Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Exécuté par Wissam (administrateur) sur PCWISSAM (14-04-2018 12:59:09)
Exécuté depuis C:\Users\Wissam\Downloads
Profils chargés: Wissam (Profils disponibles: Wissam)
Platform: Windows 8.1 (Update) (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\LPT\srpts.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
() C:\Program Files (x86)\LPT\srptsl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
() C:\Users\Wissam\AppData\Roaming\cacaoweb\cacaoweb.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Users\Wissam\AppData\Local\Smartbar\Application\Lrcnta.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178496 2018-03-15] (ESET)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-02-20] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3642688 2018-04-09] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\...\Run: [cacaoweb] => C:\Users\Wissam\AppData\Roaming\cacaoweb\cacaoweb.exe [568624 2017-03-31] ()
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\...\Run: [GoogleChromeAutoLaunch_B4EC3CC56F0C1FE7F05B48D83F455554] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Wissam\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-10-01] (Smartbar)
Startup: C:\Users\Wissam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2017-09-15]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Wissam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-09-29]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{5E529D00-E454-499E-B5DD-02AD5A384C76}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{78F19859-F85E-419C-9CCE-90921F69AA86}: [DhcpNameServer] 10.249.2.151 10.249.2.152

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrj8rem5krhc5mQfe4JcHJJaEnBh_0a-W2Hf7VWuFX-RyNYveLdI5juR-8uvkt4BS3iVcFTKl_V2USnOdANTdiET5ybtja8_5Q,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrjwvDU4jYMWNpc41ZFDCx_-GdAXwJLc_zj0Xg7BuPiUFJF1Ui0LXwkEDhbVa_1fu2oPb7HtprabRC15FwepIx3WC4iQ7HLqRA,,&q={searchTerms}
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrjwvDU4jYMWNpc41ZFDCx_-GdAXwJLc_zj0Xg7BuPiUFJF1Ui0LXwkEDhbVa_1fu2oPb7HtprabRC15E-kzlF2D2K-W0BimLA,,&q={searchTerms}
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrj8rem5krhc5mQfe4JcHJJaEnBh_0a-W2Hf7VWuFX-RyNYveLdI5juR-8uvkt4BS3iVcFTKl_V2USnOcLAqS5QxZC0RHSHWsQ,,
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://kogoa.com
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=F26E1A763F00CAA9&affID=119357&tsp=5020
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrjwvDU4jYMWNpc41ZFDCx_-GdAXwJLc_zj0Xg7BuPiUFJF1Ui0LXwkEDhbVa_1fu2oPb7HtprabRC15FwepIx3WC4iQ7HLqRA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrjwvDU4jYMWNpc41ZFDCx_-GdAXwJLc_zj0Xg7BuPiUFJF1Ui0LXwkEDhbVa_1fu2oPb7HtprabRC15FwepIx3WC4iQ7HLqRA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrjwvDU4jYMWNpc41ZFDCx_-GdAXwJLc_zj0Xg7BuPiUFJF1Ui0LXwkEDhbVa_1fu2oPb7HtprabRC15FwepIx3WC4iQ7HLqRA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrjwvDU4jYMWNpc41ZFDCx_-GdAXwJLc_zj0Xg7BuPiUFJF1Ui0LXwkEDhbVa_1fu2oPb7HtprabRC15FwepIx3WC4iQ7HLqRA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4059531746-636612358-2214297834-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrjwvDU4jYMWNpc41ZFDCx_-GdAXwJLc_zj0Xg7BuPiUFJF1Ui0LXwkEDhbVa_1fu2oPb7HtprabRC15E-kzlF2D2K-W0BimLA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4059531746-636612358-2214297834-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-4059531746-636612358-2214297834-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrjwvDU4jYMWNpc41ZFDCx_-GdAXwJLc_zj0Xg7BuPiUFJF1Ui0LXwkEDhbVa_1fu2oPb7HtprabRC15E-kzlF2D2K-W0BimLA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4059531746-636612358-2214297834-1001 -> {2891CFCE-B595-4609-95F3-F784F5C7A308} URL =
BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-04-03] (Microsoft Corporation)
BHO-x32: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-03] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-17] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-04-03] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-17] (Oracle Corporation)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: tr8iro4m.default
FF ProfilePath: C:\Users\Wissam\AppData\Roaming\Mozilla\Firefox\Profiles\tr8iro4m.default [2017-06-29]
FF Homepage: Mozilla\Firefox\Profiles\tr8iro4m.default -> hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrj8rem5krhc5mQfe4JcHJJaEnBh_0a-W2Hf7VWuFX-RyNYveLdI5juR-8uvkt4BS3iVcFTKl_V2USnOcLAqS5QxZC0RHSHWsQ,,
FF NewTab: Mozilla\Firefox\Profiles\tr8iro4m.default -> hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrj6dV7J9uAJhLaUo4GRubhyggzhbdgZLxSMUai2tyIuvID6ySabp0vseTld2an4cftZy2HbOXiG4XHeP_XNne9S5G6ePTtL9A,,
FF SearchPlugin: C:\Users\Wissam\AppData\Roaming\Mozilla\Firefox\Profiles\tr8iro4m.default\searchplugins\Web Search.xml [2015-05-22]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => non trouvé(e)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrj8rem5krhc5mQfe4JcHJJaEnBh_0a-W2Hf7VWuFX-RyNYveLdI5juR-8uvkt4BS3iVcFTKl_V2USnOdANTdiET5ybtja8_5Q,,
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default [2018-04-14]
CHR Extension: (Docs) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Adblock Plus) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
CHR Extension: (Recherche Google) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (cacaoweb) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf [2014-05-30]
CHR Extension: (Google Docs hors connexion) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (AdBlock) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-18]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Wissam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [Fichier non signé]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-04-09] (Dropbox, Inc.)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2213344 2018-03-15] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2213344 2018-03-15] (ESET)
S3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [33560 2014-06-11] () <==== ATTENTION
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-02-20] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros) [Fichier non signé]

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [137928 2018-03-28] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-03-28] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [196112 2018-03-28] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [108320 2018-03-28] (ESET)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2013-02-20] (Dritek System Inc.)
S3 qcfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [49208 2017-03-15] (QUALCOMM Incorporated)
S3 qcusbnet; C:\WINDOWS\system32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2018-04-14 12:59 - 2018-04-14 13:01 - 000022779 _____ C:\Users\Wissam\Downloads\FRST.txt
2018-04-14 12:58 - 2018-04-14 12:59 - 000000000 ____D C:\FRST
2018-04-13 15:22 - 2018-04-13 15:23 - 002403328 _____ (Farbar) C:\Users\Wissam\Downloads\FRST64.exe
2018-04-12 21:41 - 2018-04-14 12:57 - 000000000 ____D C:\Users\Wissam\AppData\Roaming\ZHP
2018-04-12 21:41 - 2018-04-12 23:16 - 000000879 _____ C:\Users\Wissam\Desktop\ZHPDiag.lnk
2018-04-12 21:41 - 2018-04-12 21:41 - 000000000 ____D C:\Users\Wissam\AppData\Local\ZHP
2018-04-12 21:36 - 2018-04-12 21:36 - 003063168 _____ C:\Users\Wissam\Desktop\ZHPDiag3.exe
2018-04-11 22:59 - 2018-04-11 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-09 21:42 - 2018-04-09 21:43 - 000284704 _____ C:\WINDOWS\Minidump\040918-29593-01.dmp
2018-04-09 12:17 - 2018-04-09 12:17 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-04-09 12:17 - 2018-04-09 12:17 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-04-09 12:17 - 2018-04-09 12:17 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-04-09 12:17 - 2018-04-09 12:17 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-04-06 16:29 - 2018-04-06 16:29 - 000091436 _____ C:\Users\Wissam\Downloads\Indicateurs STMicro 2018.xlsm
2018-04-06 10:50 - 2018-04-06 10:50 - 000090624 _____ C:\Users\Wissam\Downloads\cahier-des-charges-pca_pra.xls
2018-04-06 10:27 - 2018-04-06 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-04-06 10:27 - 2018-04-06 10:27 - 000000000 ____D C:\ProgramData\ESET
2018-04-06 09:49 - 2018-04-06 09:49 - 000406830 _____ C:\Users\Wissam\Downloads\06042018_COMMANDE_C771E302701O18392.pdf
2018-04-06 09:49 - 2018-04-06 09:49 - 000406830 _____ C:\Users\Wissam\Desktop\06042018_COMMANDE_C771E302701O18392.pdf
2018-04-06 09:45 - 2018-04-06 09:45 - 005053440 _____ C:\Users\Wissam\Downloads\Pack Evaluation ISO 9001_2000.xls
2018-04-06 09:39 - 2018-04-06 09:39 - 000036864 _____ C:\Users\Wissam\Downloads\13.2A-5_7_FOR_Eval_Four.xls
2018-04-05 03:41 - 2018-04-05 03:41 - 001611915 _____ C:\Users\Wissam\Downloads\Cas Renault (1).pptx
2018-03-29 13:31 - 2018-03-29 13:31 - 000128251 _____ C:\Users\Wissam\Downloads\Eurolines ticket - Order N 180329706299.pdf
2018-03-28 14:31 - 2018-03-28 14:31 - 000108320 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2018-03-28 14:30 - 2018-03-28 14:30 - 000015872 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
2018-03-26 19:13 - 2018-03-26 19:13 - 000424371 _____ C:\Users\Wissam\Downloads\plaquette-master-gpla-achats-m2.pdf
2018-03-23 15:26 - 2018-03-23 15:26 - 002735352 _____ C:\Users\Wissam\Downloads\LA POLITIQUE DE DISTRIBUTION.pptx
2018-03-20 21:07 - 2018-04-03 03:01 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-20 21:07 - 2018-04-03 03:01 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-16 15:01 - 2018-03-16 15:01 - 000197854 _____ C:\Users\Wissam\Downloads\TUITION AND FEES - FRAIS SCOLARITE - MBA 2017.pdf

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2018-04-14 13:01 - 2015-07-16 10:56 - 000001094 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bfa55e0b6526.job
2018-04-14 12:53 - 2013-09-27 15:53 - 000001094 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-04-14 12:43 - 2014-05-30 11:21 - 000000000 ____D C:\Users\Wissam\AppData\Roaming\cacaoweb
2018-04-14 12:23 - 2016-11-01 15:31 - 000003940 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{95A23421-8F07-4997-819A-3177A3E0C4AB}
2018-04-14 12:18 - 2016-11-11 20:40 - 000001204 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-04-13 16:32 - 2013-09-27 15:53 - 000001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-04-13 13:29 - 2013-09-30 17:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-13 13:17 - 2017-10-13 21:05 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-13 13:17 - 2013-09-30 17:24 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-13 13:16 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-13 13:00 - 2013-09-27 15:48 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4059531746-636612358-2214297834-1001
2018-04-13 11:34 - 2013-09-27 15:38 - 000000000 ____D C:\Users\Wissam\AppData\Local\Packages
2018-04-11 22:59 - 2016-11-11 20:40 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-04-09 21:44 - 2016-09-26 23:03 - 000000000 ___RD C:\Users\Wissam\OneDrive
2018-04-09 21:44 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-04-09 21:43 - 2016-11-15 22:27 - 000001208 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d23f7eb9f1383a.job
2018-04-09 21:43 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-09 21:42 - 2017-05-15 17:24 - 436542989 _____ C:\WINDOWS\MEMORY.DMP
2018-04-09 21:42 - 2017-05-15 17:24 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-09 18:35 - 2016-09-26 21:56 - 000000000 ____D C:\Users\Wissam
2018-04-06 10:28 - 2012-07-26 10:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-04-06 10:27 - 2014-11-23 10:42 - 000000000 ____D C:\Program Files\ESET
2018-04-03 11:38 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-03 11:33 - 2017-04-19 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016
2018-04-03 11:32 - 2013-02-20 03:07 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-30 14:06 - 2013-08-22 15:25 - 000786432 ___SH C:\WINDOWS\system32\config\BBI
2018-03-30 09:12 - 2016-11-11 20:40 - 000000000 ____D C:\Users\Wissam\AppData\Local\Dropbox
2018-03-29 23:41 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-29 13:55 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2018-03-28 14:31 - 2013-09-17 16:17 - 000196112 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2018-03-28 14:31 - 2013-09-17 16:17 - 000137928 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2018-03-23 20:23 - 2013-09-27 15:55 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 20:23 - 2013-09-27 15:55 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-20 21:06 - 2013-08-22 16:44 - 000510688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-20 21:01 - 2016-10-10 00:23 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-20 21:01 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-03-19 22:46 - 2017-07-27 12:38 - 000003174 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4059531746-636612358-2214297834-1001
2018-03-19 22:46 - 2017-04-19 20:03 - 000002395 _____ C:\Users\Wissam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive Entreprise.lnk

==================== Fichiers à la racine de certains dossiers =======

2014-05-29 18:24 - 2014-05-29 18:24 - 000276480 _____ () C:\Users\Wissam\AppData\Roaming\~hkbxpcd.exe
2017-03-20 09:58 - 2017-03-20 09:58 - 000000000 _____ () C:\Users\Wissam\AppData\Local\{D01353B3-0667-4975-9DB8-EF20292021FD}

Certains fichiers dans TEMP:
====================
2018-04-12 13:22 - 2018-04-12 14:49 - 000086016 _____ () C:\Users\Wissam\AppData\Local\Temp\-qt1hpg2.dll
2016-11-11 20:50 - 2014-01-06 16:20 - 009580608 _____ (Foxit Corporation) C:\Users\Wissam\AppData\Local\Temp\Foxit Reader Updater.exe
2018-04-12 19:18 - 2018-04-12 21:29 - 000086016 _____ () C:\Users\Wissam\AppData\Local\Temp\i_rsbilp.dll
2016-10-23 22:56 - 2016-10-23 22:56 - 000737856 _____ (Oracle Corporation) C:\Users\Wissam\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-08-10 18:01 - 2017-08-10 18:01 - 000740416 _____ (Oracle Corporation) C:\Users\Wissam\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-17 20:52 - 2017-10-17 20:52 - 001856576 _____ (Oracle Corporation) C:\Users\Wissam\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-11-19 14:33 - 2014-06-03 21:23 - 006170168 _____ (Spotify Ltd) C:\Users\Wissam\AppData\Local\Temp\SpotifyUninstall.exe

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2018-04-13 13:02

==================== Fin de FRST.txt ============================