Addition.txt

Document joint : GECtOFAEIkX_Addition.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by sylvain.admin (28-05-2017 21:30:24)
Running from C:\Users\Sylvain\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-28 08:46:14)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-841807541-912244095-3207228165-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-841807541-912244095-3207228165-501 - Limited - Disabled)
Sylvain (S-1-5-21-841807541-912244095-3207228165-1000 - Limited - Enabled) => C:\Users\Sylvain
sylvain.admin (S-1-5-21-841807541-912244095-3207228165-1001 - Administrator - Enabled) => C:\Users\sylvain.admin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Camera Controller GUI (HKLM-x32\...\{96F90041-A2B1-48D5-8F53-BA8462530CD5}) (Version: 1.0.114 - Flir Systems)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-841807541-912244095-3207228165-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
Dell ControlVault Host Components Installer 64 bit (Version: 2.2.123.393 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.009 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 26.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.127 - Dell Inc.)
eDrawings 2014 (HKLM-x32\...\{8E020116-05F7-4246-AAA4-9E0683AE1A24}) (Version: 14.5.0008 - Dassault Systèmes SolidWorks Corp.)
EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
FortiClient SSLVPN v4.0.2300 (HKLM-x32\...\{A34DCE59-0004-0000-2300-3F8A9926B752}) (Version: 4.0.2300 - Fortinet Inc.)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKU\S-1-5-21-841807541-912244095-3207228165-1000\...\HP Photo Creations) (Version: 1.0.0.18862 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6388.0 - IDT)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4176 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee Agent (HKLM-x32\...\{99AEE8F3-FEC3-4375-9B90-77641E570DA2}) (Version: 4.6.0.3262 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{AFADA6D3-EBC0-406E-B3ED-079B7A831467}) (Version: 8.0.6362.229 - Microsoft Corporation)
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version: - Microsoft)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
òãëåï òáåø Microsoft Outlook Social Connector (KB2289116) (HKLM-x32\...\{90140000-001A-040D-0000-0000000FF1CE}_Office14.SingleImage_{5749940B-43E2-45B5-814D-2D1B3BDFA404}) (Version: - Microsoft)
OphirSim (HKLM-x32\...\{B97A205A-CEF9-4777-B2CE-C82607A5C06B}) (Version: 1.0.9 - OphirOptronics)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
SAP GUI for Windows 7.30 (Patch 10) (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 3 - SAP AG)
Simulator-15-100 (HKLM-x32\...\{E0A61875-1764-425C-89FF-00F609EF4055}) (Version: 1.2.4 - OphirOptronics)
Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation)
Skype 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
Sofradir GUI version 1.0.4.0 (HKLM-x32\...\{C0C5C460-BFE7-478C-8637-E989A3B9B933}_is1) (Version: 1.0.4.0 - Sofradir)
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (10/05/2012 6.6.0.0) (HKLM\...\5118100F6945E20FB40C6DEA7D3D348AFD9E43D7) (Version: 10/05/2012 6.6.0.0 - Silicon Laboratories)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-841807541-912244095-3207228165-1000_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\Sylvain\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-841807541-912244095-3207228165-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04EAC746-3456-412B-9FCD-38CEC0548AC8} - System32\Tasks\ScanToPCActivationApp.exe_{071353C3-6052-45C5-BA68-237CB5F5A9FF} => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {2CE55797-F282-48D9-9EC6-D61FC20FA47B} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Sylvain\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-07-20] ()
Task: {64727E5D-C81C-4BD3-8AFD-6CFCAABD331E} - System32\Tasks\{7564AB81-A5A6-494F-A304-AADD1CC8B939} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-05-05] (Skype Technologies S.A.)
Task: {7ADE72ED-3838-4F23-9BB0-B96563766F7D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29] (Google Inc.)
Task: {BC36B0C5-026C-4E5E-A44E-DFC20C7B6A34} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-18] (Dropbox, Inc.)
Task: {C3A43B5A-5DB0-4E95-B060-B6CB5B6226AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29] (Google Inc.)
Task: {C71F07CC-E991-4500-8C4A-4959B8A5B87C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-13] (Adobe Systems Incorporated)
Task: {D09EA4B7-EDE8-4ADA-908A-71193C53500A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {DC25571F-B827-437B-B72B-8757519D8FF4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-18] (Dropbox, Inc.)
Task: {F97E59DC-288B-46AF-AB0C-798EC62CF777} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c sylvain.adm
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler sylvain.adm
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Sylvain\AppData\Roaming\HP Photo Creations\Communicator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-07 12:09 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2012-01-17 07:45 - 2012-01-17 07:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-01-17 07:45 - 2012-01-17 07:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2011-10-08 22:56 - 2011-10-08 22:56 - 00003072 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2011-11-07 07:55 - 2011-11-07 07:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2006-12-08 15:42 - 2015-06-28 11:03 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
2006-12-08 15:41 - 2015-06-28 11:03 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-05-17 00:09 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-17 00:09 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2016-05-18 06:26 - 2017-04-26 02:43 - 00018904 _____ () C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2017-05-17 20:42 - 2017-05-16 22:55 - 00871744 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-05-17 20:42 - 2017-05-16 22:55 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2016-05-18 06:26 - 2017-04-26 02:38 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-05-18 06:26 - 2017-04-26 02:38 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-05-18 06:26 - 2017-04-26 02:38 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-05-18 06:26 - 2017-05-16 23:00 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-05-18 06:26 - 2017-04-26 02:39 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-05-18 06:26 - 2017-04-26 02:38 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-05-17 20:42 - 2017-04-26 02:38 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-05-17 20:42 - 2017-04-26 02:39 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-05-17 20:42 - 2017-04-26 02:38 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-05-18 06:26 - 2017-04-26 02:40 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 21:31 - 2017-05-16 23:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-05-17 20:42 - 2017-04-26 02:38 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-05-17 20:42 - 2017-04-26 02:40 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-05-18 06:26 - 2017-05-16 23:00 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 21:31 - 2017-05-16 23:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-17 20:42 - 2017-05-16 23:01 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2016-05-18 06:26 - 2017-05-16 23:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-05-18 06:26 - 2017-04-26 02:39 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-28 09:28 - 2017-05-16 23:01 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-28 12:22 - 2017-05-16 23:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-28 12:22 - 2017-05-16 23:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-28 12:22 - 2017-05-16 23:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-28 12:22 - 2017-05-16 23:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2016-05-18 06:26 - 2017-04-26 02:40 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-05-18 06:26 - 2017-05-16 23:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-05-17 20:42 - 2017-04-26 02:34 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-05-17 20:42 - 2017-05-16 23:00 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-12 09:26 - 2017-05-16 23:01 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-05-17 20:42 - 2017-04-26 02:43 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-05-17 20:42 - 2017-04-26 02:43 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-05 21:31 - 2017-05-16 23:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-10 09:30 - 2017-05-16 23:01 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-05-17 20:42 - 2017-05-16 23:00 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-06-28 14:12 - 2013-11-13 21:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-06-08 21:06 - 2015-06-08 21:06 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-05-15 16:24 - 2015-05-15 16:24 - 02873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-841807541-912244095-3207228165-1000\...\newport.com -> newport.com
IE trusted site: HKU\S-1-5-21-841807541-912244095-3207228165-1000\...\ophir.local -> hxxps://igloo2.ophir.local

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-02 14:13 - 00000880 _____ C:\Windows\system32\Drivers\etc\hosts

10.31.1.37 portalprod
10.31.1.37 portalprod.newport.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-841807541-912244095-3207228165-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-841807541-912244095-3207228165-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sylvain.admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E71FD9EE-3083-458F-883A-C4D791962196}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{A53A81ED-1665-445A-B5CB-31C436AFFF74}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{BF93DE80-6E39-4E26-87CA-A0B16B5682FE}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{EEDD699B-2BD6-44D6-AD89-7C7D458B6D97}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{A5BB61E3-5ED5-491F-948D-6F525D91DF5F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{334A748E-C5C7-4EA3-977C-2695ECE66FB8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{0874D0E9-1998-482A-A203-2FD2107FF9A0}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{901918B0-C352-4C44-9837-D6593A8986DE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{6A6A2B5C-BFD0-4BC5-BA75-B3F7C11F06A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{F56C4F7C-494B-40BB-B298-195974D11B20}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{15013392-3D3E-49C2-B142-54DE36D29712}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{C6D95F04-A6BF-4973-B8AC-30DCD51F2A93}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{9382B7E8-1955-40C4-8B5D-BAE470A8FA6E}] => (Allow) LPort=5357
FirewallRules: [{31E004DC-0103-44A5-A6C5-C9DF6B8BF2D8}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{7A0894FE-4B9E-4D5B-ACA9-6D714BB8EC75}C:\users\sylvain\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe] => (Allow) C:\users\sylvain\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
FirewallRules: [UDP Query User{A2788169-CA29-4BAF-832A-0EA764318909}C:\users\sylvain\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe] => (Allow) C:\users\sylvain\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe
FirewallRules: [{30BE492A-6274-4D3D-B91C-9B9B744F90E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D259430B-A0AB-4FDE-93C9-BF05C72E9E5D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C9DF7AEB-36BD-4E3C-8932-FE788867ECA2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2D9A7FE3-B654-4ED3-A5B3-C3CF7FDB6844}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DCE8F0ED-2304-4755-BACE-C61B89349518}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{43289F77-B495-431E-AAF9-AC59F248F1E7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

23-05-2017 20:54:47 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2017 01:22:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/28/2017 10:17:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/26/2017 08:59:44 PM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3508 (0xdb4)

Thread address : 0x0000000077C4BD7A

Thread message :

Build VSCORE.15.1.0.543 / 5900.7806
Object being scanned = \Device\HarddiskVolume2\Windows\bootstat.dat
by System
5006(0)(0)
5004(0)(0)
5003(0)(0)
5002(0)(1)
15002(0)(0)
5000(0)(0)
15001(0)(1)
5008(0)(0)

Error: (05/26/2017 08:59:44 PM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3476 (0xd94)

Thread address : 0x0000000077C4BD7A

Thread message :

Build VSCORE.15.1.0.543 / 5900.7806
5008(14463336)(0)
232(14463336)(0)
231(14463336)(0)
22305(14463336)(0)
22304(14463336)(0)
22302(14463336)(0)
22301(14463336)(0)
226(14463336)(0)

Error: (05/24/2017 09:54:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/24/2017 09:22:21 AM) (Source: McLogEvent) (EventID: 259) (User: iljer-dupont)
Description: The scan found detections. Scan engine version 5900.7806 DAT version 8538.

Error: (05/24/2017 08:49:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/24/2017 08:30:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/22/2017 07:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/13/2017 10:35:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (05/28/2017 01:20:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/28/2017 01:20:27 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends the following service: TBS. This service might not be installed.

Error: (05/28/2017 10:16:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/28/2017 10:15:55 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends the following service: TBS. This service might not be installed.

Error: (05/26/2017 08:59:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/24/2017 10:29:07 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3CE099D9-CABF-4DC4-873D-A1E8500651FC} because another computer on the network has the same name. The server could not start.

Error: (05/24/2017 09:52:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/24/2017 09:52:27 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends the following service: TBS. This service might not be installed.

Error: (05/24/2017 09:03:47 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3CE099D9-CABF-4DC4-873D-A1E8500651FC} because another computer on the network has the same name. The server could not start.

Error: (05/24/2017 08:48:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 31%
Total physical RAM: 8065.84 MB
Available physical RAM: 5527.25 MB
Total Virtual: 16129.87 MB
Available Virtual: 13212.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:361.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9EBB236B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Signaler le contenu de ce document