Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 11.03.2018 01
Exécuté par François (administrateur) sur PC (12-03-2018 16:10:55)
Exécuté depuis C:\Users\François\Desktop
Profils chargés: François (Profils disponibles: François)
Platform: Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Create 7\PdfCreate7Hook.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Windows\runSW.exe
(Realtek) C:\Windows\SwUSB.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files\Linksys WUSB6300\WifiSvc.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(RedFox) C:\Program Files\RedFox\CloneCD\CloneCDTray.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NGWIN) C:\Program Files\PicPick\picpick.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(Ergonis Software) C:\Program Files\Ergonis\PopChar\PopChar.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-06] (AVAST Software)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2015-07-26] (RealNetworks, Inc.)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM\...\Run: [OmniPage Preload] => C:\Program Files\Nuance\OmniPage18\OmniPage18.exe [2983784 2011-05-25] (Nuance Communications, Inc.)
HKLM\...\Run: [Nuance OmniPage 18-reminder] => "C:\Program Files\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Create 7\pdfcreate7hook.exe [606496 2011-04-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF7 Registry Controller] => C:\Program Files\Nuance\PDF Create 7\RegistryController.exe [138528 2011-04-29] (Nuance Communications, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-12-22] ()
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4620736 2017-12-22] ()
HKLM\...\Run: [CloneCDTray] => C:\Program Files\RedFox\CloneCD\CloneCDTray.exe [57344 2016-03-29] (RedFox)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-08-25] (Acronis International GmbH)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3700576535-3607990455-695359370-1000\...\Run: [PicPick Start] => C:\Program Files\PicPick\picpick.exe [19959616 2015-08-24] (NGWIN)
HKU\S-1-5-21-3700576535-3607990455-695359370-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-3700576535-3607990455-695359370-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION
HKU\S-1-5-18\...\Run: [OpAgent] => "OpAgent.exe" /agent
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2015-07-26]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-12-15]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-11-03]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Notifications de Mises à jour.lnk [2016-11-03]
ShortcutTarget: Notifications de Mises à jour.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PopChar.lnk [2018-03-01]
ShortcutTarget: PopChar.lnk -> C:\Program Files\Ergonis\PopChar\PopChar.exe (Ergonis Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Préchargeur.lnk [2016-11-03]
ShortcutTarget: WinZip Préchargeur.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\François\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeliveryManager.lnk [2015-10-04]
ShortcutTarget: DeliveryManager.lnk -> C:\Users\François\AppData\Roaming\Delivery\DeliveryManager.exe (Pas de fichier)

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [345360 2017-01-15] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [345360 2017-01-15] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [345360 2017-01-15] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [345360 2017-01-15] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll [345360 2017-01-15] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 178.73.133.1
Tcpip\..\Interfaces\{0F96333A-96AB-47D7-9DA0-6459027D8F5B}: [DhcpNameServer] 178.73.133.1
Tcpip\..\Interfaces\{14A0D5D7-75C3-4161-AEF3-DB24FEEDF407}: [DhcpNameServer] 95.170.61.1

Internet Explorer:
==================
HKU\S-1-5-21-3700576535-3607990455-695359370-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DyBtCzy0B0F0ByDyEyDyB0C0D0EtN0D0Tzu0StCtBzyzztN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyB0AyByDtDtCtCtGtCtA0FyEtGzz0DtA0EtGyC0EtB0EtG0BtA0BzytB0DyCzy0A0C0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtAyC0AyC0FtCtDtG0AzytAtCtGyEyDzz0DtGzyyDyB0CtG0CtCyC0EtDyD0Ezy0CtDyDyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzzzyC%26cr%3D1481987354%26a%3Dwncy_clu_15_30%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Czz0DyBtCzy0B0F0ByDyEyDyB0C0D0EtN0D0Tzu0StCtBzyzztN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyB0AyByDtDtCtCtGtCtA0FyEtGzz0DtA0EtGyC0EtB0EtG0BtA0BzytB0DyCzy0A0C0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtAyC0AyC0FtCtDtG0AzytAtCtGyEyDzz0DtGzyyDyB0CtG0CtCyC0EtDyD0Ezy0CtDyDyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzzzyC%26cr%3D1481987354%26a%3Dwncy_clu_15_30%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3700576535-3607990455-695359370-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: PDFXChange 2012 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
BHO: Barre de confiance CM-CIC -> {4d02e7e6-5930-4b51-b9b0-9f21b3789401} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-20] (AVAST Software)
Toolbar: HKLM - Barre de confiance CM-CIC - {4d02e7e6-5930-4b51-b9b0-9f21b3789401} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Toolbar: HKLM - PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
Toolbar: HKU\S-1-5-21-3700576535-3607990455-695359370-1000 -> Barre de confiance CM-CIC - {4D02E7E6-5930-4B51-B9B0-9F21B3789401} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\François\AppData\Roaming\Mozilla\Firefox\Profiles\qzbm6lf8.default-1453475283082 [2018-03-12]
FF Homepage: Mozilla\Firefox\Profiles\qzbm6lf8.default-1453475283082 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\qzbm6lf8.default-1453475283082 -> about:newtab
FF Extension: (Avast SafePrice) - C:\Users\François\AppData\Roaming\Mozilla\Firefox\Profiles\qzbm6lf8.default-1453475283082\Extensions\sp@avast.com.xpi [2018-03-08]
FF Extension: (Avast Online Security) - C:\Users\François\AppData\Roaming\Mozilla\Firefox\Profiles\qzbm6lf8.default-1453475283082\Extensions\wrc@avast.com.xpi [2017-10-15]
FF SearchPlugin: C:\Users\François\AppData\Roaming\Mozilla\Firefox\Profiles\qzbm6lf8.default-1453475283082\searchplugins\google-avast.xml [2017-01-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-21] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3700576535-3607990455-695359370-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-01-18] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\François\AppData\Local\Google\Chrome\User Data\Default [2017-03-20]
CHR Extension: (Google Slides) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-21]
CHR Extension: (Google Docs) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-22]
CHR Extension: (Google Drive) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-22]
CHR Extension: (YouTube) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-22]
CHR Extension: (Recherche Google) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-10-22]
CHR Extension: (Avast SafePrice) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-20]
CHR Extension: (Google Sheets) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-21]
CHR Extension: (Google Docs hors connexion) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-22]
CHR Extension: (Avast Online Security) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-20]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-20]
CHR Extension: (Gmail) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-20]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <non trouvé(e)>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <non trouvé(e)>

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 AcronisActiveProtectionService; C:\Program Files\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2723872 2017-12-22] (Acronis International GmbH)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [1009400 2017-12-22] ()
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [6096688 2018-02-16] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-06] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [357760 2018-03-06] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [288688 2015-08-09] (Intel Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [300976 2015-08-09] (Intel Corporation)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [175872 2014-02-05] (Intel Corporation)
R2 mmsminisrv; C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-08-25] (Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-08-25] (Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742464 2017-12-22] ()
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-15] (Nero AG)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7003048 2017-12-22] ()
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WSWUSB6300; C:\Program Files\Linksys WUSB6300\WifiSvc.exe [312144 2013-07-22] () [Fichier non signé]

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 ASCTRM; C:\Windows\system32\Drivers\ASCTRM.sys [8552 2015-07-26] (Windows (R) 2000 DDK provider) [Fichier non signé]
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-03-06] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-06] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-06] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-06] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-06] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-03-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39784 2017-09-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-03-06] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2017-07-11] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [462568 2018-03-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100032 2018-03-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-03-06] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783608 2018-03-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-03-06] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-03-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-03-06] (AVAST Software)
R3 CLMirrorDriver; C:\Windows\System32\DRIVERS\CLMirrorDriver.sys [21264 2016-04-20] (CyberLink)
R2 DlinkNdPt60; C:\Windows\System32\DRIVERS\DlinkNdPt60.sys [27648 2011-05-11] (D-Link )
S3 DLINKVLANPT; C:\Windows\System32\DRIVERS\DLINKVlan60.sys [19968 2011-05-11] (Windows (R) Win 7 DDK provider)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d6232.sys [445432 2017-07-19] (Intel Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [35112 2014-02-10] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [419376 2018-02-16] (Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [281872 2018-02-16] (Acronis International GmbH)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [111904 2014-09-30] (Intel Corporation)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvdo.sys [236120 2017-12-09] (Miray)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2915544 2015-03-27] (Realtek Semiconductor Corporation )
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [828248 2018-02-16] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [166232 2018-02-16] (Acronis International GmbH)
S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [472920 2018-02-16] (Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [251088 2018-02-16] (Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [176912 2018-02-16] (Acronis International GmbH)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [44776 2016-07-22] (Microsoft Corporation)
S3 cpuz139; \??\C:\Users\FRANOI~1\AppData\Local\Temp\cpuz139\cpuz139_x32.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

Error(1) reading file: "C:\Users\François\Downloads\-Les Genêts -1+ Comm. et Conf. 2017.doc "
2018-03-12 16:10 - 2018-03-12 16:11 - 000023542 _____ C:\Users\François\Desktop\FRST.txt
2018-03-12 16:09 - 2018-03-12 16:09 - 000000000 ____D C:\Users\François\Desktop\FRST-OlderVersion
2018-03-12 10:52 - 2018-03-12 10:52 - 002672243 _____ C:\Users\François\Desktop\Face2.psd
2018-03-12 10:49 - 2018-03-12 10:49 - 002771180 _____ C:\Users\François\Desktop\Face1.psd
2018-03-08 15:22 - 2018-03-08 15:24 - 000103936 _____ C:\Users\Marie-Anne\Annonce messes St. Fontaine 2018-2.pmd
2018-03-06 16:50 - 2018-03-06 16:50 - 000000000 ____D C:\Users\François\AppData\Local\AVAST Software
2018-03-06 16:44 - 2018-03-06 16:44 - 000319392 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-03-06 15:33 - 2018-03-12 16:07 - 000000000 ____D C:\Users\François\Desktop\FRST
2018-03-06 15:18 - 2018-03-12 16:10 - 000000000 ____D C:\FRST
2018-03-06 15:14 - 2018-03-12 16:09 - 001763328 _____ (Farbar) C:\Users\François\Desktop\FRST.exe
2018-03-02 18:00 - 2018-03-06 16:01 - 000000000 ____D C:\Program Files\SIW Pro Edition
2018-03-02 18:00 - 2018-03-02 18:00 - 000000943 _____ C:\Users\François\Desktop\SIW Pro.lnk
2018-02-27 17:01 - 2018-02-27 17:01 - 000003584 _____ C:\Users\François\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-23 16:59 - 2018-02-24 14:56 - 098332576 _____ C:\Users\François\Documents\PowerProducer_3406c_GM8_Patch_PPD140925-02.exe
2018-02-19 17:11 - 2018-02-19 17:11 - 001455084 _____ C:\Users\Marie-Anne\Une lumière a brillé.psd
2018-02-16 17:40 - 2018-02-16 17:40 - 000419376 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_protector.sys
2018-02-16 17:39 - 2018-02-16 17:39 - 000270096 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2018-02-16 17:39 - 2018-02-16 17:39 - 000251088 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\virtual_file.sys
2018-02-16 17:39 - 2018-02-16 17:39 - 000166232 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2018-02-16 17:21 - 2018-02-16 17:21 - 000824431 _____ C:\Users\François\Desktop\Acronis True Image.pdf
2018-02-15 15:41 - 2018-02-15 15:41 - 000122664 _____ C:\Users\François\Downloads\invoice_OYM-VQ9.pdf
2018-02-14 17:24 - 2018-02-14 17:24 - 000000412 _____ C:\Users\François\Downloads\CloneCD_Key_14196229.CloneCD
2018-02-14 16:54 - 2018-02-14 16:54 - 000001024 _____ C:\Users\Public\Desktop\CloneCD.lnk

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2018-03-12 15:52 - 2016-11-18 18:06 - 000000000 ____D C:\Users\François\AppData\LocalLow\Mozilla
2018-03-12 15:49 - 2009-07-14 05:34 - 000021584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-12 15:49 - 2009-07-14 05:34 - 000021584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-12 15:48 - 2015-07-08 17:38 - 000006212 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-12 15:48 - 2009-07-14 09:39 - 021349104 _____ C:\Windows\system32\perfh00C.dat
2018-03-12 15:48 - 2009-07-14 09:39 - 006990964 _____ C:\Windows\system32\perfc00C.dat
2018-03-12 15:41 - 2015-09-21 15:05 - 000000000 ____D C:\ProgramData\TEMP
2018-03-12 15:41 - 2015-07-09 15:58 - 000000000 __SHD C:\Users\François\IntelGraphicsProfiles
2018-03-12 15:41 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-12 10:35 - 2015-11-16 17:05 - 000000000 ____D C:\Users\Marie-Anne
2018-03-11 14:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2018-03-10 16:23 - 2016-11-05 10:00 - 000000000 ____D C:\Users\François\Desktop\Programme messes La Chapelle
2018-03-06 16:49 - 2016-06-15 16:40 - 000000984 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-03-06 16:44 - 2017-11-22 16:29 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-06 16:44 - 2017-03-24 08:58 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-03-06 16:44 - 2017-03-24 08:58 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-03-06 16:44 - 2017-03-24 08:58 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-03-06 16:44 - 2017-03-24 08:58 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-03-06 16:44 - 2016-05-21 13:09 - 000462568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2018-03-06 16:44 - 2015-07-09 16:20 - 000783608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-06 16:44 - 2015-07-09 16:20 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-06 16:44 - 2015-07-09 16:20 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-06 16:44 - 2015-07-09 16:20 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-03-06 16:44 - 2015-07-09 16:20 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-06 16:44 - 2015-07-09 16:20 - 000100032 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-03-06 16:44 - 2015-07-09 16:20 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-06 16:44 - 2015-07-09 16:20 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-06 16:20 - 2015-07-23 16:24 - 000000000 ____D C:\Users\François\AppData\Local\ElevatedDiagnostics
2018-03-06 16:19 - 2017-06-11 14:13 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-06 16:00 - 2015-08-06 17:34 - 000009043 _____ C:\siw_debug.txt
2018-03-06 15:26 - 2017-04-01 15:26 - 000084480 ___SH C:\Users\François\Thumbs.db
2018-03-02 18:00 - 2017-10-30 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW Pro
2018-03-01 15:06 - 2016-02-10 16:08 - 000001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopChar.lnk
2018-03-01 14:37 - 2016-06-03 16:04 - 000000000 ____D C:\ProgramData\SUPPORTDIR
2018-03-01 14:37 - 2016-05-31 16:49 - 000000000 ____D C:\Program Files\CyberLink
2018-03-01 14:37 - 2015-07-08 18:11 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-02-28 15:27 - 2016-12-25 15:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-27 17:23 - 2017-09-06 15:09 - 000000000 _____ C:\Windows\system32\last.dump
2018-02-25 17:28 - 2015-07-08 17:47 - 000002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-24 16:52 - 2009-07-14 05:33 - 000310640 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-24 15:48 - 2017-09-06 15:10 - 000000000 ____D C:\Users\François\AppData\Local\Turbo View & Convert
2018-02-23 17:35 - 2016-06-11 15:18 - 000000000 ____D C:\Users\François\Desktop\Capture
2018-02-23 17:32 - 2015-09-21 14:40 - 000000000 ____D C:\Users\François\Desktop\Diverses notices
2018-02-23 17:05 - 2016-05-31 15:26 - 000000000 ____D C:\ProgramData\CyberLink
2018-02-16 17:40 - 2016-01-07 17:38 - 000281872 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2018-02-16 17:39 - 2017-08-31 15:08 - 000176912 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\volume_tracker.sys
2018-02-16 17:39 - 2016-07-01 15:27 - 000001123 _____ C:\Users\Public\Desktop\Acronis True Image.lnk
2018-02-16 17:39 - 2016-04-24 17:09 - 000001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk
2018-02-16 17:39 - 2016-01-07 17:38 - 000828248 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2018-02-16 17:39 - 2016-01-07 17:38 - 000472920 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tnd.sys
2018-02-16 17:39 - 2015-08-01 17:40 - 000000000 ____D C:\Program Files\Common Files\Acronis
2018-02-14 17:27 - 2017-10-15 14:29 - 000000000 ____D C:\Program Files\RedFox
2018-02-14 17:18 - 2015-12-05 17:59 - 000000166 ___SH C:\ProgramData\.zreglib
2018-02-14 11:34 - 2015-07-09 14:27 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-02-14 10:05 - 2015-09-14 14:48 - 000000000 ____D C:\Program Files\CCleaner
2018-02-14 09:59 - 2009-07-14 05:53 - 000032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Fichiers à la racine de certains dossiers =======

2016-04-17 15:01 - 2017-10-15 14:25 - 000087608 _____ () C:\Users\François\AppData\Roaming\inst.exe
2016-04-17 15:01 - 2017-10-15 14:25 - 000007887 _____ () C:\Users\François\AppData\Roaming\pcouffin.cat
2016-04-17 15:01 - 2017-10-15 14:25 - 000001144 _____ () C:\Users\François\AppData\Roaming\pcouffin.inf
2016-04-17 15:01 - 2017-10-15 14:26 - 000000034 _____ () C:\Users\François\AppData\Roaming\pcouffin.log
2016-04-17 15:01 - 2017-10-15 14:25 - 000047360 _____ (VSO Software) C:\Users\François\AppData\Roaming\pcouffin.sys
2017-06-11 14:16 - 2017-06-18 09:31 - 006553600 _____ () C:\Users\François\AppData\Local\AcronisTrueImage2016_6589.exe
2017-08-03 14:06 - 2017-08-03 14:21 - 503043688 _____ () C:\Users\François\AppData\Local\AcronisTrueImage2016_6595.exe
2018-02-27 17:01 - 2018-02-27 17:01 - 000003584 _____ () C:\Users\François\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-21 17:33 - 2016-01-21 17:33 - 000000418 _____ () C:\Users\François\AppData\Local\LMIR0001.tmp.bat
2016-01-21 17:33 - 2016-01-21 17:33 - 000000343 _____ () C:\Users\François\AppData\Local\LMIR0001.tmp_r.bat
2016-02-09 10:16 - 2016-02-09 10:16 - 000000017 _____ () C:\Users\François\AppData\Local\resmon.resmoncfg
2016-04-17 14:51 - 2016-04-17 14:52 - 000000041 _____ () C:\Users\François\AppData\Local\trueburner.ini
2016-12-02 16:11 - 2016-12-02 16:11 - 000000000 _____ () C:\Users\François\AppData\Local\{7F450020-31E4-4D90-8FD5-0B8ED3ACF2F9}
2016-01-20 15:26 - 2016-01-20 15:26 - 000000000 _____ () C:\Users\François\AppData\Local\{897583AA-F0CA-4BB8-8F60-DAC0EA3492BF}
2017-03-22 18:21 - 2017-03-22 18:21 - 000000000 _____ () C:\Users\François\AppData\Local\{8E371EE4-E2E4-430F-9063-6A99DAC5E39C}

Certains fichiers dans TEMP:
====================
2016-04-24 17:09 - 2018-02-16 17:39 - 000117280 _____ () C:\Users\François\AppData\Local\Temp\AcronisProductUpdateUtility.exe
2017-02-19 09:06 - 2017-02-19 09:06 - 000186568 ____T () C:\Users\François\AppData\Local\Temp\CrashRpt1403.dll
2016-06-15 16:00 - 2016-06-15 16:01 - 002612600 _____ (Microsoft Corporation) C:\Users\François\AppData\Local\Temp\DefaultPack.EXE
2015-11-19 16:52 - 1998-09-24 09:40 - 004698624 _____ () C:\Users\François\AppData\Local\Temp\dxmedia.exe
2015-09-14 15:50 - 2017-08-11 07:19 - 000872448 _____ (Microsoft Corporation) C:\Users\François\AppData\Local\Temp\kernel32.dll
2016-05-13 08:13 - 2016-05-13 08:23 - 000000000 _____ () C:\Users\François\AppData\Local\Temp\{BDFC034E-4BD4-4CF1-91ED-9590E1B9CA1D}-50.0.2661.102_50.0.2661.94_chrome_updater.exe

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2018-03-02 17:25

==================== Fin de FRST.txt ============================