Sujet Précédent Sujet Suivant

Pc rame, virus?

Résolu/Fermé
Thierry1000 Messages postés 34 Date d'inscription vendredi 10 mars 2017 Statut Membre Dernière intervention 22 février 2022 - 16 août 2017 à 16:50
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 17 août 2017 à 17:31
Bonjour,
Depuis quelques jours mon pc rame et se comporte bizarrement.
J'ai lancé frst dont je joint les trois rapports.

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-08-2017
Ran by Thierry (administrator) on THIERRY-PC (16-08-2017 16:19:04)
Running from C:\Users\Thierry\Desktop
Loaded Profiles: Thierry (Available Profiles: Thierry & DefaultAppPool)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Anglais (États-Unis)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
() C:\Program Files\HRD Software LLC\Ham Radio Deluxe\HRDRemoteSvr.exe
(Simon Brown, HB9DRV) C:\Program Files\HRD Software LLC\Ham Radio Deluxe\HRDSerialPortSvr.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TechSmith Corporation) C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe
() C:\Program Files\TunnelBear\TBear.Maintenance.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(VASCO Data Security) C:\Users\Thierry\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\Thierry\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(VASCO Data Security) C:\Users\Thierry\AppData\Local\VASCO\NativeBridge\digipass-nativebridge.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44024 2017-08-07] (Glarysoft Ltd)
HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7759576 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\...\Run: [DigipassNativeBridge] => C:\Users\Thierry\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe [108592 2016-11-15] (VASCO Data Security)
HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 109.88.203.3 62.197.111.140
Tcpip\..\Interfaces\{2C88D1F1-C2C7-4050-A5CA-8F134C7C88DB}: [NameServer] 172.18.11.1
Tcpip\..\Interfaces\{2C88D1F1-C2C7-4050-A5CA-8F134C7C88DB}: [DhcpNameServer] 109.88.203.3 62.197.111.140
Tcpip\..\Interfaces\{A93535A3-A046-42E6-985B-31AC034F782D}: [DhcpNameServer] 172.18.13.1
Tcpip\..\Interfaces\{BBFBDF42-F7DF-4107-9787-42EB564F0278}: [DhcpNameServer] 109.88.203.3 62.197.111.140
Tcpip\..\Interfaces\{D5366A45-F748-4B4A-8BB4-04129050FD62}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131340425335467664&GUID=1393677A-4662-4601-9C13-4BF3D330F01C
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File

FireFox:
========
FF ProfilePath: C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\96bfm7vc.default-1490298944850 [2017-08-16]
FF Homepage: Mozilla\Firefox\Profiles\96bfm7vc.default-1490298944850 -> hxxp://google.be
FF Extension: (Adblock Plus) - C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\96bfm7vc.default-1490298944850\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-17]
FF Extension: (Belgium eID) - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2017-01-27]
FF HKLM\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.yoursearching.com/?type=hp&ts=1456592175&z=bf11fdd3db2da6dc2c4a958gdzawdqew2t1o9g1mdw&from=itr&uid=wdcxwd1600bb-00rda0_wd-wmanm381553115531","hxxp://www.trotux.com/?z=1bf47126634c942835ae83eg1zcb6t8e7bbt0cat0w&from=isr&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12D3073D3073&type=hp","hxxps://www.duckduckgo.com"
CHR DefaultSearchKeyword: Default -> java
CHR Profile: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default [2017-08-16]
CHR Extension: (Google Slides) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-25]
CHR Extension: (Google Docs) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-25]
CHR Extension: (Google Drive) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-25]
CHR Extension: (YouTube) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-25]
CHR Extension: (Adblock Plus) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Java API Search) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dphfngjamcomlehblpblaacingmaojnm [2017-03-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-25]
CHR Extension: (Google Sheets) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-25]
CHR Extension: (Google Docs hors connexion) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-25]
CHR Extension: (VideoDownloadConverter) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgjglmlehllifdekcggaapkaplbdpje [2017-08-02]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-25]
CHR Extension: (Gmail) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-25]
CHR Extension: (Chrome Media Router) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
S3 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [310272 2012-06-01] (Microsoft Corporation)
U2 Ham Radio Deluxe Remote Server; C:\Program Files\HRD Software LLC\Ham Radio Deluxe\HRDRemoteSvr.exe [1945600 2017-07-16] () [File not signed]
R2 HRD Serial Port Server; C:\Program Files\HRD Software LLC\Ham Radio Deluxe\HRDSerialPortSvr.exe [3076608 2016-10-31] (Simon Brown, HB9DRV) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2009-07-14] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4426696 2017-07-26] (Malwarebytes)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [126464 2010-11-20] (Microsoft Corporation)
R2 TechSmith Uploader Service; C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R2 TunnelBearMaintenance; C:\Program Files\TunnelBear\TBear.Maintenance.exe [41344 2016-12-16] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 xccwsgrzvwlkoo; c:\windows\system32\gmjtkcvstm.exe [102400 2016-06-12] ( hCompany (R)) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [65544 2016-11-28] (Advanced Card Systems Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-07-26] ()
R3 frzway; C:\Windows\System32\DRIVERS\frzway.sys [30456 2015-08-27] (The OpenVPN Project)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2016-11-12] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-01-25] (REALiX(tm))
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [165824 2017-08-16] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [85440 2017-08-16] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-08-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221632 2017-08-16] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [65824 2017-08-16] (Malwarebytes)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [63104 2015-02-17] (Identiv)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [171072 2016-10-06] (Prolific Technology Inc.)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [33280 2016-10-18] (The OpenVPN Project)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2017-03-05] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [36944 2016-08-23] (Anchorfree Inc.)
S3 tapwp01; C:\Windows\System32\DRIVERS\tapwp01.sys [35288 2014-12-11] (The OpenVPN Project)
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable_win7.sys [34024 2014-09-02] (Windows (R) Win 7 DDK provider)
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2016-10-13] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 16:19 - 2017-08-16 16:20 - 000015507 _____ C:\Users\Thierry\Desktop\FRST.txt
2017-08-16 16:18 - 2017-08-16 16:18 - 000000000 ____D C:\Users\Thierry\Desktop\FRST-OlderVersion
2017-08-15 14:36 - 2017-08-15 14:36 - 000000000 ____D C:\Users\Thierry\Desktop\Nouveau dossier (2)
2017-08-14 14:57 - 2017-08-16 01:23 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\mIRC
2017-08-14 13:54 - 2017-08-14 13:54 - 000074579 _____ C:\Users\Thierry\Desktop\windows-10-vl-aio-winpe-dart-7-8-1-10-x86-x64-v0-0-8-10-2016-multiboot.torrent
2017-08-14 13:47 - 2017-08-14 13:47 - 000019112 _____ C:\Users\Thierry\Desktop\win7-sp1-x86-32bits-all-versions.torrent
2017-08-14 13:33 - 2017-08-14 13:34 - 000000037 _____ C:\Users\Thierry\Desktop\t411.txt
2017-08-12 20:32 - 2017-08-12 20:32 - 004093968 _____ C:\Users\Thierry\Desktop\20070719084525968_01227H_VPD371_FRA-NED.pdf
2017-08-12 14:38 - 2017-08-14 14:02 - 000000000 ____D C:\Users\Thierry\Desktop\NRJ
2017-08-12 14:35 - 2017-08-12 14:37 - 489598103 _____ C:\Users\Thierry\Downloads\NRJ Party Hits 2017-Duke33.rar
2017-08-12 14:32 - 2017-08-12 14:35 - 367091332 _____ C:\Users\Thierry\Downloads\(J&M) Akilina n'a pas froid aux yeux.mp4
2017-08-12 14:31 - 2017-08-12 14:37 - 1286423772 _____ C:\Users\Thierry\Downloads\Blondes Made in France 576p.mp4
2017-08-12 14:27 - 2017-08-12 14:28 - 003741250 _____ () C:\Users\Thierry\Downloads\Deezer Downloader v3.2.3.exe
2017-08-12 14:26 - 2017-08-12 14:26 - 000005287 _____ C:\Users\Thierry\Desktop\deezer-downloader-v3-2-3-exe.torrent
2017-08-12 12:21 - 2017-08-16 16:17 - 000085440 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-12 01:23 - 2017-08-12 01:23 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\Publish Providers
2017-08-12 00:31 - 2017-08-12 00:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2017-08-12 00:30 - 2017-08-12 00:34 - 000000000 ____D C:\Users\Thierry\AppData\Local\Sony
2017-08-12 00:30 - 2017-08-12 00:31 - 000000000 ____D C:\ProgramData\Sony
2017-08-12 00:30 - 2017-08-12 00:31 - 000000000 ____D C:\Program Files\Sony
2017-08-12 00:28 - 2017-08-12 01:24 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\Sony
2017-08-12 00:28 - 2016-05-03 12:43 - 000000000 ____D C:\Users\Thierry\Downloads\Sound Forge PRO 11 + CRACK
2017-08-10 23:10 - 2017-08-10 23:10 - 000000000 ____D C:\Program Files\Lame For Audacity
2017-08-10 19:17 - 2017-08-10 19:17 - 000218424 _____ C:\Users\Thierry\Downloads\kali-linux-2017.1-i386.rar
2017-08-10 18:48 - 2017-08-10 18:48 - 000401179 _____ C:\Users\Thierry\Desktop\facture.pdf
2017-08-10 18:48 - 2017-08-10 18:48 - 000373241 _____ C:\Users\Thierry\Desktop\facture2.pdf
2017-08-10 18:43 - 2017-08-10 18:43 - 000369970 _____ C:\Users\Thierry\Desktop\0021630220.pdf
2017-08-10 17:43 - 2017-08-10 19:58 - 000000000 ____D C:\Users\Thierry\Downloads\kali-linux-2017.1-i386
2017-08-10 17:42 - 2017-08-10 17:42 - 000218330 _____ C:\Users\Thierry\Downloads\kali-linux-2017.1-i386.torrent
2017-08-10 16:22 - 2017-08-16 16:17 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-10 16:22 - 2017-08-16 16:17 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-10 16:22 - 2017-08-16 16:08 - 000165824 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-10 16:21 - 2017-08-16 16:16 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-10 16:21 - 2017-08-10 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-10 16:21 - 2017-08-10 16:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-10 16:21 - 2017-07-26 13:32 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-08-10 16:11 - 2017-08-10 16:19 - 000000000 ____D C:\Users\Thierry\Downloads\Malwarebytes.Premium.3.2.01959_delta
2017-08-10 16:06 - 2017-08-10 16:06 - 000020795 _____ C:\Users\Thierry\Downloads\malwarebytes-premium-3-2-01959-delta.torrent
2017-08-10 16:01 - 2017-08-12 00:50 - 000000000 ____D C:\Users\Thierry\AppData\Local\WUDfhost
2017-08-10 15:55 - 2017-08-10 15:55 - 000001791 _____ C:\Users\Thierry\Downloads\crack-avast-pro-antivirus-licence-jusqu-en-2026.torrent
2017-08-09 13:11 - 2017-08-09 13:11 - 000223925 _____ C:\Users\Thierry\Desktop\assurance incendie.pdf
2017-08-08 18:13 - 2017-08-08 18:13 - 000000000 ___RD C:\Users\Thierry\Documents\HRDLLC
2017-08-08 18:13 - 2017-08-08 18:13 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\HRDLLC
2017-08-08 18:12 - 2017-08-08 18:12 - 000001172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Ham Radio Deluxe.lnk
2017-08-08 18:12 - 2017-08-08 18:12 - 000001166 _____ C:\Users\Public\Desktop\Ham Radio Deluxe.lnk
2017-08-08 18:12 - 2017-08-08 18:12 - 000001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HRD SatTrack.lnk
2017-08-08 18:12 - 2017-08-08 18:12 - 000001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HRD Sync.lnk
2017-08-08 18:12 - 2017-08-08 18:12 - 000001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Mapper.lnk
2017-08-08 18:12 - 2017-08-08 18:12 - 000000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HRD DDE SatTrackServer.lnk
2017-08-08 18:12 - 2017-08-08 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ham Radio Deluxe
2017-08-08 18:12 - 2017-08-08 18:12 - 000000000 ____D C:\Program Files\HRD Software LLC
2017-08-08 18:09 - 2017-08-08 18:09 - 000000000 ____D C:\Users\Thierry\AppData\Local\IIIQF
2017-08-06 14:54 - 2017-08-06 15:36 - 000000000 ____D C:\Users\Thierry\Desktop\usb_driver
2017-08-06 14:53 - 2017-08-06 14:53 - 008682859 _____ C:\Users\Thierry\Desktop\latest_usb_driver_windows.zip
2017-08-06 13:51 - 2017-08-06 13:51 - 000000000 ____D C:\Program Files\Common Files\Java
2017-08-03 17:17 - 2017-08-03 17:17 - 015376688 _____ (ByClick) C:\Users\Thierry\Desktop\YouTubeByClick-Setup.exe
2017-08-02 18:53 - 2017-08-02 18:53 - 001043456 _____ C:\Users\Thierry\Desktop\2017-08-radioamateurs-CALLS.xls
2017-08-02 15:52 - 2017-08-16 01:24 - 000000000 ____D C:\Users\Thierry\AppData\Local\Package Cache
2017-08-02 15:52 - 2017-08-02 15:52 - 000000000 ____D C:\Users\Thierry\AppData\Local\VASCO
2017-07-30 09:41 - 2017-07-30 09:41 - 000449387 _____ C:\Users\Thierry\Desktop\FRfiche retour sav conditions.pdf
2017-07-29 20:52 - 2017-07-29 21:15 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\YouTubeByClick
2017-07-29 20:46 - 2017-07-29 20:46 - 000000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\YouTubeByClick.lnk
2017-07-29 20:46 - 2017-07-29 20:46 - 000000000 ____D C:\ProgramData\Caphyon
2017-07-29 20:46 - 2017-07-29 20:46 - 000000000 ____D C:\Program Files\YouTube By Click
2017-07-29 20:44 - 2017-07-29 20:44 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\ByClick
2017-07-28 16:19 - 2017-07-28 16:19 - 005963467 _____ C:\Users\Thierry\Desktop\4ZMRQvt.zip
2017-07-28 16:19 - 2017-07-28 16:19 - 002924106 _____ C:\Users\Thierry\Desktop\INTEK USB_DriverInstaller_v1.11.0.zip
2017-07-28 11:29 - 2017-07-28 11:29 - 000000087 _____ C:\Users\Thierry\Desktop\pense bête.txt
2017-07-28 09:45 - 2009-10-06 15:59 - 000487741 _____ C:\Users\Thierry\Documents\frigo.PDF
2017-07-28 09:41 - 2017-07-28 09:41 - 000407002 _____ C:\Users\Thierry\Desktop\FA2532_FR.zip
2017-07-27 11:50 - 2003-07-06 14:07 - 000372736 _____ (Intel Corporation) C:\Windows\system32\IJL_11.DLL
2017-07-27 11:06 - 2017-07-27 11:06 - 000093919 _____ C:\Users\Thierry\Documents\frequences_lpd433.pdf
2017-07-27 11:04 - 2017-07-27 11:04 - 000003863 _____ C:\Users\Thierry\Documents\frequences_pmr446.pdf
2017-07-26 12:09 - 2017-07-26 12:09 - 007286521 _____ C:\Users\Thierry\Downloads\download82.rar
2017-07-25 23:26 - 2017-07-25 23:26 - 004906824 _____ C:\Users\Thierry\Downloads\KT8900R.rar
2017-07-25 22:40 - 2017-07-25 22:40 - 000000000 ____D C:\Program Files\CHIRP
2017-07-25 22:32 - 2017-07-25 22:33 - 002065563 _____ (Macrovision Corporation) C:\Users\Thierry\Downloads\Win_Driver_Prolific_3_2_0_0.exe
2017-07-25 21:44 - 2017-07-25 21:44 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UV3BAND_E_CPS
2017-07-25 21:44 - 2017-07-25 21:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UV3BAND_E_CPS
2017-07-25 21:44 - 2017-07-25 21:44 - 000000000 ____D C:\Program Files\UV3BAND_E_CPS
2017-07-25 21:37 - 2017-07-25 21:37 - 002453284 _____ C:\Users\Thierry\Downloads\KT8900R_Prog_software_201512191044575402.rar
2017-07-25 21:35 - 2017-07-25 21:35 - 000026401 _____ C:\Users\Thierry\Documents\mp320 francais.pdf
2017-07-25 21:33 - 2017-07-25 21:33 - 000088843 _____ C:\Users\Thierry\Downloads\409_checkChipVersion_v1006.rar
2017-07-23 15:07 - 2017-07-23 15:07 - 001887590 _____ C:\Users\Thierry\Documents\de464398fb8e38162c579f370d2cb240.pdf
2017-07-23 13:35 - 2017-07-23 13:35 - 000000837 _____ C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-07-23 13:35 - 2017-07-23 13:35 - 000000789 _____ C:\Users\Thierry\Desktop\Start Tor Browser.lnk
2017-07-23 13:33 - 2017-07-23 13:34 - 000000000 ____D C:\Users\Thierry\Desktop\Tor Browser
2017-07-23 13:32 - 2017-07-23 13:33 - 054529672 _____ C:\Users\Thierry\Downloads\torbrowser-install-7.0.2_fr.exe
2017-07-21 18:44 - 2017-07-21 18:44 - 000000216 _____ C:\Users\Thierry\Desktop\toshiba tv.url
2017-07-21 18:41 - 2017-07-21 18:41 - 006649364 _____ C:\Users\Thierry\Documents\TOSHIBA-40LV675D-notice-mode-emploi-guide-manuel-pdf (1)
2017-07-21 18:39 - 2017-07-21 18:39 - 006649364 _____ C:\Users\Thierry\Documents\TOSHIBA-40LV675D-notice-mode-emploi-guide-manuel-pdf
2017-07-21 09:50 - 2017-07-21 09:50 - 003846768 _____ C:\Users\Thierry\Documents\regza_32hl17.pdf
2017-07-20 22:17 - 2017-07-20 22:17 - 000000141 _____ C:\Users\Thierry\Desktop\Vidéos humour.url
2017-07-19 16:33 - 2017-07-19 16:34 - 000000306 _____ C:\Users\Thierry\Desktop\affiches.url
2017-07-19 10:32 - 2017-07-19 10:32 - 000351059 _____ C:\Users\Thierry\Documents\0021630220.pdf
2017-07-17 16:10 - 2017-07-17 16:10 - 000000167 _____ C:\Users\Thierry\Desktop\Junker.url
2017-07-17 10:52 - 2017-07-21 05:53 - 000000000 ____D C:\Program Files\TunnelBear
2017-07-17 10:52 - 2017-07-17 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 16:21 - 2016-11-13 10:38 - 000000000 ____D C:\ProgramData\Temp
2017-08-16 16:19 - 2017-03-10 11:47 - 000000000 ____D C:\FRST
2017-08-16 16:18 - 2017-03-10 11:47 - 001792512 _____ (Farbar) C:\Users\Thierry\Desktop\FRST.exe
2017-08-16 16:17 - 2016-11-12 22:33 - 000000000 ____D C:\Program Files\Glary Utilities 5
2017-08-16 16:17 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\inetsrv
2017-08-16 16:15 - 2017-07-15 10:47 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-16 16:15 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-16 16:10 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-08-16 15:39 - 2016-11-14 20:46 - 000806488 _____ C:\Windows\system32\perfh00C.dat
2017-08-16 15:39 - 2016-11-14 20:46 - 000171312 _____ C:\Windows\system32\perfc00C.dat
2017-08-16 15:39 - 2010-11-20 23:01 - 001823066 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-16 15:34 - 2016-11-12 22:42 - 000000000 ___RD C:\Users\Thierry\Desktop\Secutity
2017-08-16 13:15 - 2016-11-14 10:44 - 000000000 ____D C:\AdwCleaner
2017-08-16 09:05 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-16 09:05 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-16 03:18 - 2016-12-10 15:21 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\vlc
2017-08-16 01:30 - 2016-11-12 17:22 - 000000000 ____D C:\Users\Thierry
2017-08-16 01:25 - 2016-11-20 23:12 - 000000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL
2017-08-16 01:25 - 2010-11-21 02:46 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-08-16 01:24 - 2017-04-17 12:12 - 000000000 ____D C:\Users\Thierry\Downloads\maitre gims-mon coeur avait raison-2015-mp3-320kbps
2017-08-16 01:24 - 2017-01-22 12:53 - 000000000 ____D C:\Users\Thierry\Downloads\Malwarebytes 3.0.4.1269
2017-08-16 01:24 - 2016-12-14 10:34 - 000000000 ____D C:\Users\Thierry\Downloads\Google.Earth.Plus.v5.2.1.1588.Multilingual.Incl.Patch
2017-08-16 01:24 - 2016-12-07 18:48 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\uTorrent
2017-08-16 01:24 - 2016-11-22 13:29 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\Audacity
2017-08-16 01:24 - 2016-11-16 07:14 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\PhotoFiltre Studio X
2017-08-16 01:24 - 2016-11-15 09:55 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-16 01:23 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration
2017-08-15 19:22 - 2016-11-30 10:46 - 000000000 ____D C:\ProgramData\Hotspot Shield
2017-08-15 10:12 - 2016-11-15 22:57 - 000000000 ____D C:\Users\Thierry\AppData\LocalLow\Mozilla
2017-08-12 14:40 - 2016-11-14 16:10 - 000000000 ____D C:\Windows\system32\MRT
2017-08-12 01:39 - 2016-11-15 07:04 - 000000000 ___RD C:\Users\Thierry\Desktop\Outils Radio
2017-08-11 22:24 - 2017-04-12 13:44 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-11 12:48 - 2016-11-22 13:38 - 000001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-08-11 12:47 - 2016-11-12 22:33 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\GlarySoft
2017-08-10 16:21 - 2017-03-30 12:36 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-08 17:33 - 2017-03-23 13:52 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-08-08 17:33 - 2017-03-23 13:52 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-08-08 17:33 - 2016-11-13 10:12 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-07 20:44 - 2017-03-25 15:13 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-07 20:44 - 2017-03-25 15:13 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-06 15:59 - 2016-11-22 17:09 - 000000000 ____D C:\Program Files\RadioBOSS
2017-08-06 15:36 - 2017-03-27 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-06 13:52 - 2016-12-25 19:59 - 000000000 ____D C:\ProgramData\Oracle
2017-08-06 13:51 - 2017-03-27 15:59 - 000000000 ____D C:\Program Files\Java
2017-08-06 13:49 - 2017-03-27 16:00 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-08-05 18:23 - 2017-06-18 16:28 - 000000000 ____D C:\Users\Thierry\Documents\Audacity
2017-08-04 17:59 - 2009-07-14 04:03 - 050855936 _____ C:\Windows\system32\config\software.gu.bak
2017-08-04 17:59 - 2009-07-14 04:03 - 033816576 _____ C:\Windows\system32\config\system.gu.bak
2017-08-04 17:59 - 2009-07-14 04:03 - 000262144 _____ C:\Windows\system32\config\security.gu.bak
2017-08-04 17:58 - 2009-07-14 04:03 - 001572864 _____ C:\Windows\system32\config\default.gu.bak
2017-08-04 17:58 - 2009-07-14 04:03 - 000262144 _____ C:\Windows\system32\config\sam.gu.bak
2017-08-04 10:27 - 2017-07-14 07:02 - 000000000 ____D C:\Users\Thierry\AppData\Local\LenovoServiceBridge
2017-08-01 12:39 - 2017-01-21 09:21 - 000000000 ____D C:\Users\Thierry\AppData\Local\CrashDumps
2017-08-01 12:36 - 2016-11-15 09:51 - 000000000 ____D C:\Users\Thierry\AppData\Local\Flvto YouTube Downloader
2017-08-01 12:32 - 2016-11-15 13:40 - 000024177 _____ C:\Users\Thierry\AppData\Roaming\downloads.json
2017-07-30 10:56 - 2016-11-23 12:29 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\FileZilla
2017-07-29 20:16 - 2016-11-15 13:38 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\.driveapi
2017-07-28 22:10 - 2016-11-13 10:40 - 000000000 ____D C:\Users\Thierry\Documents\Youcam
2017-07-25 21:44 - 2016-11-20 19:03 - 000249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2017-07-25 21:44 - 2016-11-20 19:03 - 000073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2017-07-25 19:33 - 2016-11-12 17:22 - 000000000 ____D C:\Users\Thierry\AppData\Local\VirtualStore
2017-07-24 21:37 - 2017-07-02 22:37 - 000000000 ____D C:\Users\Thierry\Desktop\AllFrTV
2017-07-20 10:49 - 2017-04-16 17:27 - 000000000 ____D C:\Users\Thierry\Desktop\important
2017-07-18 19:28 - 2017-03-08 00:09 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\dvdcss
2017-07-17 10:58 - 2017-03-25 17:06 - 000000000 ____D C:\Users\Thierry\AppData\Roaming\TunnelBear
2017-07-17 03:37 - 2016-11-14 09:44 - 000029688 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe

==================== Files in the root of some directories =======

2016-11-20 15:58 - 2016-12-03 14:31 - 000000766 _____ () C:\Users\Thierry\AppData\Roaming\buttrc
2016-11-15 13:40 - 2017-08-01 12:32 - 000024177 _____ () C:\Users\Thierry\AppData\Roaming\downloads.json
2016-11-27 11:10 - 2017-07-15 16:26 - 000007680 _____ () C:\Users\Thierry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-13 08:18 - 2016-11-13 08:18 - 000007597 _____ () C:\Users\Thierry\AppData\Local\Resmon.ResmonCfg
2017-01-22 13:29 - 2017-01-22 13:29 - 000001592 _____ () C:\ProgramData\Client Monitor
2016-11-22 07:21 - 2016-11-22 07:21 - 000004154 _____ () C:\ProgramData\ubzyegls.kzt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-05 11:54

==================== End of FRST.txt ============================

Addition
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-08-2017
Ran by Thierry (16-08-2017 16:21:30)
Running from C:\Users\Thierry\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-11-12 15:22:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1336148165-2905861916-3324050080-500 - Administrator - Disabled)
Guest (S-1-5-21-1336148165-2905861916-3324050080-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1336148165-2905861916-3324050080-1002 - Limited - Enabled)
Thierry (S-1-5-21-1336148165-2905861916-3324050080-1000 - Administrator - Enabled) => C:\Users\Thierry

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
µTorrent (HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop CS5 Portable (HKLM\...\{61172A5D-60AA-43BE-958F-90451024E768}_is1) (Version: - Adobe)
All_In One (HKLM\...\ThjH9rs-v_is1) (Version: - )
AllFrTV version 6.2 (HKLM\...\{B32CEC1E-1FDA-46DD-A429-31E63C270007}_is1) (Version: 6.2 - Racacax)
Apple Application Support (32 bits) (HKLM\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.1.3 (HKLM\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Belgium e-ID middleware 4.1.20 (build 1779) (HKLM\...\{4DDF16AE-8D5D-4027-A2D1-8CBB498E1779}) (Version: 4.1.1779 - Belgian Government)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
BTECH2501(+220)_CPS (HKLM\...\ST6UNST #1) (Version: - )
BurnAware Free 10.3 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
CHIRP (HKLM\...\CHIRP) (Version: - )
COUCOU (HKLM\...\{F0B308FA-CD1A-461D-BF3A-24BA0068C9D7}_is1) (Version: - F6DQM)
CyberLink YouCam 5 (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DIGIPASS Native Bridge 2.3.2 (HKLM\...\{D9145E6A-FEDE-4922-8EB0-6154E4C528CB}) (Version: 2.3.2 - VASCO Data Security) Hidden
DIGIPASS Native Bridge 2.3.2 (HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\...\{9417bcae-5ec1-4171-81d5-46bf5bf9b573}) (Version: 2.3.2 - VASCO Data Security)
FileZilla Client 3.25.2 (HKLM\...\FileZilla Client) (Version: 3.25.2 - Tim Kosse)
Firebird 2.5.0.26074 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)
FL Studio 12 (HKLM\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM\...\FL Studio ASIO) (Version: - Image-Line)
Galerie de photos (HKLM\...\{439B34FF-F74E-4807-B5E2-4B758551DA6B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Glary Utilities PRO 5.81 (HKLM\...\Glary Utilities 5) (Version: 5.81.0.102 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Ham Radio Deluxe (HKLM\...\{53E83470-A049-4848-893C-71FA93EAD59F}) (Version: 6.4.0.664 - HRD Software LLC) Hidden
Ham Radio Deluxe (HKLM\...\Ham Radio Deluxe) (Version: 6.4.0.664 - HRD Software LLC)
HashCalc 2.02 (HKLM\...\HashCalc_is1) (Version: - SlavaSoft Inc.)
Havij 1.17 Pro (HKLM\...\Havij_is1) (Version: - ITSecTeam)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
IP-Tools (HKLM\...\IP-Tools) (Version: - )
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Jingle Palette 4.4.5 (HKLM\...\Jingle Palette) (Version: 4.4.5 - )
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Lenovo Service Bridge (HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.5 - Lenovo)
Light Image Resizer 4.7.2.0 (HKLM\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.7.2.0 - ObviousIdea)
Magic MP3 Tagger 2.2.6 (HKLM\...\uniquemagicmp3taggerappid_is1) (Version: - Mathias Kunter)
Malwarebytes version 3.2.0.1959 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.0.1959 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (HKLM\...\{21764A96-6748-4B83-89E7-7A5063BF156C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 fr) (HKLM\...\Mozilla Firefox 54.0.1 (x86 fr)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mp3tag v2.81 (HKLM\...\Mp3tag) (Version: 2.81 - Florian Heidenreich)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
Multilingual Speaking Clock ver 2.6 (HKLM\...\Multilingual Speaking Clock_is1) (Version: 2.6 - Lux Aeterna Software)
My Radiomatisme 1.0.0.25 (HKLM\...\{EE0B037B-D2F2-4893-AF15-7FA3DF10E856}_is1) (Version: - My Progsoft)
Noise Reduction Plug-In 2.0 (HKLM\...\{36DF4580-D1B3-11E3-A23E-F04DA23A5C58}) (Version: 2.0.628 - Sony)
Nokia Connectivity Cable Driver (HKLM\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
OBS Studio (HKLM\...\OBS Studio) (Version: 18.0.1 - OBS Project)
OpenOffice 4.1.3 (HKLM\...\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}) (Version: 4.13.9783 - Apache Software Foundation)
PhotoFiltre Studio X (HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\...\PhotoFiltre Studio X) (Version: - )
PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
PlayIt Live (HKLM\...\PlayItLive) (Version: - )
Python 2.7.2 (HKLM\...\{2E295B5B-1AD4-4d36-97C2-A316084722CF}) (Version: 2.7.2150 - Python Software Foundation)
Python Launcher (HKLM\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
RADIO Logger Pro 2 (HKLM\...\RADIO Logger Pro 2_is1) (Version: 2.2.1.42 - Radiosoft LLC)
RadioBOSS 5.4.3.1 (HKLM\...\RadioBOSS) (Version: 5.4.3.1 - DJSoft.Net)
RadioBOSS 5.5.5.0 (HKLM\...\RadioBOSS_is1) (Version: 5.5.5.0 - DJSoft.net)
RadioLogger 3.0.2.0 (HKLM\...\{DD8E6FB9-C8AC-4B40-8F51-B3332C5A09DE}_is1) (Version: 3.0.2.0 - DJSoft.net)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
RegistryNuke 2014 version 2.1.6.80 (HKLM\...\{D9DF8D5A-2160-402B-819F-A5A964215528}_is1) (Version: 2.1.6.80 - RegistryNuke, Inc.)
SAM Cast 2015.5 (HKLM\...\SAMCast) (Version: 2015.5 - Spacial Audio Solutions, LLC)
SecurityKISS Tunnel v0.3.2 (HKLM\...\SecurityKISS Tunnel_is1) (Version: - )
SIMPLEX (HKLM\...\{437D9DEF-B5D9-4CC7-A8BF-BB5F9742F47D}_is1) (Version: - F6DQM)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snagit 12 (HKLM\...\{4FC332FE-CBE3-4AE0-B531-35048FD81912}) (Version: 12.4.1 - TechSmith Corporation) Hidden
Snagit 12 (HKLM\...\{ec29af82-9c9e-420e-ab18-53821c36ac3c}) (Version: 12.4.1.3036 - TechSmith Corporation)
Snagit 13 (HKLM\...\{35159268-7E2F-47D1-AAF2-A951A61DB5B4}) (Version: 13.1.0 - TechSmith Corporation) Hidden
Snagit 13 (HKLM\...\{f40213e2-b7e5-45fa-9bc3-a671ed6d94ea}) (Version: 13.1.0.7494 - TechSmith Corporation)
Sothink Logo Maker (HKLM\...\{C8F4904F-51F4-4312-BE64-FF1D23606E86}_is1) (Version: 1.1 - SourceTec Software Co., LTD)
Sothink Logo Maker Professional (HKLM\...\{D597C3D3-13D7-4BF1-9D60-AAEBBD350FF5}) (Version: 4.4.4625 - SourceTec Software)
Sound Forge Pro 11.0 (HKLM\...\{3F1EEA40-9515-11E4-9B3B-F04DA23A5C58}) (Version: 11.0.299 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TunnelBear (HKLM\...\{6842EAA3-D175-41D1-9F4A-DF20BA70483A}) (Version: 2.3.29.0 - TunnelBear) Hidden
TunnelBear (HKLM\...\{70b32981-56bc-4340-82c1-6b0dc0d5bc2a}) (Version: 2.3.29.0 - TunnelBear)
UV3BAND_E_CPS (HKLM\...\ST6UNST #2) (Version: - )
VirtualDJ 8 (HKLM\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Driver Package - Fedict SmartCard (11/30/2016 4.1.9) (HKLM\...\A9FBB4D4E267FA9BF2CEBF564F02DB39E147B466) (Version: 11/30/2016 4.1.9 - Fedict)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Movie Maker 2016 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1) (Version: - windows-movie-maker.org)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireshark 2.2.2 (32-bit) (HKLM\...\Wireshark) (Version: 2.2.2 - The Wireshark developer community, hxxps://www.wireshark.org)
WOW Slider (HKLM\...\WOW Slider) (Version: - )
WOW Slider (HKLM\...\WOW Slider_is1) (Version: - )
XSplit Broadcaster (HKLM\...\{C937057E-3777-426B-ACC6-809EC445EBD5}) (Version: 2.9.1701.1616 - SplitmediaLabs)
YouTube By Click (HKLM\...\{77099314-912F-47E8-AF74-6D63C83B6956}) (Version: 2.2.71 - ByClick) Hidden
YouTube By Click (HKLM\...\YouTube By Click 2.2.71) (Version: 2.2.71 - ByClick)
ZaraRadio 1.6.2 (HKLM\...\ZaraRadio_is1) (Version: - ZaraSoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{094AE5CB-62E5-4845-8ED6-617D9FE893DD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{22756E83-8EBC-4B16-A4A4-0AA73BE497B1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{56C94D6A-7370-4885-A04E-7097FE4E0BAF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{79811B29-9C10-4FCB-A117-6030F2DC12BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{94330D48-EB33-49BB-87F1-AD8C0352C010}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Thierry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Thierry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Thierry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Thierry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{F7CA46A9-ACA5-45A6-967E-03FF5A282D01}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1336148165-2905861916-3324050080-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Thierry\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\FileSyncApi.dll (Microsoft Corporation)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-01-17] ()
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2016-06-23] (Glarysoft Ltd)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell32.dll [2016-11-25] (Florian Heidenreich)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 13\SnagitShellExt.dll [2017-01-20] (TechSmith Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2016-06-23] (Glarysoft Ltd)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell32.dll [2016-11-25] (Florian Heidenreich)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-07-26] (Malwarebytes)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell32.dll [2016-11-25] (Florian Heidenreich)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 13\SnagitShellExt.dll [2017-01-20] (TechSmith Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2016-06-23] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-07-26] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A29A1B9-6B76-4265-919C-97E6983A2504} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-15] (Adobe Systems Incorporated)
Task: {0F29A401-0FA6-49B6-959A-CA17D0C1F6DB} - System32\Tasks\MySQL\Installer\ManifestUpdate => c:\program files\mysql\mysql installer for windows\mysqlinstallerconsole.exe
Task: {1BE638F0-B4DF-48E5-8C72-DC5C68D47F4F} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
Task: {2983FC04-9D05-44B4-9EAE-E3FBF90E9598} - System32\Tasks\{148E5D67-F48A-46EA-BF50-1DF81F829856} => C:\Windows\system32\pcalua.exe -a C:\Users\Thierry\AppData\Local\Temp\jre-8u144-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {356E0302-D628-4AA4-86F2-054DF159F149} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {79C390AD-386E-48ED-89D1-CE01D0A0C161} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {811692CD-64C0-4D7B-AB5B-CDF9B80D4571} - System32\Tasks\SafeZone scheduled Autoupdate 1500125113 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {8243AB81-599F-4123-8423-43533D671B88} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8B6D6073-D713-490B-B96D-98CAFB762681} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-25] (Google Inc.)
Task: {975FBDFB-9609-49CE-9569-E1E1AB4D025E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {9C6AEA47-DEED-4ACE-B514-94633A64FB52} - System32\Tasks\{C45545A4-1608-4429-B4C8-63E577CE3A77} => C:\Windows\system32\pcalua.exe -a "C:\Users\Thierry\Desktop\RadioDJ\Setup\Database Setup.exe" -d C:\Users\Thierry\Desktop\RadioDJ\Setup
Task: {A908226E-5761-420D-93C8-6B94C283349A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1336148165-2905861916-3324050080-1000 => C:\Users\Thierry\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2017-07-26] (Lenovo Group Limited)
Task: {B68CD684-4755-453B-9FC2-36812FBB58B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-03-25] (Google Inc.)
Task: {B89A467D-64A7-4B8B-94A2-A32053BD9DD1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {C1F9364A-049A-46AC-ACB2-7D35B0F2ED8E} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [2017-08-07] (Glarysoft Ltd)
Task: {D77DB28D-ED4D-44C5-A8F2-A18E3D337499} - System32\Tasks\TechSmith Updater => C:\Program Files\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-09-06] (TechSmith Corporation)
Task: {F9BD2527-4609-48D7-BF6F-AAE8EDEA7BC2} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
Task: {FD352BBD-ECE5-4EFA-B43F-012282541345} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2017-08-07] (Glarysoft Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
Shortcut: C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Cast\Help\Help Center.lnk -> hxxp://spacial.com/help-center?filter=sam-cas
Shortcut: C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster\Help\Help Center.lnk -> hxxp://spacial.com/help-center?filter=sam-broadcaste

==================== Loaded Modules (Whitelisted) ==============

2017-07-16 18:48 - 2017-07-16 18:48 - 001945600 _____ () C:\Program Files\HRD Software LLC\Ham Radio Deluxe\HRDRemoteSvr.exe
2016-12-16 10:34 - 2016-12-16 10:34 - 000041344 _____ () C:\Program Files\TunnelBear\TBear.Maintenance.exe
2017-08-10 16:21 - 2017-07-26 13:32 - 001720272 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
- - 000000000 _____ () C:\Windows\System32\msiuncerp.dll
2017-04-30 13:21 - 2017-04-30 13:21 - 000048296 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2017-01-17 03:30 - 2017-01-17 03:30 - 000267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2015-08-25 15:33 - 2012-12-21 20:33 - 000020288 _____ () C:\Program Files\CCleaner\branding.dll
2017-06-30 13:22 - 2017-06-30 13:22 - 000077824 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll
2017-08-07 03:24 - 2017-08-07 03:24 - 000087032 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x86.sys [68562]
AlternateDataStreams: C:\ProgramData\Temp:8927A071 [666]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2017-08-10 16:13 - 000001958 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 keystone.mwbsys.com
0.0.0.0 anchorfree.net
0.0.0.0 rss2search.com
0.0.0.0 techbrowsing.com
0.0.0.0 box.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 www.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 anchorfree.us
0.0.0.0 a433.com
0.0.0.0 anchorfree.net
0.0.0.0 rpt.anchorfree.net
0.0.0.0 delivery.anchorfree.us/land.php
0.0.0.0 hsselite.com
0.0.0.0 www.hsselite.com
0.0.0.0 anchorfree.net
0.0.0.0 rss2search.com
0.0.0.0 techbrowsing.com
0.0.0.0 box.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 www.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 anchorfree.us
0.0.0.0 a433.com
0.0.0.0 anchorfree.net
0.0.0.0 rpt.anchorfree.net
0.0.0.0 delivery.anchorfree.us/land.php
0.0.0.0 hsselite.com
0.0.0.0 www.hsselite.com
0.0.0.0 anchorfree.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1336148165-2905861916-3324050080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Fond d’écran.bmp
DNS Servers: 172.18.11.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{95EF5EA0-4CCD-4375-918B-ED3AFFF72FD2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{4457A1CE-188B-474F-9835-F91773556ACB}] => (Allow) LPort=8298
FirewallRules: [{3F6950FE-D47F-4C2E-B729-94A4F1B8AE21}] => (Allow) C:\Users\Thierry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{40CC54ED-6F5B-4363-BE47-17A9D3DEE8E6}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{842A2855-9F4C-4C87-B695-1C870E42A966}] => (Allow) LPort=2869
FirewallRules: [{5C6FB43B-056E-4A19-B26A-7F182E05618A}] => (Allow) LPort=1900
FirewallRules: [{994F9194-C1E3-495E-BB87-C47CF558DC7D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A205E237-2A3E-4230-B07E-DD2F99CBCAFA}] => (Allow) C:\Users\Thierry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0E98D7B5-912A-41D1-95D7-F8C6E1E3285F}] => (Allow) C:\Users\Thierry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3EA4C90B-F0BB-47FD-85C0-C87202AD0186}] => (Allow) C:\Users\Thierry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C79642F6-E9D7-4D24-A0B0-7558F5B4C782}] => (Allow) C:\Users\Thierry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{82876915-F717-4734-BDC7-2A9A3B97B4D5}] => (Allow) C:\Users\Thierry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{736AC496-BCF5-4CA3-8D5D-05F9E3F6064E}] => (Allow) C:\Users\Thierry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7787C2E6-DCC1-4D5F-999C-90A1851108A1}C:\program files\radioboss\radioboss.exe] => (Allow) C:\program files\radioboss\radioboss.exe
FirewallRules: [UDP Query User{15FCDCDD-5890-469C-9330-DE51154A521C}C:\program files\radioboss\radioboss.exe] => (Allow) C:\program files\radioboss\radioboss.exe
FirewallRules: [{6CC47F10-724B-4206-882B-BB8EB586F26B}] => (Block) C:\program files\radioboss\radioboss.exe
FirewallRules: [{821A63EB-779F-419B-93A0-3538062E8421}] => (Block) C:\program files\radioboss\radioboss.exe
FirewallRules: [{6CFAF563-5593-499C-ABE8-5D67A75509AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{39ED8539-A062-431D-8758-1E472D28C1F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28CA25A1-8815-4BF4-A43B-00120D6D1D57}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B639E413-B7C8-4FDC-A085-E70CA38A76C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EA731FB9-62BD-480B-9608-FBDB9798D9CC}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{A0915F65-2793-4E34-AE36-4E1F9358A338}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E9DFAC1C-8399-4967-A8BC-0FB2CC930A9A}C:\users\thierry\desktop\outils radio\deezloader-win32-ia32\deezloader.exe] => (Allow) C:\users\thierry\desktop\outils radio\deezloader-win32-ia32\deezloader.exe
FirewallRules: [UDP Query User{E699870A-7358-4CD5-9A19-F56AC112C1E5}C:\users\th
A voir également:

3 réponses

Réponse 1 / 3
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
16 août 2017 à 17:23
Salut,

Les rapports sont à donner via pjjoint,

Installe "Real Temp" ou "Coretemp" pour Monitorer la température de l'ordinateur.
Voir à combien monte la température de l'ordinateur lors de son utilisation. Celle-ci ne doit pas dépasser les 60 degrés Celsius. Si possible joindre au message une capture d'écran du logiciel.

puis :

Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).

Télécharge et lance le scan FRST,
Attendre la fin du scan, un message indique que l'analyse est terminée.

Trois rapports FRST seront générés :
  • FRST.txt
  • Shortcut.txt
  • Additionnal.txt


Envoie ces 3 rapports sur le site https://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.


1
Thierry1000 Messages postés 34 Date d'inscription vendredi 10 mars 2017 Statut Membre Dernière intervention 22 février 2022
16 août 2017 à 21:54
Merci, voici les 3 liens
https://pjjoint.malekal.com/files.php?id=20170816_w13m8w11f9x6
https://pjjoint.malekal.com/files.php?id=FRST_20170816_c5c10x7w7f15
https://pjjoint.malekal.com/files.php?id=20170816_x5q6d10c10u15

Bien à vous.
0
Réponse 2 / 3
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
16 août 2017 à 23:20
Petite config, donc faut limiter au max, les trucs installés.
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 49%
Total physical RAM: 2939.99 MB
Available physical RAM: 1486.96 MB

Après on ne pourra pas faire des miracles.

Désinstalle :
CyberLink
Java
Glary Utilities PRO
SecurityKISS Tunnel
Snagit (utile?)
TunnelBear
WinPcap
WinRAR
Wireshark

Supprimer CCleaner du démarrage : https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
1
Réponse 3 / 3
Thierry1000 Messages postés 34 Date d'inscription vendredi 10 mars 2017 Statut Membre Dernière intervention 22 février 2022
17 août 2017 à 17:30
Un grand merci pour vos conseils, en effet cela rame déjà moins, oui petite config.
Bien à vous
Thierry
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
17 août 2017 à 17:31
ça roule, je ne pense pas pouvoir faire mieux :)
0