Jump to content

Annoying PUP: Bahaty


Recommended Posts

Hello,

First, sorry for my English, I'll do my best, but it's not my native language.
 

Now, here's my problem:

A few weeks ago, my frien gave me his usb key which was infected with bahaty. I didn't notice at the time, because I never use the shortcuts on my desk (I use the toolbar ones).

When he showed me how he detected that he was infected (properties of the shortcuts), I took a look, and realized I was too (yay).

So, I did what was logical: I lauched at least 20 scans, from Avast and MalwareBytes (both are the free version).

It then seemed to be done, the shortcut never popped on my desk. But my friend gave me his usb key once again (he got rid of the virus at the time, but his key was still infected). The shortcuts immediately popped, and I was on my way for hours of frustration.

I tried 5 or 6 different methods from other forums, and it looked like it worked each time, but I didn't know the ugly truth. There's a shortcut deep in my OS, that leads to C:\WINDOWS\system32\wscript.exe /e:VBScript.Encode D:\sony.mp3 
This file doesn't exist, and the shortcut reappears everytime it's deleted (manually, or with ADWCleaner or ZHPCleaner).

I'm a little despaired now, seen that I have a few overpriced programs with a one-use licence and I'm kind of broke.

I also have made a system picture (not sure if it is the exact term....) 6 months ago, before getting win 10 and all these expensive programs. And as I said, this virus spreads by usb (someone mentionned it did it by LAN, too... this scares me) so I'm not comfortable making a new system picture right now...

 

Can you help me ?

 

Link to post
Share on other sites

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!



Let me see those logs in your reply....

Thank you,

Kevin...
 

Link to post
Share on other sites

here is the last scan I made with Mbam (sorry it's in French) -> it says there is nothing wrong, but I keep finding bahaty manually.
I'll download the other programs and post the log when I'm done.
Thanks for your answer.

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Date de l'analyse: 06-10-15
Heure de l'analyse: 14:23
Fichier journal: 
Administrateur: Oui
 
Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.10.06.02
Base de données de rootkits: v2015.10.02.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé
 
Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Mad
 
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 451400
Temps écoulé: 41 min, 32 s
 
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
 
Processus: 0
(Aucun élément malveillant détecté)
 
Modules: 0
(Aucun élément malveillant détecté)
 
Clés du registre: 0
(Aucun élément malveillant détecté)
 
Valeurs du registre: 0
(Aucun élément malveillant détecté)
 
Données du registre: 0
(Aucun élément malveillant détecté)
 
Dossiers: 0
(Aucun élément malveillant détecté)
 
Fichiers: 0
(Aucun élément malveillant détecté)
 
Secteurs physiques: 0
(Aucun élément malveillant détecté)
 
 
(end)
Link to post
Share on other sites

here is the Addition log:
 

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version:04-10-2015
Exécuté par Mad (2015-10-06 16:27:51)
Exécuté depuis C:\Users\Mad\Downloads
Windows 10 Home (X64) (2015-08-10 04:27:18)
Mode d'amorçage: Normal
==========================================================
 
 
==================== Comptes: =============================
 
Administrateur (S-1-5-21-1355856020-451105731-2118484944-500 - Administrator - Disabled)
Autres (S-1-5-21-1355856020-451105731-2118484944-1004 - Limited - Enabled) => C:\Users\Autres
DefaultAccount (S-1-5-21-1355856020-451105731-2118484944-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1355856020-451105731-2118484944-1003 - Limited - Enabled)
Invité (S-1-5-21-1355856020-451105731-2118484944-501 - Limited - Disabled)
Mad (S-1-5-21-1355856020-451105731-2118484944-1001 - Administrator - Enabled) => C:\Users\Mad
 
==================== Centre de sécurité ========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Programmes installés ======================
 
(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)
 
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.6 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bulletstorm (HKLM-x32\...\GFWL_{45410935-3E72-472B-8C35-AB1000008200}) (Version: 1.0.0000.130 - EA)
Bulletstorm (x32 Version: 1.0.0000.130 - EA) Hidden
BulletStorm (x32 Version: 1.0.0005.130 - EA) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Centre Souris et Claviers Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Centre Souris et Claviers Microsoft (Version: 2.3.188.0 - Microsoft Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
Enregistrement utilisateur de Canon MP280 series (HKLM-x32\...\Enregistrement utilisateur de Canon MP280 series) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 fr)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Package de pilotes Windows - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
 
==================== Personnalisé CLSID (Avec liste blanche): ==========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
CustomCLSID: HKU\S-1-5-21-1355856020-451105731-2118484944-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Points de restauration =========================
 
28-09-2015 21:39:25 Programme d’installation pour les modules Windows
03-10-2015 15:04:52 Windows Update
 
==================== Hosts contenu: ===============================
 
(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Tâches planifiées (Avec liste blanche) =============
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
Task: {0171ECB7-3FDF-4757-9D4B-8263DC055B8B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {0C3CDCC9-3F5F-420F-BA6C-1FF739169073} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {11E1A95C-20AE-4B90-BECE-5300DEFEF1D2} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {12EE8400-3D33-4DBD-B2FB-F34121EC2CB6} - System32\Tasks\{A6A96DF1-78E4-4761-ACE1-74F7609081C5} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -c -maintain plugin
Task: {1472B4E8-D4C9-40D8-B471-C5B9B660BB02} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {22928771-975B-40B4-9B40-2D16250B333A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-04] (Dropbox, Inc.)
Task: {29475CF7-2AAE-47DC-8153-63C6448DB98D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {30CA50E3-EA69-456F-B4F6-CF400E0EC5FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4D130F5D-55E5-42EF-A0DA-CEDAB32151F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {4FBBC19C-9B07-4CA9-B5B4-8A04498EB773} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-07-14] (AsusTek)
Task: {635F96F3-5C47-4A24-909A-E0E052577797} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-06-19] (ASUS)
Task: {66E4CDEE-C973-4747-9A34-8780F752F725} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {6C2DBD2E-BCA2-4F6E-8E35-B2DD8221A803} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {78D76418-92A5-4C04-BA69-A16081607871} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-23] (AVAST Software)
Task: {835AC9A9-0F54-4A63-9461-6F4B0F7551AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {846547A6-AB16-4DC7-A61C-4BF2E5CB9654} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {870061F3-1C39-4DBC-B944-243A098EDD26} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {8E96F974-2A23-4924-902C-69A2BEDB4D7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-15] (Google Inc.)
Task: {94DC1854-53B2-44B7-841F-A4C5794FC114} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {95F095E4-4F35-412F-BC34-CADFBA4A4609} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A156EB01-3C50-40D7-B227-F9CFC5D27EF5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {A602DC69-AE38-44A4-B8DF-9732BCDC8468} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-15] (Google Inc.)
Task: {A8329B9C-42DA-4FA2-A3CD-183EC1D0EFA3} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {B99678CD-C160-43B3-AD10-5F9214BE25B5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {BDF3ABE1-6A24-4428-AD47-9C67A6518D2D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {C70F0346-D16B-4BBF-9CD2-F864483B0482} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
Task: {C8B8E9CE-2CB9-468E-9ECB-75612D8FE76F} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {D37AC357-57A5-4DF9-9128-6EFC6FFEBDFE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {D5EC574F-2357-437C-8AF1-47A1B94B0460} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1355856020-451105731-2118484944-1001UA => C:\Users\Mad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-26] (Facebook Inc.)
Task: {E5035638-31C1-4E17-AF72-0FB9C7077D33} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {E7DA23D2-7AA6-4F4A-A5A4-46D91DA38E95} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-04] (Dropbox, Inc.)
Task: {EBCAE9CC-F46C-4345-B150-675EBCE0BF75} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {EBE2FCF5-7C18-49E9-802D-234D4CE0A093} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {F1E5D65C-FE17-4880-9AD7-BFC8596CE268} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {F1FB961D-ECE5-4C1D-BEB0-CDF12EA7EDAD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {F31E9F65-6F7C-4205-9EF2-F4B4600E38AD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1355856020-451105731-2118484944-1001Core => C:\Users\Mad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-26] (Facebook Inc.)
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1355856020-451105731-2118484944-1001Core.job => C:\Users\Mad\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1355856020-451105731-2118484944-1001UA.job => C:\Users\Mad\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{526D098A-AD21-4EDF-B677-40059846D11A}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Modules chargés (Avec liste blanche) ==============
 
2015-08-09 23:43 - 2015-08-09 23:43 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 13:14 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2015-01-18 16:21 - 2010-04-05 21:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-10-03 12:44 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-03 12:44 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-03 12:43 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-03 12:43 - 2015-09-17 08:04 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-10-03 12:44 - 2015-09-17 07:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-03 12:43 - 2015-09-17 07:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-03 12:43 - 2015-09-17 07:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-03 12:44 - 2015-09-17 07:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:28 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2013-06-19 22:49 - 2013-06-19 22:49 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
 
==================== Alternate Data Streams (Avec liste blanche) =========
 
(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)
 
AlternateDataStreams: C:\Users\Mad\OneDrive:ms-properties
 
==================== Mode sans échec (Avec liste blanche) ===================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)
 
 
==================== EXE Association (Avec liste blanche) ===============
 
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)
 
 
==================== Internet Explorer sites de confiance/sensibles ===============
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)
 
 
==================== Autres zones ============================
 
(Actuellement, il n'y a pas de correction automatique pour cette section.)
 
HKU\S-1-5-21-1355856020-451105731-2118484944-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 109.88.203.3 - 62.197.111.140
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.
 
==================== MSCONFIG/TASK MANAGER éléments désactivés ==
 
(Actuellement, il n'y a pas de correction automatique pour cette section.)
 
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Dropbox"
 
==================== RèglesPare-feu (Avec liste blanche) ===============
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{34871059-BB80-4D31-97AB-466C51664E1C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{AF5A5CF2-96A4-47C8-8B37-2D993ACB3C8D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DD94476C-33F1-444F-A303-5565948C8947}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DDC13D1C-5AB5-40D7-A4E6-5468D0706067}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [uDP Query User{6C5534D7-9CB9-4A2D-9A7E-AB8B2A52634D}C:\users\mad\desktop\warcraft iii\war3.exe] => (Allow) C:\users\mad\desktop\warcraft iii\war3.exe
FirewallRules: [TCP Query User{D8A64138-BF7E-4DBB-A9FB-52AB919C3BE0}C:\users\mad\desktop\warcraft iii\war3.exe] => (Allow) C:\users\mad\desktop\warcraft iii\war3.exe
FirewallRules: [uDP Query User{F57A5655-858F-430E-9AAF-932E7BC2CBDB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{B7FB37DF-2D24-47C2-A495-A0A4C78D6C27}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{2A82D9E4-ED97-4293-A473-568FC29694CB}C:\users\mad\desktop\warcraft iii\war3.exe] => (Allow) C:\users\mad\desktop\warcraft iii\war3.exe
FirewallRules: [TCP Query User{4DDFFF5E-3267-4D86-81DE-562B358053D3}C:\users\mad\desktop\warcraft iii\war3.exe] => (Allow) C:\users\mad\desktop\warcraft iii\war3.exe
FirewallRules: [uDP Query User{EB5531C0-FB13-4BB2-9DA4-A91428BCD4DC}F:\warcraft iii\war3.exe] => (Allow) F:\warcraft iii\war3.exe
FirewallRules: [TCP Query User{3A9888AD-2AFE-4246-9DBF-C289668BF3EF}F:\warcraft iii\war3.exe] => (Allow) F:\warcraft iii\war3.exe
FirewallRules: [uDP Query User{947617E0-D739-4B25-87C7-C6309F714C22}C:\users\mad\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\mad\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{5903D2E0-E111-4A17-B4E3-D0F20E82E1B0}C:\users\mad\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\mad\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{E4F49831-61E7-4778-AB4D-A6F192761AE4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C4DCE08-34F4-40A6-A838-583215534B5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{227E9057-4DEE-439B-8869-72741E5FE626}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{839B28CB-ADA7-4781-8715-865EC7E58C75}] => (Allow) C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
FirewallRules: [{86A1F6A7-5E31-4D01-ADDE-CA8053D46658}] => (Allow) C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
FirewallRules: [{0A932A2E-B611-4273-B928-9D4E806C1C1B}] => (Allow) C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
FirewallRules: [{F1087B78-0DFE-4724-8726-67433FBA96A0}] => (Allow) C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
FirewallRules: [{9F482853-2271-425A-9E65-59C4FCB77784}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{299C8424-D76E-4962-9CC1-77A50D8EBBA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{558D12C7-3339-44F9-B149-5E0191B1166F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{BD7BFC75-5437-4B68-BD64-34777D463818}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{EB185F5E-3F13-4EE5-9AE3-31C63E800EB7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{89D9C45F-83C7-4384-943D-6AF6F9F6E802}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{62C3E478-C4A6-4985-9CAE-A5A6A48338B4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{40A45BAA-88B4-41A9-8FC6-63FF7123ADD0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{55917B81-3B32-489C-B549-0F01970804F2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F1AA02F2-9C63-4344-B739-329C8E084342}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869
FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900
FirewallRules: [{6DFAF6A7-F80D-4C48-9B76-9D0B376AEE43}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{4C6D7E88-EEBE-411D-9931-376536EF013A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EA59228E-A99F-4510-BC21-2E5F5D40892C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{946420A2-CEC4-438D-8421-52583D561DB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5E66CE87-79EB-424F-AB23-F90DA0069A83}] => (Allow) C:\Users\Mad\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{460AB5BD-8288-4C33-8562-8ED26A06C827}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{09CC4E1F-7CBB-45C1-AA0E-30FBBE137452}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [TCP Query User{4AE014B1-ED50-44C5-A838-98C986B347E0}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [uDP Query User{6FDEB4C5-5238-4F19-853D-13D7B164C858}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{867F3F80-4CE8-4574-AF97-431A71F8D255}C:\windows\system32\ftp.exe] => (Block) C:\windows\system32\ftp.exe
FirewallRules: [uDP Query User{BDEE9647-1DEE-460C-B9A8-470FC8D9AA02}C:\windows\system32\ftp.exe] => (Block) C:\windows\system32\ftp.exe
FirewallRules: [TCP Query User{0E2C4337-D472-4A4D-99B0-C89B49F09D47}C:\windows\system32\ftp.exe] => (Block) C:\windows\system32\ftp.exe
FirewallRules: [uDP Query User{0F7FD890-80C7-4721-B5F3-F7DDF09EDA09}C:\windows\system32\ftp.exe] => (Block) C:\windows\system32\ftp.exe
FirewallRules: [{961AB9ED-750D-4990-B132-882389484E93}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.com
FirewallRules: [{41A080C2-F626-4BC1-A0B5-32359C8EC7F9}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.exe
FirewallRules: [{B2AD75E9-E991-45F5-8CFD-206BAC684906}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.com
FirewallRules: [{3CDD8917-59AE-4620-B641-C302066543B3}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.exe
FirewallRules: [{D93998FF-F8D5-4BA9-A5CC-5308B4BB7718}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\WinWrapIDE.exe
FirewallRules: [{BF9DC476-5BED-432C-A5B6-FA7CD29DE4B9}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\WinWrapIDE.exe
FirewallRules: [TCP Query User{AB0C1A16-E7C5-4890-952B-038511A87D18}C:\program files\ibm\spss\statistics\23\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\23\stats.exe
FirewallRules: [uDP Query User{393BA8CC-1BD0-44B5-A9E7-253FFC2BC981}C:\program files\ibm\spss\statistics\23\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\23\stats.exe
FirewallRules: [{1E467824-4B95-4E2F-9980-3110BAB215D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{501CDE19-11B9-4156-90D9-D9663CA18DA4}G:\age of empires ii\age2_x1.exe] => (Block) G:\age of empires ii\age2_x1.exe
FirewallRules: [uDP Query User{6A97B7FB-E5F5-4C15-8C51-B719C2D60F63}G:\age of empires ii\age2_x1.exe] => (Block) G:\age of empires ii\age2_x1.exe
FirewallRules: [TCP Query User{38012EE8-02AC-4E49-B2E5-FAC2A82A8AD9}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [uDP Query User{55FBFE97-EA83-4042-910D-7490915FC833}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{65659465-08BB-41EB-8DAF-4363C655F038}C:\users\mad\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\mad\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [uDP Query User{2AF085E7-8B0F-408A-A3D6-DA8A19A874AF}C:\users\mad\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\mad\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{1F546730-BAB9-4BA2-AF53-8B7A5DC35573}C:\users\mad\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\mad\appdata\local\popcorn time\nw.exe
FirewallRules: [uDP Query User{04DCF978-4433-43E0-9ABC-FF59A6060486}C:\users\mad\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\mad\appdata\local\popcorn time\nw.exe
FirewallRules: [{30219295-7ABE-4F42-A582-694BE09C4AC6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Éléments en erreur du Gestionnaire de périphériques =============
 
 
==================== Erreurs du Journal des événements: =========================
 
Erreurs Application:
==================
Error: (10/06/2015 12:24:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme WWAHost.exe version 10.0.10240.16425 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.
 
ID de processus : 1edc
 
Heure de début : 01d10020d95eb912
 
Heure de fin : 4294967295
 
Chemin d'accès de l'application : C:\Windows\System32\WWAHost.exe
 
ID de rapport : 2153edd6-6c14-11e5-bed7-e03f49cf1828
 
Nom complet du package défaillant : Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe
 
ID de l'application relative au package défaillant : AppexFoodAndDrink
 
Error: (10/06/2015 12:22:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Madeleine)
Description: Échec de l’activation de l’application Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
Error: (10/06/2015 09:48:05 AM) (Source: Google Update) (EventID: 20) (User: Madeleine)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http s
 
Error: (10/06/2015 09:46:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme explorer.exe version 10.0.10240.16431 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.
 
ID de processus : f58
 
Heure de début : 01d1000add717da7
 
Heure de fin : 12660
 
Chemin d'accès de l'application : C:\Windows\explorer.exe
 
ID de rapport : 5b10c69d-6bfe-11e5-bed7-e03f49cf1828
 
Nom complet du package défaillant : 
 
ID de l'application relative au package défaillant :
 
Error: (10/06/2015 09:42:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Madeleine)
Description: Échec de l’activation de l’application Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App avec l’erreur : -2147023170 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
Error: (10/05/2015 08:49:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme SearchUI.exe version 10.0.10240.16515 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.
 
ID de processus : 12d0
 
Heure de début : 01d0ff9df49bcb8c
 
Heure de fin : 4294967295
 
Chemin d'accès de l'application : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
 
ID de rapport : bd2af771-6b91-11e5-bed6-e03f49cf1828
 
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 
ID de l'application relative au package défaillant : CortanaUI
 
Error: (10/05/2015 08:48:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Madeleine)
Description: Le package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI a été interrompu, car sa suspension a été trop longue.
 
Error: (10/05/2015 08:08:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Madeleine)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
Error: (10/05/2015 08:08:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Madeleine)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
Error: (10/05/2015 08:08:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Madeleine)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
 
Erreurs système:
=============
Error: (10/06/2015 10:58:29 AM) (Source: DCOM) (EventID: 10010) (User: AUTORITE NT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (10/06/2015 10:54:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Hôte de synchronisation_Session1.
 
Error: (10/06/2015 10:54:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Stockage des données utilisateur_Session1.
 
Error: (10/06/2015 10:54:32 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Stockage des données utilisateur_Session1, mais cette action a échoué en raison de l’erreur suivante : 
%%1056
 
Error: (10/06/2015 10:54:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Accès aux données utilisateur_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (10/06/2015 10:54:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Stockage des données utilisateur_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (10/06/2015 10:54:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Données de contacts_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (10/06/2015 10:54:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Hôte de synchronisation_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (10/06/2015 09:48:03 AM) (Source: DCOM) (EventID: 10010) (User: AUTORITE NT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (10/06/2015 09:45:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Cache de police de Windows Presentation Foundation 3.0.0.0 n’a pas pu démarrer en raison de l’erreur : 
%%1053
 
 
CodeIntegrity:
===================================
  Date: 2015-09-14 15:23:21.247
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acro Software\CutePDF Writer\CPWSave.exe that did not meet the Store signing level requirements.
 
  Date: 2015-09-14 15:21:55.584
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acro Software\CutePDF Writer\CPWSave.exe that did not meet the Store signing level requirements.
 
 
==================== Infos Mémoire =========================== 
 
Processeur: Intel® Core i3-3217U CPU @ 1.80GHz
Pourcentage de mémoire utilisée: 34%
Mémoire physique - RAM - totale: 8077.7 MB
Mémoire physique - RAM - disponible: 5256.04 MB
Mémoire virtuelle totale: 9357.7 MB
Mémoire virtuelle disponible: 6377.35 MB
 
==================== Lecteurs ================================
 
Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:41.01 GB) NTFS ==>[système avec composants d'amorçage (obtenu depuis lecture de lecteur)]
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:257.9 GB) NTFS
 
==================== MBR & Table des partitions ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A)
 
Partition: GPT.
 
==================== Fin de Addition.txt ============================
Link to post
Share on other sites

And the FRST:

 

 

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Exécuté par Mad (administrateur) sur MADELEINE (06-10-2015 16:23:36)
Exécuté depuis C:\Users\Mad\Downloads
Profils chargés: Mad (Profils disponibles: Mad & Autres)
Platform: Windows 10 Home (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
 
==================== Processus (Avec liste blanche) =================
 
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registre (Avec liste blanche) ===========================
 
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-23] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36710768 2015-10-02] (Dropbox, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKU\S-1-5-21-1355856020-451105731-2118484944-1001\...\Run: [Facebook Update] => C:\Users\Mad\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-26] (Facebook Inc.)
HKU\S-1-5-21-1355856020-451105731-2118484944-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mad\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mad\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mad\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-23] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mad\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mad\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mad\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-17] (Microsoft Corporation)
Startup: C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Astral.lnk [2015-09-15]
ShortcutTarget: Astral.lnk -> C:\Windows\System32\wscript.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1355856020-451105731-2118484944-1004\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
 
Tcpip\Parameters: [DhcpNameServer] 109.88.203.3 62.197.111.140
Tcpip\..\Interfaces\{4aa4fe7d-a325-45f9-b048-6f4d47e86b58}: [DhcpNameServer] 109.88.203.3 62.197.111.140
Tcpip\..\Interfaces\{8957d16f-d159-4380-8568-24971aacf024}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1355856020-451105731-2118484944-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1355856020-451105731-2118484944-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-31] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-31] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {80DD2229-B8E4-4C77-B72F-F22972D723EA} hxxp://www.inoculer.com/antivirus/Msie/bitdefender.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Mad\AppData\Roaming\Mozilla\Firefox\Profiles\nrbxuvbu.default-1443907928195
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-24] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1355856020-451105731-2118484944-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Self-Destructing Cookies - C:\Users\Mad\AppData\Roaming\Mozilla\Firefox\Profiles\nrbxuvbu.default-1443907928195\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-10-06]
FF Extension: Adblock Plus - C:\Users\Mad\AppData\Roaming\Mozilla\Firefox\Profiles\nrbxuvbu.default-1443907928195\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-06]
FF Extension: Pas de nom - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-11]
 
Chrome: 
=======
CHR StartupUrls: Default -> "","hxxps://www.facebook.com/","hxxps://mail.live.com/?id=64855","hxxp://www.google.be/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => Pas de fichier
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => Pas de fichier
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => Pas de fichier
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => Pas de fichier
CHR Plugin: (Java Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => Pas de fichier
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Mad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => Pas de fichier
CHR Profile: C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-21]
CHR Extension: (Google Drive) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Recherche Google) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Block site) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-04-26]
CHR Extension: (Google Docs hors connexion) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Vanilla Cookie Manager) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj [2015-10-06]
CHR Extension: (AdBlock) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-13]
CHR Extension: (Aperture Science Network Interface (Blue)) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddpjgadbhnefiopiagpjbocgbhbjngc [2015-10-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Ghostery) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-11-23]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Gmail) - C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Avec liste blanche) ========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Fichier non signé]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-23] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-04] (Dropbox, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Pilotes (Avec liste blanche) ==========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [62848 2014-08-21] (Advanced Card Systems Ltd.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-23] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-14] (ASUS Corporation)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek                                            )
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-25] () [Fichier non signé]
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Avec liste blanche) ===================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
 
==================== Un mois - Créés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2015-10-06 16:23 - 2015-10-06 16:25 - 00028053 _____ C:\Users\Mad\Downloads\FRST.txt
2015-10-06 16:23 - 2015-10-06 16:23 - 02193920 _____ (Farbar) C:\Users\Mad\Desktop\FRST64.exe
2015-10-06 16:23 - 2015-10-06 16:23 - 00000000 ____D C:\FRST
2015-10-06 15:46 - 2015-10-06 15:46 - 00016148 _____ C:\WINDOWS\system32\MADELEINE_Mad_HistoryPrediction.bin
2015-10-06 15:17 - 2015-10-06 15:46 - 00002380 _____ C:\Users\Mad\Desktop\Google Chrome.lnk
2015-10-06 15:17 - 2015-10-06 15:17 - 00002127 _____ C:\Users\Mad\Desktop\Internet Explorer.lnk
2015-10-06 15:17 - 2015-10-06 15:17 - 00002098 _____ C:\Users\Mad\Desktop\Mozilla Firefox.lnk
2015-10-06 15:06 - 2015-10-06 15:06 - 00002015 _____ C:\Users\Mad\Desktop\ZHPCleaner.txt
2015-10-06 14:00 - 2015-10-06 14:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-05 20:22 - 2015-10-06 15:06 - 00000000 ____D C:\Users\Mad\AppData\Roaming\ZHP
2015-10-05 20:22 - 2015-10-06 14:58 - 00000916 _____ C:\Users\Mad\Desktop\ZHPCleaner.lnk
2015-10-05 20:22 - 2015-10-05 20:22 - 01968128 _____ C:\Users\Mad\Downloads\ZHPCleaner.exe
2015-10-05 20:12 - 2015-10-05 20:12 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipcoin82.dll
2015-10-05 19:37 - 2015-10-05 19:37 - 00000282 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{526D098A-AD21-4EDF-B677-40059846D11A}.job
2015-10-05 19:35 - 2015-10-05 19:35 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-03 22:03 - 2015-09-15 18:12 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-03 22:03 - 2015-09-15 18:12 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-03 12:45 - 2015-09-17 08:12 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-03 12:45 - 2015-09-17 08:07 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-03 12:45 - 2015-09-17 08:00 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-03 12:45 - 2015-09-17 07:51 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-03 12:45 - 2015-09-17 07:37 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-03 12:44 - 2015-09-25 01:17 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-03 12:44 - 2015-09-25 01:08 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-03 12:44 - 2015-09-25 01:06 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-03 12:44 - 2015-09-25 00:42 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-03 12:44 - 2015-09-17 08:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-03 12:44 - 2015-09-17 08:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-03 12:44 - 2015-09-17 08:49 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-03 12:44 - 2015-09-17 08:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-03 12:44 - 2015-09-17 08:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-03 12:44 - 2015-09-17 08:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-03 12:44 - 2015-09-17 08:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-03 12:44 - 2015-09-17 08:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-03 12:44 - 2015-09-17 08:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-03 12:44 - 2015-09-17 08:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-03 12:44 - 2015-09-17 08:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-03 12:44 - 2015-09-17 08:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-03 12:44 - 2015-09-17 08:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-03 12:44 - 2015-09-17 08:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-03 12:44 - 2015-09-17 08:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-03 12:44 - 2015-09-17 08:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-03 12:44 - 2015-09-17 08:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-03 12:44 - 2015-09-17 08:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-03 12:44 - 2015-09-17 08:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-03 12:44 - 2015-09-17 08:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-03 12:44 - 2015-09-17 08:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-03 12:44 - 2015-09-17 08:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-03 12:44 - 2015-09-17 08:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-03 12:44 - 2015-09-17 08:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-03 12:44 - 2015-09-17 08:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-03 12:44 - 2015-09-17 08:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-03 12:44 - 2015-09-17 08:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-03 12:44 - 2015-09-17 08:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-03 12:44 - 2015-09-17 08:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-03 12:44 - 2015-09-17 08:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-03 12:44 - 2015-09-17 08:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-03 12:44 - 2015-09-17 08:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-03 12:44 - 2015-09-17 08:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-03 12:44 - 2015-09-17 08:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-03 12:44 - 2015-09-17 08:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-03 12:44 - 2015-09-17 08:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-03 12:44 - 2015-09-17 08:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-03 12:44 - 2015-09-17 07:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-03 12:44 - 2015-09-17 07:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-03 12:44 - 2015-09-17 07:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-03 12:44 - 2015-09-17 07:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-03 12:44 - 2015-09-17 07:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-03 12:44 - 2015-09-17 07:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-03 12:44 - 2015-09-17 07:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-03 12:44 - 2015-09-17 07:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-03 12:44 - 2015-09-17 07:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-03 12:44 - 2015-09-17 07:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-03 12:44 - 2015-09-17 07:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-03 12:44 - 2015-09-17 07:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-03 12:44 - 2015-09-17 07:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-03 12:44 - 2015-09-17 07:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-03 12:44 - 2015-09-17 07:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-03 12:44 - 2015-09-17 07:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-03 12:44 - 2015-09-17 07:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-03 12:44 - 2015-09-17 07:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-03 12:44 - 2015-09-17 07:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-03 12:44 - 2015-09-17 07:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-03 12:44 - 2015-09-17 07:47 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-03 12:44 - 2015-09-17 07:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-03 12:44 - 2015-09-17 07:45 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-03 12:44 - 2015-09-17 07:45 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-03 12:44 - 2015-09-17 07:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-03 12:44 - 2015-09-17 07:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-03 12:44 - 2015-09-17 07:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-03 12:44 - 2015-09-17 07:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-03 12:44 - 2015-09-17 07:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-03 12:44 - 2015-09-17 07:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-03 12:44 - 2015-09-17 07:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-03 12:44 - 2015-09-17 07:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-03 12:44 - 2015-09-17 07:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-03 12:44 - 2015-09-17 07:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-03 12:44 - 2015-09-17 07:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-03 12:44 - 2015-09-17 07:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-03 12:44 - 2015-09-17 07:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-03 12:44 - 2015-09-17 07:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-03 12:44 - 2015-09-17 07:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-03 12:44 - 2015-09-17 07:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-03 12:44 - 2015-09-17 07:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-03 12:44 - 2015-09-17 07:32 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-03 12:44 - 2015-09-17 07:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-03 12:44 - 2015-09-17 07:31 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-03 12:44 - 2015-09-17 07:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-03 12:44 - 2015-09-17 07:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-03 12:44 - 2015-09-17 07:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-03 12:44 - 2015-09-17 07:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-03 12:44 - 2015-09-13 04:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-03 12:44 - 2015-09-13 03:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-03 12:43 - 2015-09-25 02:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-03 12:43 - 2015-09-25 02:34 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-03 12:43 - 2015-09-25 02:13 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-03 12:43 - 2015-09-25 01:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-03 12:43 - 2015-09-25 01:34 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-03 12:43 - 2015-09-25 01:24 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-03 12:43 - 2015-09-25 01:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-03 12:43 - 2015-09-25 01:23 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-03 12:43 - 2015-09-25 01:07 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-03 12:43 - 2015-09-25 01:05 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-03 12:43 - 2015-09-25 01:01 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-03 12:43 - 2015-09-25 01:01 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-03 12:43 - 2015-09-25 01:00 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-03 12:43 - 2015-09-25 01:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-03 12:43 - 2015-09-25 01:00 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-03 12:43 - 2015-09-25 01:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-03 12:43 - 2015-09-25 00:53 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-03 12:43 - 2015-09-25 00:43 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-03 12:43 - 2015-09-25 00:43 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-03 12:43 - 2015-09-25 00:25 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-03 12:43 - 2015-09-25 00:25 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-03 12:43 - 2015-09-25 00:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-03 12:43 - 2015-09-25 00:25 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-03 12:43 - 2015-09-25 00:25 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-03 12:43 - 2015-09-25 00:24 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-03 12:43 - 2015-09-25 00:19 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-03 12:43 - 2015-09-19 07:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-03 12:43 - 2015-09-17 08:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-03 12:43 - 2015-09-17 08:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-03 12:43 - 2015-09-17 08:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-03 12:43 - 2015-09-17 08:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-03 12:43 - 2015-09-17 08:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-03 12:43 - 2015-09-17 08:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-03 12:43 - 2015-09-17 08:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-03 12:43 - 2015-09-17 08:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-03 12:43 - 2015-09-17 08:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-03 12:43 - 2015-09-17 08:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-03 12:43 - 2015-09-17 08:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-03 12:43 - 2015-09-17 08:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-03 12:43 - 2015-09-17 08:39 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-03 12:43 - 2015-09-17 08:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-03 12:43 - 2015-09-17 08:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-03 12:43 - 2015-09-17 08:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-03 12:43 - 2015-09-17 08:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-03 12:43 - 2015-09-17 08:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-03 12:43 - 2015-09-17 08:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-03 12:43 - 2015-09-17 08:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-03 12:43 - 2015-09-17 08:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-03 12:43 - 2015-09-17 08:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-03 12:43 - 2015-09-17 08:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-03 12:43 - 2015-09-17 08:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-03 12:43 - 2015-09-17 08:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-03 12:43 - 2015-09-17 08:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-03 12:43 - 2015-09-17 08:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-03 12:43 - 2015-09-17 08:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-03 12:43 - 2015-09-17 08:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-03 12:43 - 2015-09-17 08:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-03 12:43 - 2015-09-17 08:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-03 12:43 - 2015-09-17 08:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-03 12:43 - 2015-09-17 08:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-03 12:43 - 2015-09-17 08:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-03 12:43 - 2015-09-17 08:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-03 12:43 - 2015-09-17 08:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-03 12:43 - 2015-09-17 08:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-03 12:43 - 2015-09-17 08:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-03 12:43 - 2015-09-17 08:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-03 12:43 - 2015-09-17 08:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-03 12:43 - 2015-09-17 07:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-03 12:43 - 2015-09-17 07:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-03 12:43 - 2015-09-17 07:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-03 12:43 - 2015-09-17 07:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-03 12:43 - 2015-09-17 07:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-03 12:43 - 2015-09-17 07:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-03 12:43 - 2015-09-17 07:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-03 12:43 - 2015-09-17 07:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-03 12:43 - 2015-09-17 07:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-03 12:43 - 2015-09-17 07:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-03 12:43 - 2015-09-17 07:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-03 12:43 - 2015-09-17 07:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-03 12:43 - 2015-09-17 07:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-03 12:43 - 2015-09-17 07:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-03 12:43 - 2015-09-17 07:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-03 12:43 - 2015-09-17 07:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-03 12:43 - 2015-09-17 07:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-03 12:43 - 2015-09-17 07:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-03 12:43 - 2015-09-17 07:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-03 12:43 - 2015-09-17 07:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-03 12:43 - 2015-09-17 07:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-03 12:43 - 2015-09-17 07:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-03 12:43 - 2015-09-17 07:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-03 12:43 - 2015-09-17 07:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-03 12:43 - 2015-09-17 07:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-03 12:43 - 2015-09-17 07:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-03 12:43 - 2015-09-17 07:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-03 12:43 - 2015-09-17 07:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-03 12:43 - 2015-09-17 07:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-03 12:43 - 2015-09-17 07:49 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-03 12:43 - 2015-09-17 07:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-03 12:43 - 2015-09-17 07:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-03 12:43 - 2015-09-17 07:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-03 12:43 - 2015-09-17 07:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-03 12:43 - 2015-09-17 07:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-03 12:43 - 2015-09-17 07:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-03 12:43 - 2015-09-17 07:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-03 12:43 - 2015-09-17 07:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-03 12:43 - 2015-09-17 07:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-03 12:43 - 2015-09-17 07:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-03 12:43 - 2015-09-17 07:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-03 12:43 - 2015-09-17 07:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-03 12:43 - 2015-09-17 07:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-03 12:43 - 2015-09-17 07:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-03 12:43 - 2015-09-17 07:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-03 12:43 - 2015-09-17 07:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-03 12:43 - 2015-09-17 07:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-03 12:43 - 2015-09-17 07:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-03 12:43 - 2015-09-17 07:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-03 12:43 - 2015-09-17 07:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-03 12:43 - 2015-09-17 07:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-03 12:43 - 2015-09-17 07:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-03 12:43 - 2015-09-17 07:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-03 12:43 - 2015-09-17 07:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-03 12:43 - 2015-09-17 07:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-03 12:43 - 2015-09-17 07:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-03 12:43 - 2015-09-17 07:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-03 12:43 - 2015-09-17 07:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-03 12:43 - 2015-09-17 07:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-03 12:43 - 2015-09-17 07:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-03 12:43 - 2015-09-17 07:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-03 12:43 - 2015-09-17 07:33 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-03 12:43 - 2015-09-17 07:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-03 12:43 - 2015-09-17 07:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-03 12:43 - 2015-09-17 07:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-03 12:43 - 2015-09-17 07:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-03 12:43 - 2015-09-17 07:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-03 12:43 - 2015-09-17 07:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-03 12:43 - 2015-09-17 07:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-03 12:00 - 2015-10-03 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-29 15:31 - 2015-09-29 15:31 - 01933348 _____ C:\Users\Mad\Downloads\Atelier_1_-_cabinet_de_consultance_version_septembre.pptx
2015-09-28 22:22 - 2015-09-28 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-28 22:22 - 2015-09-28 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-28 22:22 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-28 22:22 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-28 22:22 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-28 21:37 - 2001-08-25 23:13 - 00011616 ____R C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2015-09-26 17:25 - 2015-09-26 17:45 - 00001084 _____ C:\Users\Mad\Downloads\stress_religion_0.sav
2015-09-26 16:57 - 2015-09-26 17:19 - 00001715 _____ C:\Users\Mad\Downloads\activite_rat.sav
2015-09-26 16:06 - 2015-09-26 16:06 - 00010832 _____ C:\Users\Mad\Downloads\etpuis.xlsx
2015-09-26 15:04 - 2015-09-26 15:04 - 00009825 _____ C:\Users\Mad\Downloads\additions.xlsx
2015-09-23 15:54 - 2015-09-23 15:54 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-23 15:54 - 2015-09-23 15:54 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-22 18:40 - 2015-09-29 22:37 - 00000000 ____D C:\Users\Mad\Desktop\à imprimer
2015-09-22 18:39 - 2015-09-22 18:39 - 00000000 ____D C:\Users\Mad\Documents\Enregistrements audio
2015-09-22 17:19 - 2015-09-22 17:20 - 18910676 _____ C:\Users\Mad\Downloads\CommunityShowcaseDramaticSkies3.themepack
2015-09-22 16:00 - 2015-09-22 20:17 - 00000000 ____D C:\Users\Mad\Documents\IBM
2015-09-22 15:56 - 2015-09-22 15:56 - 00008685 _____ C:\Users\Mad\Downloads\qualite_travail_0.xlsx
2015-09-22 15:54 - 2015-09-26 16:18 - 00000000 ____D C:\Users\Mad\.spss
2015-09-22 15:54 - 2015-09-22 15:54 - 00000000 ____D C:\Users\Mad\AppData\Roaming\SPSSInc
2015-09-22 15:53 - 2015-09-22 15:53 - 00000000 ____D C:\Users\Mad\AppData\Local\javasharedresources
2015-09-22 15:42 - 2015-09-22 15:42 - 00000000 ____D C:\Users\Mad\AppData\Local\IBM
2015-09-22 15:42 - 2015-09-22 15:42 - 00000000 ____D C:\ProgramData\SPSS
2015-09-22 15:42 - 2015-09-22 15:42 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2015-09-22 15:42 - 2015-09-22 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2015-09-22 15:42 - 2015-09-22 15:42 - 00000000 ____D C:\ProgramData\IBM
2015-09-22 15:41 - 2015-09-22 15:41 - 00000000 ____D C:\Program Files\Common Files\IBM
2015-09-22 15:39 - 2015-09-22 15:39 - 00001025 _____ C:\WINDOWS\SysWOW64\sysprs7.tgz
2015-09-22 15:39 - 2015-09-22 15:39 - 00001025 _____ C:\WINDOWS\SysWOW64\sysprs7.dll
2015-09-22 15:39 - 2015-09-22 15:39 - 00000219 _____ C:\WINDOWS\SysWOW64\lsprst7.tgz
2015-09-22 15:39 - 2015-09-22 15:39 - 00000205 _____ C:\WINDOWS\SysWOW64\lsprst7.dll
2015-09-22 15:39 - 2015-09-22 15:39 - 00000016 ____H C:\WINDOWS\SysWOW64\servdat.slm
2015-09-22 15:39 - 2015-09-22 15:39 - 00000000 ____D C:\Program Files\IBM
2015-09-22 15:11 - 2015-09-22 15:34 - 767714581 _____ C:\Users\Mad\Downloads\SPSSSC_64-BIT_23.0_MW_ML.zip
2015-09-22 14:10 - 2015-09-28 22:20 - 00000000 ____D C:\Users\Mad\Desktop\games
2015-09-22 11:37 - 2015-09-22 11:41 - 00000022 _____ C:\Users\Mad\Downloads\iCampus.LPSP1208.LPSP1208_Neuropsycho_NOTES.zip
2015-09-21 10:40 - 2015-09-21 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-17 15:10 - 2015-09-17 15:15 - 74080924 _____ C:\Users\Mad\Downloads\iCampus.LPSP1208.complete.zip
2015-09-14 15:26 - 2015-09-22 10:11 - 00000000 ____D C:\Users\Mad\Desktop\alloc
2015-09-14 15:06 - 2015-09-14 15:06 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2015-09-14 15:06 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BUL.dll
2015-09-14 15:06 - 2012-11-26 12:24 - 00095744 _____ C:\WINDOWS\SysWOW64\CNC1771D.TBL
2015-09-14 15:06 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2015-09-14 15:01 - 2015-09-14 15:01 - 00000000 ____D C:\WINDOWS\system32\STRING
2015-09-14 15:01 - 2013-01-24 16:24 - 00359936 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2015-09-14 15:01 - 2013-01-24 16:24 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2015-09-14 15:01 - 2013-01-24 16:23 - 00366592 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2015-09-14 15:00 - 2015-09-14 15:01 - 00000000 ___HD C:\Program Files\CanonBJ
2015-09-14 15:00 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBU.DLL
2015-09-14 14:59 - 2015-09-14 15:00 - 27110984 _____ C:\Users\Mad\Downloads\mp68-win-mg5500-1_02-ea32_2.exe
2015-09-10 20:57 - 2015-09-10 20:57 - 00000000 ____D C:\Users\Mad\AppData\Roaming\.madgarden
2015-09-09 14:06 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 14:06 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 14:06 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 14:06 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 14:06 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 14:06 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 14:06 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 14:06 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 14:06 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 14:06 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 14:06 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 14:06 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 14:06 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 14:06 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 14:06 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 14:06 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 14:06 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 14:06 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 14:06 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 14:06 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 14:06 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 14:06 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 14:06 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 14:06 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
 
==================== Un mois - Modifiés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2015-10-06 16:18 - 2015-05-30 23:14 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-06 15:49 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-06 15:49 - 2015-07-01 16:03 - 00001200 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-06 15:48 - 2015-07-01 16:03 - 00001196 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-06 15:48 - 2014-05-26 18:43 - 00000940 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1355856020-451105731-2118484944-1001UA.job
2015-10-06 14:26 - 2015-02-15 16:55 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-06 14:02 - 2014-05-24 14:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-06 12:06 - 2015-05-14 12:01 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-10-06 12:06 - 2015-05-14 12:01 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-10-06 11:56 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-06 10:57 - 2014-05-21 23:38 - 00000074 _____ C:\Users\Mad\AppData\Roaming\sp_data.sys
2015-10-06 10:55 - 2015-08-10 07:33 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-10-06 09:43 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-06 09:43 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-05 20:50 - 2015-08-09 23:24 - 01839260 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-05 20:50 - 2015-07-10 18:24 - 00821020 _____ C:\WINDOWS\system32\perfh00C.dat
2015-10-05 20:50 - 2015-07-10 18:24 - 00154350 _____ C:\WINDOWS\system32\perfc00C.dat
2015-10-05 19:31 - 2015-05-11 16:00 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-05 19:13 - 2014-09-24 11:51 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{526D098A-AD21-4EDF-B677-40059846D11A}
2015-10-05 10:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-03 22:31 - 2014-05-21 17:16 - 00000000 ____D C:\Users\Mad\AppData\Roaming\Skype
2015-10-03 22:30 - 2014-05-21 17:16 - 00000000 ____D C:\ProgramData\Skype
2015-10-03 22:02 - 2015-08-09 22:51 - 00120166 _____ C:\WINDOWS\PFRO.log
2015-10-03 21:59 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-03 21:59 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-03 21:59 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-03 21:59 - 2015-07-10 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-03 21:59 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-03 21:59 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-03 21:59 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-03 21:59 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-03 21:59 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-03 15:07 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-03 13:11 - 2014-09-28 16:11 - 00091584 _____ C:\Users\Mad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-03 13:07 - 2014-09-18 09:36 - 00000000 ____D C:\Users\Mad\Desktop\Cours
2015-10-03 12:00 - 2015-07-01 16:03 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-02 17:11 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-30 19:27 - 2015-02-11 19:20 - 00000000 ____D C:\Users\Mad\Downloads\programmes
2015-09-30 18:48 - 2014-05-26 18:43 - 00000918 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1355856020-451105731-2118484944-1001Core.job
2015-09-29 22:37 - 2014-06-19 21:21 - 00000000 ___RD C:\Users\Mad\Desktop\m'en fous dans l'absolu
2015-09-29 21:46 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-28 22:17 - 2015-08-09 23:01 - 00000000 ____D C:\Users\Mad
2015-09-28 22:16 - 2014-11-19 22:33 - 00000000 ____D C:\Program Files (x86)\Acro Software
2015-09-28 22:07 - 2015-07-10 14:20 - 00345576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-28 21:40 - 2015-07-10 12:59 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-09-28 21:40 - 2015-07-10 12:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-09-28 21:40 - 2015-07-10 12:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-09-28 21:40 - 2015-07-10 12:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2015-09-28 21:40 - 2015-07-10 12:59 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2015-09-28 21:32 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-09-27 21:01 - 2014-12-24 12:08 - 00000000 ____D C:\Users\Mad\Desktop\de tout
2015-09-23 15:54 - 2015-05-11 15:59 - 00448968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-23 15:54 - 2015-05-11 15:59 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-23 15:54 - 2015-05-11 15:59 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-09-23 15:54 - 2015-05-11 15:59 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-09-23 15:54 - 2015-05-11 15:59 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-23 15:54 - 2015-05-11 15:59 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-09-23 15:54 - 2015-05-11 15:59 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-23 15:53 - 2015-05-11 15:59 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-22 21:58 - 2014-08-13 17:48 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-22 20:15 - 2015-07-10 14:20 - 00019752 _____ C:\WINDOWS\setupact.log
2015-09-22 18:50 - 2014-11-19 22:41 - 00000000 ____D C:\Users\Mad\AppData\Local\CutePDF Writer
2015-09-21 10:40 - 2014-05-21 17:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-19 12:36 - 2015-08-10 06:27 - 00000000 ____D C:\Users\Mad\AppData\Local\Comms
2015-09-18 14:21 - 2015-02-15 16:55 - 00004154 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-18 14:21 - 2015-02-15 16:55 - 00003922 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-18 14:21 - 2015-02-15 16:55 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-18 11:50 - 2014-05-21 23:37 - 00000000 ____D C:\Users\Mad\AppData\Local\Packages
2015-09-17 15:10 - 2015-08-10 06:46 - 00002415 _____ C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-17 15:10 - 2014-08-11 01:40 - 00000000 __RDO C:\Users\Mad\OneDrive
2015-09-17 03:31 - 2015-07-10 18:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-14 15:06 - 2015-07-10 13:04 - 00000000 __RSD C:\WINDOWS\Media
2015-09-14 15:06 - 2015-01-18 16:21 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-09-14 15:06 - 2015-01-18 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-09-14 15:06 - 2015-01-18 16:14 - 00000000 ____D C:\Program Files (x86)\Canon
2015-09-14 09:02 - 2014-05-21 23:58 - 00000000 ____D C:\Users\Mad\AppData\Local\Google
2015-09-11 12:55 - 2015-08-09 23:45 - 00000000 ____D C:\Windows.old
2015-09-10 09:00 - 2014-05-25 15:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 08:57 - 2014-05-24 10:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-06 20:11 - 2015-06-17 20:54 - 00013920 _____ C:\Users\Mad\Desktop\Comptes.xlsx
 
==================== Fichiers à la racine de certains dossiers =======
 
2014-05-21 23:38 - 2015-10-06 10:57 - 0000074 _____ () C:\Users\Mad\AppData\Roaming\sp_data.sys
2015-08-09 22:57 - 2015-08-09 22:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Fichiers à déplacer ou supprimer:
====================
C:\ProgramData\SetStretch.VBS
 
 
Certains fichiers dans TEMP:
====================
C:\Users\Mad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv_2cvv.dll
C:\Users\Mad\AppData\Local\Temp\EBU6F60.EXE
C:\Users\Mad\AppData\Local\Temp\EBU72BB.DLL
C:\Users\Mad\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Mad\AppData\Local\Temp\sqlite3.dll
C:\Users\Mad\AppData\Local\Temp\update.exe
 
 
==================== Bamital & volsnap =================
 
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
 
C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
 
 
LastRegBack: 2015-10-03 15:04
 
==================== Fin de FRST.txt ============================
Link to post
Share on other sites

And here's the RogueKiller report:

 

 

thank you 

Mad

 

 

RogueKiller V10.10.9.0 [Oct  5 2015] by Adlice Software
 
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Mad [Administrator]
Started from : C:\Users\Mad\Downloads\RogueKiller.exe
Mode : Scan -- Date : 10/06/2015 16:47:53
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1355856020-451105731-2118484944-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1355856020-451105731-2118484944-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1355856020-451105731-2118484944-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1355856020-451105731-2118484944-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1355856020-451105731-2118484944-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1355856020-451105731-2118484944-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E680 +++++
--- User ---
[MBR] 27e1843659451c18b582d4bcf7e5786c
[bSP] 9cb9bd99896f179553067dcea5b1f913 : Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2312192 | Size: 190326 MB
4 - [sYSTEM][MAN-MOUNT]  | Offset (sectors): 392099840 | Size: 450 MB
5 - Basic data partition | Offset (sectors): 393021440 | Size: 264545 MB
6 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 934809600 | Size: 20490 MB
User = LL1 ... OK
User = LL2 ... OK
Link to post
Share on other sites

Continue as follows please:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

Let me see those logs in your reply, also give an update on any remaining issues or concerns....

 

One other point, you may want to install "McShield" this will stop infections migrating via USB devices.....

 

You can d/l from here: http://www.mcshield.net

 

Thank you,

 

Kevin
 

 

Fixlist.txt

Link to post
Share on other sites

Here is the Fixlog file




Résultats de correction de Farbar Recovery Scan Tool (x64) Version:04-10-2015

Exécuté par Mad (2015-10-07 14:36:59) Run:1
Exécuté depuis C:\Users\Mad\Desktop\antivirus
Profils chargés: Mad (Profils disponibles: Mad & Autres)
Mode d'amorçage: Normal
==============================================
 
fixlist contenu:
*****************
Start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1355856020-451105731-2118484944-1004\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
C:\ProgramData\SetStretch.VBS
C:\Users\Mad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv_2cvv.dll
C:\Users\Mad\AppData\Local\Temp\EBU6F60.EXE
C:\Users\Mad\AppData\Local\Temp\EBU72BB.DLL
C:\Users\Mad\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Mad\AppData\Local\Temp\sqlite3.dll
C:\Users\Mad\AppData\Local\Temp\update.exe
Task: {0171ECB7-3FDF-4757-9D4B-8263DC055B8B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {0C3CDCC9-3F5F-420F-BA6C-1FF739169073} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {4D130F5D-55E5-42EF-A0DA-CEDAB32151F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {66E4CDEE-C973-4747-9A34-8780F752F725} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {6C2DBD2E-BCA2-4F6E-8E35-B2DD8221A803} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {846547A6-AB16-4DC7-A61C-4BF2E5CB9654} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {A156EB01-3C50-40D7-B227-F9CFC5D27EF5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {C70F0346-D16B-4BBF-9CD2-F864483B0482} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
Task: {EBE2FCF5-7C18-49E9-802D-234D4CE0A093} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {F1FB961D-ECE5-4C1D-BEB0-CDF12EA7EDAD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Emptytemp:
Reboot:
End
*****************
 
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
C:\WINDOWS\system32\GroupPolicy\Machine => déplacé(es) avec succès
C:\WINDOWS\system32\GroupPolicy\GPT.ini => déplacé(es) avec succès
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1355856020-451105731-2118484944-1004\User => déplacé(es) avec succès
"HKLM\SOFTWARE\Policies\Google" => clé supprimé(es) avec succès
C:\ProgramData\SetStretch.VBS => déplacé(es) avec succès
C:\Users\Mad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv_2cvv.dll => déplacé(es) avec succès
C:\Users\Mad\AppData\Local\Temp\EBU6F60.EXE => déplacé(es) avec succès
C:\Users\Mad\AppData\Local\Temp\EBU72BB.DLL => déplacé(es) avec succès
C:\Users\Mad\AppData\Local\Temp\jre-8u60-windows-au.exe => déplacé(es) avec succès
C:\Users\Mad\AppData\Local\Temp\sqlite3.dll => déplacé(es) avec succès
C:\Users\Mad\AppData\Local\Temp\update.exe => déplacé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0171ECB7-3FDF-4757-9D4B-8263DC055B8B}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0171ECB7-3FDF-4757-9D4B-8263DC055B8B}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3CDCC9-3F5F-420F-BA6C-1FF739169073}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3CDCC9-3F5F-420F-BA6C-1FF739169073}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D130F5D-55E5-42EF-A0DA-CEDAB32151F1}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D130F5D-55E5-42EF-A0DA-CEDAB32151F1}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66E4CDEE-C973-4747-9A34-8780F752F725}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66E4CDEE-C973-4747-9A34-8780F752F725}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C2DBD2E-BCA2-4F6E-8E35-B2DD8221A803}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C2DBD2E-BCA2-4F6E-8E35-B2DD8221A803}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{846547A6-AB16-4DC7-A61C-4BF2E5CB9654}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{846547A6-AB16-4DC7-A61C-4BF2E5CB9654}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A156EB01-3C50-40D7-B227-F9CFC5D27EF5}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A156EB01-3C50-40D7-B227-F9CFC5D27EF5}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C70F0346-D16B-4BBF-9CD2-F864483B0482}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C70F0346-D16B-4BBF-9CD2-F864483B0482}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EBE2FCF5-7C18-49E9-802D-234D4CE0A093}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBE2FCF5-7C18-49E9-802D-234D4CE0A093}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1FB961D-ECE5-4C1D-BEB0-CDF12EA7EDAD}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1FB961D-ECE5-4C1D-BEB0-CDF12EA7EDAD}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => clé supprimé(es) avec succès
EmptyTemp: => 1004.5 MB données temporaires supprimées.
 
 
Le système a dû redémarrer.. 
 
==== Fin de Fixlog 14:39:22 ====
Link to post
Share on other sites

the ADW report:

 

# AdwCleaner v5.011 - Rapport créé le 07/10/2015 à 15:19:26
# Mis à jour le 07/10/2015 par Xplode
# Base de données : 2015-10-07.1 [serveur]
# Système d'exploitation : Windows 10 Home  (x64)
# Nom d'utilisateur : Mad - MADELEINE
# Exécuté depuis : C:\Users\Mad\Downloads\adwcleaner_5.011.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
 
***** [ Dossiers ] *****
 
 
***** [ Fichiers ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Raccourcis ] *****
 
[-] Raccourci Désinfecté : C:\Users\Mad\Desktop\Google Chrome.lnk
[-] Raccourci Désinfecté : C:\Users\Mad\Desktop\Internet Explorer.lnk
[-] Raccourci Désinfecté : C:\Users\Mad\Desktop\Mozilla Firefox.lnk
[-] Raccourci Désinfecté : C:\Users\Mad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.LNK
 
***** [ Tâches planifiées ] *****
 
 
***** [ Registre ] *****
 
 
***** [ Navigateurs ] *****
 
[-] [C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Supprimé : free-video-converter.softonic.fr
 
*************************
 
:: Paramètres Winsock réinitialisés
 
########## EOF - C:\AdwCleaner\AdwCleaner[C11].txt - [1140 octets] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.4 (09.28.2015:1)

OS: Windows 10 Home x64

Ran by Mad on 07-10-15 at 15:25:55,80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Users\Mad\AppData\Roaming\sp_data.sys

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\Users\Mad\Appdata\Local\ggempire

 

 

 

~~~ Chrome

 

 

[C:\Users\Mad\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\Mad\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\Mad\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\Mad\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 07-10-15 at 15:30:32,73

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

And here is the MSRT log.

I'll now try to delete the shortcuts and see if they pop again when I reboot my pc, and I'll tell you the result.

Anyway, thank you for your help and your time !

Mad


 

 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Sun Aug 16 11:43:41 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 13:43:17 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
 
Results Summary:
----------------
No infection found.
Failed to submit clean hearbeat MAPS report: 0x83760002
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 13:57:54 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 17:11:36 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 18:05:24 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 19:13:44 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 19:14:23 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 19:30:30 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 19:30:31 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 23 20:45:21 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 23 21:00:16 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 24 08:19:51 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 24 12:51:41 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 24 12:51:45 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Tue Aug 25 09:56:58 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 25 09:57:24 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Tue Aug 25 13:19:00 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Tue Aug 25 17:08:40 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 29 10:16:03 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 29 12:28:59 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 29 12:34:33 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 29 15:04:22 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sat Aug 29 16:49:51 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 31 06:58:25 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 31 20:30:24 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 31 20:33:29 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Wed Sep 02 20:01:45 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Wed Sep 02 20:30:39 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Fri Sep 04 10:51:17 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 04 10:51:48 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Fri Sep 04 15:21:05 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 04 15:21:07 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Sep 07 10:34:39 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Sep 07 10:35:15 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Wed Sep 09 10:44:45 2015
 
Engine: 1.1.11903.0
Signatures: 1.203.693.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 09 10:45:13 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Thu Sep 10 08:44:54 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Thu Sep 10 08:47:13 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 10 08:57:57 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Sep 11 10:38:05 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 11 10:38:34 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Sep 11 11:22:16 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 11 11:22:20 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Sep 11 12:46:31 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Sep 11 12:51:56 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 11 12:51:59 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Sep 11 13:07:33 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 11 13:07:34 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Sep 11 13:16:16 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 11 13:16:18 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Sep 11 13:47:20 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 11 14:29:29 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Sep 11 14:41:52 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 11 14:42:20 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Sep 11 16:23:24 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 11 16:23:27 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Sep 11 16:46:37 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sun Sep 13 14:19:50 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Mon Sep 14 15:37:25 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Sep 14 15:40:00 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
---------------------------------------------------------------------------------------
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 19 17:42:46 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 19 17:43:17 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 19 17:55:47 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 19 17:55:50 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 19 18:01:54 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 19 18:01:57 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 19 19:58:31 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 19 19:58:34 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 19 20:42:30 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 19 20:42:32 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 19 21:06:42 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 19 21:06:44 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 19 21:19:18 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 19 21:19:20 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 26 12:46:27 2015
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 26 12:52:23 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 26 12:52:53 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 26 13:53:52 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 26 13:53:53 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Sep 26 16:43:35 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 26 16:43:38 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Fri Oct 02 16:48:13 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 02 16:48:42 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Sat Oct 03 15:04:35 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Oct 03 15:08:16 2015
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
Started On Wed Oct 07 15:35:21 2015
 
Engine: 1.1.12002.0
Signatures: 1.205.646.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 07 15:42:35 2015
 
 
Return code: 0 (0x0)
Link to post
Share on other sites

Well.... The shortcuts popped again --' (I can't believe this is so hard to remove... I've tried at least 12 different antiviruses, and it's still there....)

So I lauched a complete scan with MSRT, hoping this will change the situation.

If not, I'll use my last option and give my computer to an informatician. 

Thank for your help again !

Mad

Link to post
Share on other sites

the shortcut deep in my OS (the  C: partition) is named "Astral" and is linked to C:\WINDOWS\system32\wscript.exe /e:VBScript.Encode D:\sony.mp3 

 

in my D: partition, there are two folders linked to C:\WINDOWS\system32\wscript.exe  /e:VBScript.Encode  iphon.mp3

 

The 3 shortcuts keep on reappearing everytime they are deleted

Link to post
Share on other sites

note: the shortcuts on the D: partition are the ones that spread through USB use... My friend has 2 folders like that (theyre called "*Username*" and "New Folder") and I first thought it was a win 10 feature... Like the first PC used with a usb key puts a signature on this key... But these folders are unusable and are just linked to wscript (which I can't uninstall)

Link to post
Share on other sites

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe   <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefindAstral.*:Regfind*Astral*Astral
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Post that log..

 

What is on D partion, is it possible you can format that partition..
 

Link to post
Share on other sites

here's the log:

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 22:57 on 07/10/2015 by Mad
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "Astral.*"
C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Astral.lnk --a---- 840 bytes [17:44 07/10/2015] [20:59 07/10/2015] BF0546E9C593FCB9E4770EAC4B2E5448
C:\Users\Mad\AppData\Roaming\ZHP\Quarantine\Astral.lnk --a---- 840 bytes [08:59 15/09/2015] [07:21 06/10/2015] BF0546E9C593FCB9E4770EAC4B2E5448
 
========== Regfind ==========
 
Searching for "*Astral*"
No data found.
 
Searching for "Astral"
No data found.
 
-= EOF =-
Link to post
Share on other sites

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

 

@echo offdel /f /s /q "C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Astral.lnk"del %0

 

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"

It should look like this: batfileicon.gif<--XP vista_bat_icon.png <--vista or windows 7/8

Double click on delfile.bat to execute it.

A black CMD window will flash, then disappear...this is normal.

The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

Let me know if any remaining issues or concerns...

 

Thanks,

 

Kevin

Link to post
Share on other sites

Hello,
sorry I didn't answer as quick as "usual".

I was so tired to have that problem, I went to an IT shop and asked the guy to completely reformat my computer.

Turns out some really important files were corrupted and I now have to use win 8 again (this is so sad :'( ).

But at least, I can use my computer normally, and now, I'll be more careful with other's USB's !

Thank you so much for your help and time, I keep your advices in a corner in my mind (is that the right formulation ?)

Maybe some day I might offer you a beer ;) (well... that's quite improbable, but you never now ^^ )

Thanks again,

Madeleine

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.