-11-18 10:28 - 0000119 _____ () C:\ProgramData\proxy-124799.tmp
2017-02-22 10:21 - 2017-02-22 10:21 - 0000119 _____ () C:\ProgramData\proxy-161612.tmp
2017-06-28 09:27 - 2017-06-28 09:27 - 0000241 _____ () C:\ProgramData\proxy-172482.tmp
2016-08-18 09:40 - 2016-08-18 09:40 - 0000233 _____ () C:\ProgramData\proxy-172593.tmp
2017-01-25 10:21 - 2017-01-25 10:21 - 0000241 _____ () C:\ProgramData\proxy-173409.tmp
2016-09-21 09:30 - 2016-09-21 09:30 - 0000115 _____ () C:\ProgramData\proxy-173582.tmp
2017-04-21 09:08 - 2017-04-21 09:08 - 0000241 _____ () C:\ProgramData\proxy-258396.tmp
2017-02-09 10:28 - 2017-02-09 10:28 - 0000241 _____ () C:\ProgramData\proxy-260125.tmp
2017-02-10 10:33 - 2017-02-10 10:33 - 0000119 _____ () C:\ProgramData\proxy-346725.tmp
2016-11-17 09:58 - 2016-11-17 09:58 - 0000241 _____ () C:\ProgramData\proxy-38995.tmp
2017-03-07 10:26 - 2017-03-07 10:26 - 0000241 _____ () C:\ProgramData\proxy-82570.tmp
2014-03-28 12:31 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-03-28 12:31 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-03-28 12:31 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2009-07-29 08:01 - 2009-07-28 20:31 - 0000223 _____ () C:\ProgramData\SetWallpaper.cmd
2009-07-29 08:01 - 2009-07-23 03:04 - 0024576 _____ () C:\ProgramData\SetWallpaper.exe
 
Fichiers à déplacer ou supprimer:
====================
C:\ProgramData\SetWallpaper.cmd
C:\ProgramData\SetWallpaper.exe
 
 
Certains fichiers dans TEMP:
====================
2017-04-13 17:54 - 2017-04-13 17:54 - 0000000 ____D () C:\Users\ZDENKA\AppData\Local\Temp\Explorer.EXE
2017-07-13 16:27 - 2017-07-13 16:28 - 0003584 _____ () C:\Users\ZDENKA\AppData\Local\Temp\j3vjxscz.dll
2017-06-09 09:19 - 2017-06-09 09:20 - 58128344 _____ (Skype Technologies S.A.) C:\Users\ZDENKA\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
 
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
 
LastRegBack: 2017-07-12 14:14
 
==================== Fin de FRST.txt ============================
 
 
Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Exécuté par ZDENKA (17-07-2017 12:38:51)
Exécuté depuis c:\Users\ZDENKA\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-04-12 07:04:41)
Mode d'amorçage: Normal
==========================================================
 
 
==================== Comptes: =============================
 
Administrateur (S-1-5-21-3272451265-1829585603-1510885610-500 - Administrator - Disabled)
Invité (S-1-5-21-3272451265-1829585603-1510885610-501 - Limited - Disabled)
LogMeInRemoteUser (S-1-5-21-3272451265-1829585603-1510885610-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
ZDENKA (S-1-5-21-3272451265-1829585603-1510885610-1001 - Administrator - Enabled) => C:\Users\ZDENKA
 
==================== Centre de sécurité ========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Programmes installés ======================
 
(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.02.1725, 11.06.2016 - AIMP DevTeam)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{972355AE-5F5A-4858-AC0F-4E9F62E7B164}) (Version: 20.5.20117.43858 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{972355AE-5F5A-4858-AC0F-4E9F62E7B164}) (Version: 20.5.20117.43858 - Alcor Micro Corp.)
ASUS FingerPrint (HKLM-x32\...\{420350FC-88BE-49B1-9AF1-6DC11A4F0EEF}) (Version: 1.1.24 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 1.0.3 - ASUSTeK Computer Inc.)
ASUS Manager - Power Saver (HKLM-x32\...\{4858A8B4-0987-4723-844F-8506BD85501E}) (Version: 1.0.1 - ASUSTeK Computer Inc.)
ASUS Manager - USB Lock (HKLM-x32\...\{1931C916-6CB8-4E4D-8561-EA20C426AE19}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS Manager - WiFi Hotspot (HKLM-x32\...\{86D2A7CE-1E38-40A4-B990-6D66FB857069}) (Version: 1.0.2 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 1.0.5 - ASUSTeK Computer Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 3.0.14 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.68 - ICEpower a/s)
Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
Bitdefender Endpoint Security Tools (HKLM\...\Endpoint Security) (Version: 6.2.22.918 - Bitdefender)
Bomgar Jump Client 16.2.1 [assistance.nirwana.fr] [57AC49B8] (HKLM\...\Bomgar Jump Client [assistance.nirwana.fr-57AC49B8]) (Version: 16.2.1 - Bomgar)
Bomgar Jump Client 16.2.4 [assistance.nirwana.fr] [58B44737] (HKLM\...\Bomgar Jump Client [assistance.nirwana.fr-58B44737]) (Version: 16.2.4 - Bomgar)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.3.54 - Conexant)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4112 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jitsi (HKLM-x32\...\{8DA2618C-9AAF-4EAC-A5EC-D7C78250D15D}) (Version: 2.10.5550 - Jitsi)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LogMeIn (HKLM-x32\...\{A783CD32-02BD-4DF0-A0C3-C7F7EBC9D688}) (Version: 4.1.7432 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{C94C0715-4AE6-474B-BF5F-19EE93808576}) (Version: 1.3.1977 - LogMeIn, Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Meta4 ClickOnce helper Uninstall (HKU\S-1-5-21-3272451265-1829585603-1510885610-1001\...\m4clickoncehelper.exe) (Version: 1.1 - meta4)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Famille et Petite Entreprise 2016 - fr-fr (HKLM\...\HomeBusinessRetail - fr-fr) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - it-it (HKLM\...\HomeBusinessRetail - it-it) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3272451265-1829585603-1510885610-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0410-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
qBittorrent 3.3.5 (HKLM-x32\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.853.853.032615 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0256 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.46 - REALTEK Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
SDL Trados 2011 SP2 - Remove suite of products (HKLM-x32\...\TranslationStudio2011) (Version: 2.2.3001 - SDL)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.1.4224 - Synology, Inc.)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
TotalRecovery Pro (Commercial) (HKLM-x32\...\TotalRecovery) (Version: 10.0.8.1 - FarStone Inc.)
Validity Sensors PBA DDK (HKLM\...\{6BCFA58F-AB31-4BB4-8999-5603ADE3B7C4}) (Version: 4.4.210.5 - Validity Sensors, Inc.)
Veeam Endpoint Backup (HKLM\...\{A3F8904A-0B9F-4E78-ACA5-590894D38FEA}) (Version: 1.1.2.119 - Veeam Software AG)
Viber (HKLM-x32\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-3272451265-1829585603-1510885610-1001\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (01/13/2015 1.0.0.233) (HKLM\...\8335D73177E6D80E7ADC00FED2275758BD28AEFB) (Version: 01/13/2015 1.0.0.233 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.47 - ASUS)
X-Lite (HKU\S-1-5-21-3272451265-1829585603-1510885610-1001\...\X-Lite) (Version: 4.9.8.84253 - CounterPath Corporation)
 
==================== Personnalisé CLSID (Avec liste blanche): ==========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
CustomCLSID: HKU\S-1-5-21-3272451265-1829585603-1510885610-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\ZDENKA\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3272451265-1829585603-1510885610-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-3272451265-1829585603-1510885610-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3272451265-1829585603-1510885610-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3272451265-1829585603-1510885610-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3272451265-1829585603-1510885610-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3272451265-1829585603-1510885610-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\iconOverlay.dll [2017-02-24] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\iconOverlay.dll [2017-02-24] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\iconOverlay.dll [2017-02-24] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\iconOverlay.dll [2017-02-24] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\iconOverlay.dll [2017-02-24] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-04] (AVAST Software)
ContextMenuHandlers01: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2016-07-13] (AIMP DevTeam)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-04] (AVAST Software)
ContextMenuHandlers01: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2014-07-03] (Realtek Semiconductor Corporation)
ContextMenuHandlers01: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Pas de fichier
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-04] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2016-07-13] (AIMP DevTeam)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-07-14] (Intel Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-04] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Pas de fichier
ContextMenuHandlers1_S-1-5-21-3272451265-1829585603-1510885610-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\ContextMenu.dll [2017-02-24] ()
ContextMenuHandlers6_S-1-5-21-3272451265-1829585603-1510885610-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\icon-overlay\17\x64\ContextMenu.dll [2017-02-24] ()
 
==================== Tâches planifiées (Avec liste blanche) =============
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
Task: {06553D4E-B18B-44A6-8732-97BC97D210DD} - System32\Tasks\Wake => C:\Users\ZDENKA\Documents\wake.bat [2016-12-12] ()
Task: {19C5B3BA-1C16-492B-BC5E-4D962920093B} - System32\Tasks\ASUS\4D36E965-BFC1-11CE-E325-08002BE10318 => C:\Program Files (x86)\ASUS\ASUS Manager\USB Lock\svchost.exe [2015-05-28] () <==== ATTENTION
Task: {1A136BB5-4244-440A-B70B-376DC62A4184} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3272451265-1829585603-1510885610-1001
Task: {1DB3C775-BA6C-41D3-B948-D9F946BFEBE8} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2015-01-21] ()
Task: {2C196D4F-BFDF-4B98-BC35-85B75A46A7AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {3B9915C0-D456-4F83-9600-D50CBAC702CD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {55971BF6-300C-4ED5-898F-5C093D734ADE} - System32\Tasks\SafeZone scheduled Autoupdate 1499177260 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {68B7B745-8263-4907-829B-A3DE8A3BE55F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {7D91AA49-FF53-4AED-B5C4-E16DB6606307} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {7DDB7F69-716D-4E3A-BA9F-A93A2F4B6E27} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {83490A0C-36EC-42E0-A6E7-F900D08F9061} - System32\Tasks\{D79491DB-F731-4939-B3B8-DEDD40583BA0} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.29.64.102/fr/abandoninstall?page=tsBing
Task: {843D4E12-3128-41B3-B0B7-C3CDC8A38055} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {9A11461F-DBD4-4FEC-BAB7-B23035AF00E2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {BEC7EDC0-FFE3-4BE0-8F08-F6B27D65F500} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {C89315CF-7847-4D3C-82BF-27E9895109A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {CC284F34-FCC3-4ED4-9CCB-D3A917374D31} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-02-26] (ASUSTek Computer Inc.)
Task: {D377CF57-FD61-4927-A82C-90401BBED7DA} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-03-18] (AsusTek)
Task: {DC864385-22BE-49FC-9D26-B95134DD2443} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-04] (AVAST Software)
Task: {E7A4186A-45F8-48BC-B0EE-5B66EA5F6AAD} - System32\Tasks\Sleep => C:\Users\ZDENKA\Documents\sleep.bat [2016-12-12] ()
Task: {EBA54D59-477D-41A8-9B33-949F8E839D11} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2015-06-04] ()
Task: {F6A26B94-6F9C-44C5-8236-FCDF7A24B884} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2014-05-16] (ASUSTek Computer Inc.)
Task: {FDB0FBC0-384E-42E3-8411-9414CBAEFF48} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [2016-05-16] ()
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
 
 
==================== Raccourcis & WMI ========================
 
(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)
 
 
==================== Modules chargés (Avec liste blanche) ==============
 
2014-08-13 08:30 - 2014-08-13 08:30 - 00073032 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
2015-10-29 11:06 - 2015-05-28 02:52 - 00023352 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\USB Lock\svchost.exe
2015-10-29 11:06 - 2015-01-21 02:36 - 00516376 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
2015-10-29 10:38 - 2015-03-06 23:49 - 00108248 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2016-07-04 04:16 - 2016-07-04 04:16 - 00287256 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2015-10-29 11:06 - 2015-06-30 20:37 - 00210744 _____ () C:\Windows\SysWOW64\AsHookDevice.exe
2016-04-12 09:47 - 2017-07-04 09:41 - 00279608 _____ () C:\Program Files\Bitdefender\Endpoint Security\zlib.dll
2016-04-12 09:47 - 2016-09-28 12:31 - 00280576 _____ () C:\Program Files\Bitdefender\Endpoint Security\txmlutil.dll
2017-02-07 13:12 - 2017-02-07 13:12 - 01008448 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\WFEngines\wfengines_01725_004\ashttpbr.mdl
2017-02-07 13:12 - 2017-02-07 13:12 - 00541952 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\WFEngines\wfengines_01725_004\ashttpdsp.mdl
2017-02-07 13:12 - 2017-02-07 13:12 - 03654344 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\WFEngines\wfengines_01725_004\ashttpf.mdl
2017-02-07 13:12 - 2017-02-07 13:12 - 01544568 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\WFEngines\wfengines_01725_004\ashttprbl.mdl
2017-02-07 13:12 - 2017-02-07 13:12 - 01008448 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\OTEngines\otengines_02439_008\ashttpbr.mdl
2017-02-07 13:12 - 2017-02-07 13:12 - 00541952 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\OTEngines\otengines_02439_008\ashttpdsp.mdl
2017-02-07 13:12 - 2017-02-07 13:12 - 03243920 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\OTEngines\otengines_02439_008\ashttpph.mdl
2017-02-07 13:12 - 2017-02-07 13:12 - 01544568 _____ () C:\Program Files\Bitdefender\Endpoint Security\Signatures\OTEngines\otengines_02439_008\ashttprbl.mdl
2014-03-25 11:14 - 2014-03-25 11:14 - 00071024 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
2017-06-13 11:23 - 2017-06-17 11:36 - 02887160 _____ () C:\Program Files (x86)\LogMeIn\x64\ksu.dll
2017-07-04 16:00 - 2017-07-04 16:00 - 00162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-07-04 16:00 - 2017-07-04 16:00 - 00831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-07-04 16:00 - 2017-07-04 16:00 - 00276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2015-07-16 06:39 - 2015-07-14 14:23 - 00401328 _____ () C:\Windows\system32\igfxTray.exe
2017-06-27 09:46 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 09:46 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2014-03-25 11:14 - 2014-03-25 11:14 - 00088576 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\zlibwapi.dll
2015-03-26 08:47 - 2015-03-26 08:47 - 00307200 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBCmdDsp.dll
2014-12-23 08:52 - 2014-12-23 08:52 - 00065536 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FlBckpBk.dll
2015-02-26 05:18 - 2015-02-26 05:18 - 00105984 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EasyFuncs.dll
2014-12-17 03:23 - 2014-12-17 03:23 - 00223744 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskMgr.dll
2014-09-22 04:41 - 2014-09-22 04:41 - 00239104 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\diskpart.dll
2014-11-05 02:44 - 2014-11-05 02:44 - 00017408 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\VDiskConvert.dll
2015-03-26 08:46 - 2015-03-26 08:46 - 00101376 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\BootConfig.dll
2014-03-14 09:04 - 2014-03-14 09:04 - 00012288 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FSFat32.dll
2014-03-14 09:04 - 2014-03-14 09:04 - 00201216 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\NtfsLib.dll
2014-09-04 04:41 - 2014-09-04 04:41 - 00037888 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\RapidClone.dll
2014-08-20 03:23 - 2014-08-20 03:23 - 00075264 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskInterface.dll
2014-03-14 09:04 - 2014-03-14 09:04 - 00013312 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\VssNew.dll
2014-12-17 04:18 - 2014-12-17 04:18 - 00311808 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FlBckpRt.dll
2014-11-25 05:22 - 2014-11-25 05:22 - 00089088 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EfbCheckImg.dll
2014-09-11 02:42 - 2014-09-11 02:42 - 00222720 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskClone.dll
2014-09-22 04:40 - 2014-09-22 04:40 - 00194560 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EFBSearchTool.dll
2014-09-22 04:40 - 2014-09-22 04:40 - 00022528 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBEventMgr.dll
2014-05-21 05:04 - 2014-05-21 05:04 - 00018432 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FSToken.dll
2014-03-25 11:14 - 2014-03-25 11:14 - 00194048 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\NetTool.dll
2014-03-25 11:14 - 2014-03-25 11:14 - 00157552 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FtpPipeModule.dll
2017-07-04 16:00 - 2017-07-04 16:00 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-04 16:00 - 2017-07-04 16:00 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-04 16:00 - 2017-07-04 16:00 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-04 16:00 - 2017-07-04 16:00 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-04 16:00 - 2017-07-04 16:00 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-17 09:25 - 2017-07-17 09:25 - 05884160 _____ () C:\Program Files\AVAST Software\Avast\defs\17071702\algo.dll
2017-06-20 11:28 - 2017-06-20 11:28 - 01997792 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-07-13 10:09 - 2017-07-13 09:54 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-04 16:00 - 2017-07-04 16:00 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-04 16:00 - 2017-07-04 16:00 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-04 16:00 - 2017-07-04 16:02 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2015-10-29 11:06 - 2015-05-19 00:49 - 00019256 _____ () C:\Windows\SysWOW64\BTLock.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 00123918 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 01026062 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 00524460 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 00115214 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 03095505 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 01798570 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 21565192 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 03036430 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 00712704 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 00031744 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 00046080 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 00032768 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 00516608 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 00243200 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2017-02-24 10:24 - 2017-02-24 10:24 - 00431616 _____ () C:\Users\ZDENKA\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
2014-03-25 11:14 - 2014-03-25 11:14 - 00091584 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\TransferManager.dll
2014-03-25 11:14 - 2014-03-25 11:14 - 00062832 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\CommonFun.dll
2014-03-25 11:14 - 2014-03-25 11:14 - 00054712 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FTPFunModule.dll
2014-03-25 11:14 - 2014-03-25 11:14 - 00617952 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\XpIcfOpt.dll
2016-06-09 09:45 - 2017-07-06 09:46 - 01009856 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-06-09 09:53 - 2017-07-06 09:46 - 00535240 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
2014-10-02 02:48 - 2014-10-02 02:48 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2015-02-25 23:15 - 2015-02-25 23:15 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Avec liste blanche) =========
 
(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)
 
AlternateDataStreams: C:\Windows:netNLSPreferences [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\aimp_4.02.1717.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\aimp_4.02.1725.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\audacity-win-2.1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\avast_free_antivirus_setup_online_cnet2.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Firefox Setup Stub 49.0.1.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\jre-8u121-windows-i586-iftw.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Lame_v3.99.3_for_Windows.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\m4clickoncehelper.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\mb3-setup-consumer-3.0.4.1269.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\qbittorrent_3.3.5_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\SkypeSetupFull.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Synology Cloud Station Drive-4.1-4224 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Synology Cloud Station Drive-4.1-4224.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\ViberSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\vlc-2.2.3-win32.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\X-Lite_4.9.5_81136.exe:BDU [0]
 
==================== Mode sans échec (Avec liste blanche) ===================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bomgar-ps-57AC49B8-1481128281 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bomgar-ps-58B44737-1490045053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Avec liste blanche) ===============
 
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)
 
 
==================== Internet Explorer sites de confiance/sensibles ===============
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)
 
 
==================== Hosts contenu: ===============================
 
(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Autres zones ============================
 
(Actuellement, il n'y a pas de correction automatique pour cette section.)
 
HKU\S-1-5-21-3272451265-1829585603-1510885610-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ZDENKA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 89.216.1.40 - 89.216.1.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu is disabled.
 
==================== MSCONFIG/TASK MANAGER éléments désactivés ==
 
MSCONFIG\startupreg: BtServer => "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
 
==================== RèglesPare-feu (Avec liste blanche) ===============
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{58593F2F-BBA5-43BE-BD43-CB4EADCFB972}] => (Allow) C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
FirewallRules: [{F109E9B4-F958-4189-8891-AAC978D5A7E4}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Recovery.exe
FirewallRules: [{F083C477-D0DC-46D5-92BA-838984FB6550}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
FirewallRules: [{D48D2B62-F676-4FB1-BA3A-2EBCEACCD2E1}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
FirewallRules: [{549F7369-A131-4752-899A-E47C6C8BC63F}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
FirewallRules: [{886DC47A-8372-4F7F-AF8A-A1EE8D8205F3}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
FirewallRules: [{6ED4CE32-96BD-4C3E-AFC2-5B8A6FE10EFB}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe
FirewallRules: [{AA932881-E9CE-4843-8F33-8821F57FCCED}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe
FirewallRules: [{D60322E6-193B-46FB-9571-51EB2919EB80}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe
FirewallRules: [{5138BDBF-BAF8-473A-AFEC-0B878022B0F2}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe
FirewallRules: [TCP Query User{8F3815E6-56E7-4682-AD3A-4EEAC5619728}C:\program files (x86)\jitsi\jitsi.exe] => (Allow) C:\program files (x86)\jitsi\jitsi.exe
FirewallRules: [UDP Query User{3E8FA4B0-89ED-43DF-9479-FE3BA6FFA4B0}C:\program files (x86)\jitsi\jitsi.exe] => (Allow) C:\program files (x86)\jitsi\jitsi.exe
FirewallRules: [{7484EE09-EB81-4921-B3B9-B916F2166CB4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{BD81FF63-E6AD-40C1-B5A7-65F5880AF497}C:\program files (x86)\jitsi\jitsi.exe] => (Allow) C:\program files (x86)\jitsi\jitsi.exe
FirewallRules: [UDP Query User{746A710A-108E-4A62-A097-9DA76EC3B531}C:\program files (x86)\jitsi\jitsi.exe] => (Allow) C:\program files (x86)\jitsi\jitsi.exe
FirewallRules: [{AD12EDCF-3D15-4216-B51D-ABF263F4E26E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5F31B22B-0689-4121-AB2F-3B8B629CB970}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{A4C5ED6D-F98C-448F-9BDF-8D33228E089B}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{576982A2-89B4-4775-BB61-71B2C913500F}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{5144EF05-32F8-4AAA-B30D-05F616E8E768}C:\users\zdenka\appdata\local\cloudstation\cloudstation.app\bin\cloud-connect.exe] => (Allow) C:\users\zdenka\appdata\local\cloudstation\cloudstation.app\bin\cloud-connect.exe
FirewallRules: [UDP Query User{417DE0AF-F903-4CA5-86B0-95962FC6437F}C:\users\zdenka\appdata\local\cloudstation\cloudstation.app\bin\cloud-connect.exe] => (Allow) C:\users\zdenka\appdata\local\cloudstation\cloudstation.app\bin\cloud-connect.exe
FirewallRules: [TCP Query User{B86EBA99-5E00-4392-93F8-AC07A94851B2}C:\users\zdenka\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Allow) C:\users\zdenka\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe
FirewallRules: [UDP Query User{5A8A4D75-9B1B-430E-B95F-A5D657F66392}C:\users\zdenka\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Allow) C:\users\zdenka\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe
FirewallRules: [TCP Query User{6D2FECD9-CCDD-4F41-8EAA-C86C2DA07CB4}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{61FF8A32-66F5-4FB0-9069-F68D9F09BC55}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{00E1A488-534A-4667-B385-6FC1AC02877E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8ABB156E-A766-4107-A39E-39C797C952DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E8958E5-9FBD-495A-989C-33184FFC05D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{094E6A8C-8A41-42BD-9AF8-B496B1FD8285}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{99A10ABD-DC6C-4015-B2D7-0EA270CE8995}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{E57DD508-A9B8-4B5F-B5E1-0E7FDCB328DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Points de restauration =========================
 
13-07-2017 09:32:09 Windows Update
13-07-2017 16:28:41 Installed Java™ 6 Update 24
 
==================== Éléments en erreur du Gestionnaire de périphériques =============
 
 
==================== Erreurs du Journal des événements: =========================
 
Erreurs Application:
==================
Error: (07/17/2017 12:28:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante UpdateChecker.exe, version : 0.0.0.0, horodatage : 0x54dc4378
Nom du module défaillant : alvupdt.dll, version : 1.0.0.10, horodatage : 0x5510b8fc
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00016eb6
ID du processus défaillant : 0x2b98
Heure de début de l’application défaillante : 0x01d2fee738b4e40d
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Chemin d’accès du module défaillant: C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
ID de rapport : aee506f1-6ada-11e7-810c-3052cba50505
 
Error: (07/17/2017 11:31:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante UpdateChecker.exe, version : 0.0.0.0, horodatage : 0x54dc4378
Nom du module défaillant : alvupdt.dll, version : 1.0.0.10, horodatage : 0x5510b8fc
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00016eb6
ID du processus défaillant : 0x2a48
Heure de début de l’application défaillante : 0x01d2feded6630de0
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Chemin d’accès du module défaillant: C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
ID de rapport : b0fed611-6ad2-11e7-810c-3052cba50505
 
Error: (07/17/2017 10:48:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: La création du contexte d’activation a échoué pour « c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne .
Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
Les composants en conflit sont :
Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (07/17/2017 10:30:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante UpdateChecker.exe, version : 0.0.0.0, horodatage : 0x54dc4378
Nom du module défaillant : alvupdt.dll, version : 1.0.0.10, horodatage : 0x5510b8fc
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00016eb6
ID du processus défaillant : 0xaec
Heure de début de l’application défaillante : 0x01d2fed673ac0b26
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Chemin d’accès du module défaillant: C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
ID de rapport : 1f09a109-6aca-11e7-810c-3052cba50505
 
Error: (07/17/2017 10:29:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamservice.exe, version : 3.1.0.479, horodatage : 0x58f6af02
Nom du module défaillant : ntdll.dll, version : 6.1.7601.23807, horodatage : 0x5915fdce
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000048f24
ID du processus défaillant : 0x11e8
Heure de début de l’application défaillante : 0x01d2fecd7f29ab81
Chemin d’accès de l’application défaillante : C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll
ID de rapport : 00b8699a-6aca-11e7-810c-3052cba50505
 
Error: (07/17/2017 09:56:27 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problème a empêché l’envoi des données du Programme d’amélioration des services à Microsoft (erreur 80004005).
 
Error: (07/17/2017 09:45:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Audacity\audacity.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne .
Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
Les composants en conflit sont :
Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (07/17/2017 09:28:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante UpdateChecker.exe, version : 0.0.0.0, horodatage : 0x54dc4378
Nom du module défaillant : ntdll.dll, version : 6.1.7601.23807, horodatage : 0x5915f8e8
Code d’exception : 0xc0000374
Décalage d’erreur : 0x000ce8fb
ID du processus défaillant : 0x21c8
Heure de début de l’application défaillante : 0x01d2fece11224c9f
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Chemin d’accès du module défaillant: C:\Windows\SysWOW64\ntdll.dll
ID de rapport : 7c20abd3-6ac1-11e7-810c-3052cba50505
 
Error: (07/13/2017 05:26:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problème a empêché l’envoi des données du Programme d’amélioration des services à Microsoft (erreur 80004005).
 
Error: (07/13/2017 01:27:25 PM) (Source: Microsoft Office 16) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook n'a pas pu démarrer la dernière fois. Le mode sans échec permet de résoudre le problème, mais certaines fonctionnalités risquent de ne pas être disponibles sous ce mode.
 
Voulez-vous démarrer en mode sans échec ?.
Accepted Safe Mode action : Microsoft Outlook.
 
 
Erreurs système:
=============
Error: (07/17/2017 10:29:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Malwarebytes Service s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 5000 millisecondes : Redémarrer le service.
 
Error: (07/17/2017 09:36:38 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
Description: L’alerte fatale suivante a été générée : 10. L’état d’erreur interne est 10.
 
Error: (07/17/2017 09:21:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: L’arrêt système précédant à 17:55:55 le ‎13/‎07/‎2017 n’était pas prévu.
 
Error: (07/13/2017 05:33:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Bomgar Jump Client [assistance.nirwana.fr] - 1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service.
 
Error: (07/13/2017 04:34:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error: (07/13/2017 04:34:23 PM) (Source: Disk) (EventID: 11) (User: )
Description: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error: (07/13/2017 04:34:23 PM) (Source: Disk) (EventID: 11) (User: )
Description: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error: (07/13/2017 04:34:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error: (07/13/2017 04:15:51 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: La structure du système de fichiers sur le disque est endommagée et inutilisable.
Exécutez l’utilitaire chkdsk sur le volume \Device\HarddiskVolume8.
 
Error: (07/13/2017 04:15:46 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: La structure du système de fichiers sur le disque est endommagée et inutilisable.
Exécutez l’utilitaire chkdsk sur le volume \Device\HarddiskVolume8.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-31 13:22:41.295
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\bdreinit.exe car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
 
  Date: 2017-03-07 11:34:51.660
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint Security\bdreinit.exe car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
 
 
==================== Infos Mémoire =========================== 
 
Processeur: Intel® Core™ i5-5200U CPU @ 2.20GHz
Pourcentage de mémoire utilisée: 79%
Mémoire physique - RAM - totale: 3994.88 MB
Mémoire physique - RAM - disponible: 838.04 MB
Mémoire virtuelle totale: 7987.93 MB
Mémoire virtuelle disponible: 2253.11 MB
 
==================== Lecteurs ================================
 
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:66.96 GB) NTFS ==>[système avec composants d'amorçage (obtenu depuis lecteur)]
Drive d: (DATA) (Fixed) (Total:254.24 GB) (Free:230.77 GB) NTFS
Drive f: () (Removable) (Total:14.91 GB) (Free:9.81 GB) FAT32
 
==================== MBR & Table des partitions ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8572CA89)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 0052F964)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)
 
==================== Fin de Addition.txt ============================

 

 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:13 AM

Posted 19 July 2017 - 09:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

With this fix I'm proposing remove all entries that are not required and all of the entries associated with Bitdefender.
Since this is a Co. computer do it at you own risk and accept the responsibility.


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

AV: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
Bitdefender Endpoint Security Tools (HKLM\...\Endpoint Security) (Version: 6.2.22.918 - Bitdefender)
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epag.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epintegrationservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epsecurityservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epupdateservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
CHR Extension: (Avast SafePrice) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-07-05]
CHR Extension: (Avast Online Security) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-05]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
R2 epag; C:\Program Files\Bitdefender\Endpoint Security\epag.exe [3559152 2017-07-10] (Bitdefender)
R2 EPIntegrationService; C:\Program Files\Bitdefender\Endpoint Security\EPIntegrationService.exe [100392 2017-07-04] (Bitdefender)
R2 EPSecurityService; C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe [100392 2017-07-04] (Bitdefender)
R2 EPUpdateService; C:\Program Files\Bitdefender\Endpoint Security\EPUpdateService.exe [100392 2017-07-04] (Bitdefender)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1612648 2017-05-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [879600 2017-05-23] (BitDefender)
R1 Bdfwfpf; C:\Program Files\Bitdefender\Endpoint Security\bdfwfpf.sys [133088 2017-07-04] (BitDefender LLC)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [178384 2017-01-30] (BitDefender LLC)
S4 LMIRfsClientNP; pas de ImagePath
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [439576 2017-05-23] (BitDefender S.R.L.)
C:\Windows\System32\DRIVERS\trufos.sys
C:\Windows\System32\DRIVERS\avc3.sys
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys
R1 Bdfwfpf; C:\Program Files\Bitdefender\Endpoint Security\bdfwfpf.sys
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys
C:\Program Files\Bitdefender
Task: {FDB0FBC0-384E-42E3-8411-9414CBAEFF48} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [2016-05-16] ()
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Pas de fichier
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Pas de fichier
AlternateDataStreams: C:\Windows:netNLSPreferences [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\aimp_4.02.1717.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\aimp_4.02.1725.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\audacity-win-2.1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\avast_free_antivirus_setup_online_cnet2.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Firefox Setup Stub 49.0.1.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\jre-8u121-windows-i586-iftw.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Lame_v3.99.3_for_Windows.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\m4clickoncehelper.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\mb3-setup-consumer-3.0.4.1269.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\qbittorrent_3.3.5_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\SkypeSetupFull.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Synology Cloud Station Drive-4.1-4224 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Synology Cloud Station Drive-4.1-4224.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\ViberSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\vlc-2.2.3-win32.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\X-Lite_4.9.5_81136.exe:BDU [0]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bomgar-ps-57AC49B8-1481128281 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bomgar-ps-58B44737-1490045053 => ""="Service"

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

p.s.
There might be some remnant items in tbe registry that is not listed in your logs.

You can use this uninstaller if you feel it's necessary.

Please download and install Revo Uninstaller (Freeware) from here.

Run Revo Uninstaller and select XXXX
Click Uninstall icon and follow the prompts
When finished choose Scan
Delete all the highlighted Registry items
Click Next
Select all the folders and files listed by Revo
Click Delete
Reboot the computer when Revo is finished

#3 ZhiZed

ZhiZed
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 19 July 2017 - 10:26 AM

Hello, 

 

Thanks for your reply, I just ran FRST.

The only files related to BD are quarantined by FRST, for now I can't find any other problems, so I guess it worked :)

What do you suggest I do about the quarantine?

 

Thanks again

 

Here's the log:

 

Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Exécuté par ZDENKA (19-07-2017 17:00:33) Run:1
Exécuté depuis c:\Users\ZDENKA\Desktop
Profils chargés: ZDENKA (Profils disponibles: ZDENKA & LogMeInRemoteUser)
Mode d'amorçage: Normal
==============================================
 
fixlist contenu:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
AV: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
Bitdefender Endpoint Security Tools (HKLM\...\Endpoint Security) (Version: 6.2.22.918 - Bitdefender)
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epag.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epintegrationservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epsecurityservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epupdateservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
CHR Extension: (Avast SafePrice) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-07-05]
CHR Extension: (Avast Online Security) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-05]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
R2 epag; C:\Program Files\Bitdefender\Endpoint Security\epag.exe [3559152 2017-07-10] (Bitdefender)
R2 EPIntegrationService; C:\Program Files\Bitdefender\Endpoint Security\EPIntegrationService.exe [100392 2017-07-04] (Bitdefender)
R2 EPSecurityService; C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe [100392 2017-07-04] (Bitdefender)
R2 EPUpdateService; C:\Program Files\Bitdefender\Endpoint Security\EPUpdateService.exe [100392 2017-07-04] (Bitdefender)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1612648 2017-05-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [879600 2017-05-23] (BitDefender)
R1 Bdfwfpf; C:\Program Files\Bitdefender\Endpoint Security\bdfwfpf.sys [133088 2017-07-04] (BitDefender LLC)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [178384 2017-01-30] (BitDefender LLC)
S4 LMIRfsClientNP; pas de ImagePath
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [439576 2017-05-23] (BitDefender S.R.L.)
C:\Windows\System32\DRIVERS\trufos.sys
C:\Windows\System32\DRIVERS\avc3.sys
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys
R1 Bdfwfpf; C:\Program Files\Bitdefender\Endpoint Security\bdfwfpf.sys
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys
C:\Program Files\Bitdefender
Task: {FDB0FBC0-384E-42E3-8411-9414CBAEFF48} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [2016-05-16] ()
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Pas de fichier
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Pas de fichier
AlternateDataStreams: C:\Windows:netNLSPreferences [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\aimp_4.02.1717.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\aimp_4.02.1725.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\audacity-win-2.1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\avast_free_antivirus_setup_online_cnet2.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Firefox Setup Stub 49.0.1.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\jre-8u121-windows-i586-iftw.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Lame_v3.99.3_for_Windows.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\m4clickoncehelper.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\mb3-setup-consumer-3.0.4.1269.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\qbittorrent_3.3.5_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\SkypeSetupFull.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Synology Cloud Station Drive-4.1-4224 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\Synology Cloud Station Drive-4.1-4224.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\ViberSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\vlc-2.2.3-win32.exe:BDU [0]
AlternateDataStreams: C:\Users\ZDENKA\Downloads\X-Lite_4.9.5_81136.exe:BDU [0]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bomgar-ps-57AC49B8-1481128281 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bomgar-ps-58B44737-1490045053 => ""="Service"
 
End
*****************
 
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
AV: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} => supprimé(es) avec succès
AS: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} => supprimé(es) avec succès
Bitdefender Endpoint Security Tools (HKLM\...\Endpoint Security) (Version: 6.2.22.918 - Bitdefender) => Erreur: Pas de correction automatique trouvée pour cet élément.
C:\Program Files\Bitdefender\Endpoint Security\epag.exe => Impossible de fermer le processus
C:\Program Files\Bitdefender\Endpoint Security\epintegrationservice.exe => Impossible de fermer le processus
C:\Program Files\Bitdefender\Endpoint Security\epsecurityservice.exe => Impossible de fermer le processus
C:\Program Files\Bitdefender\Endpoint Security\epupdateservice.exe => Impossible de fermer le processus
C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe => Impossible de fermer le processus
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe => Aucun processus actif trouvé
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => clé supprimé(es) avec succès
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => clé supprimé(es) avec succès
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => clé supprimé(es) avec succès
CHR Extension: (Avast SafePrice) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-07-05] => Erreur: Pas de correction automatique trouvée pour cet élément.
CHR Extension: (Avast Online Security) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-05] => Erreur: Pas de correction automatique trouvée pour cet élément.
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13] => Erreur: Pas de correction automatique trouvée pour cet élément.
CHR Extension: (Chrome Media Router) - C:\Users\ZDENKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17] => Erreur: Pas de correction automatique trouvée pour cet élément.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => clé supprimé(es) avec succès
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => clé supprimé(es) avec succès
epag => Impossible d'arrêter le service.
HKLM\System\CurrentControlSet\Services\epag => clé impossible à supprimer, clé était peut-être protégé(e)
EPIntegrationService => Impossible d'arrêter le service.
HKLM\System\CurrentControlSet\Services\EPIntegrationService => clé impossible à supprimer, clé était peut-être protégé(e)
EPSecurityService => Impossible d'arrêter le service.
HKLM\System\CurrentControlSet\Services\EPSecurityService => clé impossible à supprimer, clé était peut-être protégé(e)
EPUpdateService => Impossible d'arrêter le service.
HKLM\System\CurrentControlSet\Services\EPUpdateService => clé impossible à supprimer, clé était peut-être protégé(e)
avc3 => Impossible d'arrêter le service.
HKLM\System\CurrentControlSet\Services\avc3 => clé supprimé(es) avec succès
avc3 => service supprimé(es) avec succès
avckf => Impossible d'arrêter le service.
HKLM\System\CurrentControlSet\Services\avckf => clé supprimé(es) avec succès
avckf => service supprimé(es) avec succès
Bdfwfpf => Impossible d'arrêter le service.
HKLM\System\CurrentControlSet\Services\Bdfwfpf => clé supprimé(es) avec succès
Bdfwfpf => service supprimé(es) avec succès
gzflt => Impossible d'arrêter le service.
HKLM\System\CurrentControlSet\Services\gzflt => clé impossible à supprimer, clé était peut-être protégé(e)
HKLM\System\CurrentControlSet\Services\LMIRfsClientNP => clé supprimé(es) avec succès
LMIRfsClientNP => service supprimé(es) avec succès
trufos => Service arrêté avec succès.
HKLM\System\CurrentControlSet\Services\trufos => clé impossible à supprimer, clé était peut-être protégé(e)
C:\Windows\System32\DRIVERS\trufos.sys => déplacé(es) avec succès
C:\Windows\System32\DRIVERS\avc3.sys => déplacé(es) avec succès
avckf => service non trouvé(e).
Bdfwfpf => service non trouvé(e).
gzflt => Impossible d'arrêter le service.
HKLM\System\CurrentControlSet\Services\gzflt => clé impossible à supprimer, clé était peut-être protégé(e)
 
"C:\Program Files\Bitdefender" dossier déplacer:
 
Impossible de déplacer "C:\Program Files\Bitdefender" => Planifié pour déplacement au redémarrage.
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDB0FBC0-384E-42E3-8411-9414CBAEFF48} => clé supprimé(es) avec succès
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDB0FBC0-384E-42E3-8411-9414CBAEFF48} => clé supprimé(es) avec succès
C:\Windows\System32\Tasks\BDAntiCryptoWallTask => déplacé(es) avec succès
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BDAntiCryptoWallTask => clé supprimé(es) avec succès
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => clé supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => clé non trouvé(e). 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => clé supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => clé non trouvé(e). 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => clé supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => clé non trouvé(e). 
C:\Windows => ":netNLSPreferences" ADS supprimé(es) avec succès.
C:\Windows => ":nlsPreferences" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\aimp_4.02.1717.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\aimp_4.02.1725.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\audacity-win-2.1.3.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\avast_free_antivirus_setup_online_cnet2.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\Firefox Setup Stub 49.0.1.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\jre-8u121-windows-i586-iftw.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\Lame_v3.99.3_for_Windows.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\m4clickoncehelper.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\mb3-setup-consumer-3.0.4.1269.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\qbittorrent_3.3.5_setup.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\SkypeSetupFull.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\Synology Cloud Station Drive-4.1-4224 (1).exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\Synology Cloud Station Drive-4.1-4224.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\ViberSetup.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\vlc-2.2.3-win32.exe => ":BDU" ADS supprimé(es) avec succès.
C:\Users\ZDENKA\Downloads\X-Lite_4.9.5_81136.exe => ":BDU" ADS supprimé(es) avec succès.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\bomgar-ps-57AC49B8-1481128281 => clé supprimé(es) avec succès
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\bomgar-ps-58B44737-1490045053 => clé supprimé(es) avec succès
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9269579 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 24600743487 B
Edge => 0 B
Chrome => 860223608 B
Firefox => 2293704 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 33058 B
LocalService => 0 B
NetworkService => 217396 B
ZDENKA => 213194513 B
LogMeInRemoteUser => 0 B
 
RecycleBin => 1589 B
EmptyTemp: => 23.9 GB données temporaires supprimées.
 
================================
 
Résultats du déplacement planifié des fichiers (Mode d'amorçage: Normal) (Date&Heure: 19-07-2017 17:07:35)
 
C:\Program Files\Bitdefender => a été déplacé(e) avec succès
 
Résultats de la suppression planifiée des clés après redémarrage:
 
HKLM\System\CurrentControlSet\Services\epag => clé impossible à supprimer, clé était peut-être protégé(e)
HKLM\System\CurrentControlSet\Services\EPIntegrationService => clé impossible à supprimer, clé était peut-être protégé(e)
HKLM\System\CurrentControlSet\Services\EPSecurityService => clé impossible à supprimer, clé était peut-être protégé(e)
HKLM\System\CurrentControlSet\Services\EPUpdateService => clé impossible à supprimer, clé était peut-être protégé(e)
HKLM\System\CurrentControlSet\Services\gzflt => clé impossible à supprimer, clé était peut-être protégé(e)
HKLM\System\CurrentControlSet\Services\trufos => clé impossible à supprimer, clé était peut-être protégé(e)
HKLM\System\CurrentControlSet\Services\gzflt => clé impossible à supprimer, clé était peut-être protégé(e)
 
==== Fin de Fixlog 17:07:35 ====

Edited by ZhiZed, 19 July 2017 - 10:26 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:13 AM

Posted 19 July 2017 - 10:42 AM

What do you suggest I do about the quarantine?


You can delete the files.

You can also remove the Remove disinfection tools:

Download Delfix from this site.
https://www.bleepingcomputer.com/download/delfix/

DelFix is a tool developed by Xplode, the makers of AdwCleaner, which can remove all portable virus cleaning and disinfection tools youve ever used. It will also reset the restore points of your computer systems making it even safer.

The program makes some other adjustments to your PC too which include:

Activate UAC: It activates the user account control after cleaning the log files and the unnecessary clutter in your PC.
Remove disinfection tools: Removes the tool youve ever used to disinfect your PC.
Create registry backup: The program creates a registry backup and stores it under % windir% \ ERUNT \ DelFix.
Purge system restore: Deletes all your older restore points and creates a fresh one.
Reset system settings: It resets the system settings after the removal process is completed.


Just download the program and run it on your computer system.
There is a default check-mark on feature Remove disinfection tools and you need to check other feature manually before running the program should you wish to.
Wait for a few minutes and your computer system will be free of all unnecessary files.

===

#5 ZhiZed

ZhiZed
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 19 July 2017 - 10:51 AM

Ok, done, thank you so much!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users