Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02
Exécuté par PROPRIETAIRE (administrateur) sur PROPRIETAIRE-PC (13-07-2016 21:57:06)
Exécuté depuis C:\Users\PROPRIETAIRE\Downloads
Profils chargés: PROPRIETAIRE (Profils disponibles: PROPRIETAIRE)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-07] (AVAST Software)
HKLM-x32\...\Run: [gmsd_fr_004010058] => [X]
HKLM-x32\...\Run: [gmsd_fr_002020057] => [X]
HKLM-x32\...\Run: [ospd_us_013010060] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010060] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010061] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010062] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010065] => [X]
HKLM-x32\...\Run: [rec_fr_70] => [X]
HKLM-x32\...\Run: [rec_fr_74] => [X]
HKLM-x32\...\Run: [rec_fr_130] => [X]
HKLM-x32\...\Run: [rec_fr_142] => "C:\Program Files (x86)\rec_fr_142\rec_fr_142.exe"
HKLM-x32\...\Run: [rec_fr_194] => [X]
HKLM-x32\...\Run: [rec_fr_217] => [X]
HKLM-x32\...\Run: [rec_fr_236] => [X]
HKLM-x32\...\Run: [rec_fr_245] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8824024 2016-06-21] (Piriform Ltd)
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\MountPoints2: {62629f10-35c5-11e5-ae88-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-05-26] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-29] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-22] (Microsoft Corporation)
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-11-12] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG.ccc [2015-11-22] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT.ccc [2015-11-22] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_bmjqq.html [2015-11-08] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_bmjqq.txt [2015-11-08] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_eopss.html [2015-11-05] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_eopss.txt [2015-11-05] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_xmcyc.html [2015-11-05] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_xmcyc.txt [2015-11-05] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+bax.html [2015-12-13] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+bax.txt [2015-12-13] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+jyv.html [2015-12-21] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+jyv.txt [2015-12-21] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+xiq.html [2015-12-22] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+xiq.txt [2015-12-22] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_how_recover_bwr.HTML [2015-11-22] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_how_recover_bwr.TXT [2015-11-22] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{F588E4C1-E2C7-4BD7-98B4-8E1A3E3454EF}: [DhcpNameServer] 192.168.192.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439587144&z=a3df213f01db3fdaa818017g5z6cat9w9b0m3efwdz&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439587144&z=a3df213f01db3fdaa818017g5z6cat9w9b0m3efwdz&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1021159736-3934540969-1454484023-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1021159736-3934540969-1454484023-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1021159736-3934540969-1454484023-1000 -> {C9C37F1F-5B6F-4454-A2AB-85B37B49C573} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Pass and Play -> {292eca49-b475-4045-bad4-fe9e5d9cd084} -> C:\Program Files (x86)\Pass and Play\Extensions\292eca49-b475-4045-bad4-fe9e5d9cd084.dll => Pas de fichier
BHO-x32: Search My Window -> {4e31961d-e8c3-4ab0-9829-8e0f08f8dd01} -> C:\Program Files (x86)\Search My Window\Extensions\4e31961d-e8c3-4ab0-9829-8e0f08f8dd01.dll => Pas de fichier
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1439587144&z=a3df213f01db3fdaa818017g5z6cat9w9b0m3efwdz&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509
FireFox:
========
FF ProfilePath: C:\Users\PROPRIETAIRE\AppData\Roaming\Mozilla\Firefox\Profiles\ljc4p2kk.default
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Pas de fichier]
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
Chrome:
=======
CHR dev: Chrome dev build détecté(e)! <======= ATTENTION
CHR HomePage: Default -> hxxps://www.google.fr/
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBcgleWFpBFhgUeAgMTA0QRAYOeAhaWRQURAZGdwwKUVpCQ1cFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8WGJKLl1XFg=="
CHR Profile: C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Recherche Google) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Sheets) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Skype) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-03]
CHR Extension: (Gmail) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Services (Avec liste blanche) ========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-29] (AVAST Software)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [Fichier non signé]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [Fichier non signé]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-06-24] (Micro-Star International Co., Ltd.) [Fichier non signé]
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
===================== Pilotes (Avec liste blanche) ==========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-29] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
R1 {9d137548-46b5-486c-959a-b80a01c74d8c}Gw64; C:\Windows\System32\drivers\{9d137548-46b5-486c-959a-b80a01c74d8c}Gw64.sys [48784 2015-08-14] (StdLib)
R1 {f626d478-aad6-4329-b6e1-e53ccb31466e}Gw64; C:\Windows\System32\drivers\{f626d478-aad6-4329-b6e1-e53ccb31466e}Gw64.sys [48792 2015-08-19] (StdLib)
S3 cpuz134; \??\C:\Users\PROPRI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2016-07-13 21:57 - 2016-07-13 21:57 - 00022026 _____ C:\Users\PROPRIETAIRE\Downloads\FRST.txt
2016-07-13 21:56 - 2016-07-13 21:57 - 00000000 ____D C:\FRST
2016-07-13 21:55 - 2016-07-13 21:56 - 02390528 _____ (Farbar) C:\Users\PROPRIETAIRE\Downloads\FRST64.exe
2016-07-13 21:49 - 2016-07-13 21:49 - 00242376 _____ C:\Users\PROPRIETAIRE\Downloads\Firefox Setup Stub 47.0.1.exe
2016-07-13 21:49 - 2016-07-13 21:49 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-13 21:49 - 2016-07-13 21:49 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Mozilla
2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Mozilla
2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-13 21:28 - 2016-07-13 21:28 - 03712064 _____ C:\Users\PROPRIETAIRE\Downloads\AdwCleaner (1).exe
2016-07-10 22:06 - 2016-07-10 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pop up Blocker v6.0.6
2016-07-10 22:05 - 2016-07-10 22:05 - 00547577 _____ C:\Users\PROPRIETAIRE\Downloads\PB.exe
2016-07-10 21:36 - 2016-07-10 21:36 - 06996256 _____ (Piriform Ltd) C:\Users\PROPRIETAIRE\Downloads\ccsetup_519.exe
2016-07-10 21:36 - 2016-07-10 21:36 - 06996256 _____ (Piriform Ltd) C:\Users\PROPRIETAIRE\Downloads\ccsetup_519 (1).exe
2016-07-10 21:36 - 2016-07-10 21:36 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-10 21:36 - 2016-07-10 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-10 21:36 - 2016-07-10 21:36 - 00000000 ____D C:\Program Files\CCleaner
2016-07-10 21:26 - 2016-07-10 21:26 - 00000000 ____D C:\ProgramData\Realtek
2016-07-10 12:54 - 2016-07-10 12:54 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Apps\2.0
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2016-07-13 21:56 - 2015-07-30 23:43 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Skype
2016-07-13 21:46 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-13 21:46 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-13 21:38 - 2015-07-29 10:04 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-13 21:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-13 21:36 - 2011-05-26 11:48 - 00632420 _____ C:\Windows\system32\perfh007.dat
2016-07-13 21:36 - 2011-05-26 11:48 - 00125478 _____ C:\Windows\system32\perfc007.dat
2016-07-13 21:36 - 2011-05-26 11:38 - 00694212 _____ C:\Windows\system32\perfh00C.dat
2016-07-13 21:36 - 2011-05-26 11:38 - 00426456 _____ C:\Windows\system32\perfh001.dat
2016-07-13 21:36 - 2011-05-26 11:38 - 00127214 _____ C:\Windows\system32\perfc00C.dat
2016-07-13 21:36 - 2011-05-26 11:38 - 00075714 _____ C:\Windows\system32\perfc001.dat
2016-07-13 21:36 - 2009-07-14 07:13 - 02777086 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-13 21:32 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-13 21:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-13 21:30 - 2015-07-29 09:46 - 00000973 _____ C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-13 21:30 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-07-10 21:48 - 2015-09-12 11:16 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Experience Web
2016-07-10 21:43 - 2015-08-14 16:33 - 00000000 ____D C:\Windows\pss
2016-07-10 21:38 - 2015-10-30 13:14 - 00000000 ____D C:\Windows\Minidump
2016-07-10 21:38 - 2015-07-29 19:42 - 00000000 ____D C:\Windows\Panther
2016-07-10 21:26 - 2015-07-29 10:04 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Adobe
2016-07-10 21:26 - 2015-07-29 09:45 - 00000000 ____D C:\Users\PROPRIETAIRE
2016-07-10 21:26 - 2009-07-14 07:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-10 21:25 - 2016-02-08 16:21 - 00000000 ____D C:\Users\PROPRIETAIRE\Documents\Nouveau dossier
2016-07-10 21:25 - 2015-12-21 22:15 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Adworks
2016-07-10 21:25 - 2015-11-05 22:04 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2016-07-10 21:25 - 2015-08-15 13:35 - 00000000 ____D C:\Program Files (x86)\SavaeLooTTs
2016-07-10 21:25 - 2015-08-15 13:35 - 00000000 ____D C:\Program Files (x86)\SaaveLLoets
2016-07-10 21:25 - 2015-08-14 23:45 - 00000000 ____D C:\Program Files (x86)\933d0288-7b9e-4ed7-ac01-2a516afcd449
2016-07-10 21:25 - 2015-08-14 23:25 - 00000000 ____D C:\Users\Public\QiYi
2016-07-10 21:25 - 2015-08-13 22:57 - 00000000 ____D C:\ProgramData\CersIuo
2016-07-10 21:25 - 2015-08-12 21:51 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\ICSharpCode.net
2016-07-10 21:25 - 2015-08-11 23:45 - 00000000 ___HD C:\ProgramData\wky
2016-07-10 21:25 - 2015-08-11 23:23 - 00000000 ____D C:\Program Files (x86)\13981c2b-505f-4f8c-9a61-7ec330cd7798
2016-07-10 21:25 - 2015-08-04 20:18 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Adobe
2016-07-10 21:25 - 2015-07-30 23:43 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Skype
2016-07-10 21:25 - 2015-07-29 11:15 - 00000000 __RHD C:\MSOCache
2016-07-10 21:25 - 2015-07-29 10:08 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\MSI
2016-07-10 21:25 - 2015-07-29 10:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-10 21:25 - 2015-07-29 10:05 - 00000000 ____D C:\ProgramData\Adobe
2016-07-10 21:25 - 2015-07-29 10:04 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Google
2016-07-10 21:25 - 2015-07-29 10:04 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-10 21:25 - 2015-07-29 09:58 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-07-10 21:25 - 2015-07-29 09:57 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-07-10 21:25 - 2015-07-29 09:57 - 00000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
2016-07-10 21:25 - 2015-07-29 09:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-10 21:25 - 2015-07-29 09:54 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-07-10 21:25 - 2011-04-12 10:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-10 21:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-10 21:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2016-07-10 21:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-07-10 21:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2016-07-10 13:38 - 2015-10-10 23:33 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\PDAppFlex
2016-07-10 13:38 - 2015-08-20 12:32 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Intel
2016-07-10 13:38 - 2015-08-17 00:22 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\2521AAFA-BB26-4E55-A2A1-51F1E331C3B
2016-07-10 13:38 - 2015-08-15 23:03 - 00000000 ____D C:\Users\PROPRIETAIRE\.android
2016-07-10 13:38 - 2015-08-15 12:52 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Democratic Peace
2016-07-10 13:38 - 2015-08-14 23:25 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Unity
2016-07-10 13:38 - 2015-08-14 23:25 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Unity
2016-07-10 13:38 - 2015-08-14 23:21 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Macromedia
2016-07-10 13:38 - 2015-08-14 23:18 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Company
2016-07-10 13:38 - 2015-08-13 22:57 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Opera Software
2016-07-10 13:38 - 2015-08-13 22:57 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Opera Software
2016-07-10 13:38 - 2015-08-11 23:56 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\CrashRpt
2016-07-10 13:38 - 2015-08-09 23:29 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\GWX
2016-07-10 13:38 - 2015-08-05 11:03 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Adobe
2016-07-10 13:38 - 2015-08-05 11:03 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\CEF
2016-07-10 13:38 - 2015-08-02 00:23 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Origin
2016-07-10 13:38 - 2015-08-01 11:51 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-07-10 13:38 - 2015-07-30 23:47 - 00000000 ____D C:\Users\PROPRIETAIRE\Tracing
2016-07-10 13:38 - 2015-07-30 10:34 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Windows Live
2016-07-10 13:38 - 2015-07-29 10:05 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\AVAST Software
2016-07-10 13:38 - 2015-07-29 10:00 - 00000000 ____D C:\Users\PROPRIETAIRE\Intel
2016-07-10 13:38 - 2015-07-29 10:00 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Intel Corporation
2016-07-10 13:38 - 2015-07-29 09:59 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\InstallShield
2016-07-10 13:38 - 2015-07-29 09:45 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Media Center Programs
2016-07-10 13:38 - 2011-04-12 10:28 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-07-10 13:38 - 2009-07-14 05:20 - 00000000 ____D C:\PerfLogs
2016-06-13 23:37 - 2015-08-14 16:37 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\vlc
==================== Fichiers à la racine de certains dossiers =======
2015-11-08 18:12 - 2015-11-08 18:12 - 0005716 _____ () C:\Program Files\howto_recover_file_bmjqq.html
2015-11-08 18:12 - 2015-11-08 18:12 - 0002570 _____ () C:\Program Files\howto_recover_file_bmjqq.txt
2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Program Files\howto_recover_file_eopss.html
2015-11-05 22:09 - 2015-11-05 22:09 - 0002543 _____ () C:\Program Files\howto_recover_file_eopss.txt
2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Program Files\howto_recover_file_xmcyc.html
2015-11-05 22:07 - 2015-11-05 22:07 - 0002543 _____ () C:\Program Files\howto_recover_file_xmcyc.txt
2015-12-13 16:43 - 2015-12-13 16:43 - 0010464 _____ () C:\Program Files\how_recover+bax.html
2015-12-13 16:43 - 2015-12-13 16:43 - 0002431 _____ () C:\Program Files\how_recover+bax.txt
2015-11-22 20:34 - 2015-11-22 20:34 - 0007322 _____ () C:\Program Files\_how_recover_bwr.HTML
2015-11-22 20:34 - 2015-11-22 20:34 - 0002597 _____ () C:\Program Files\_how_recover_bwr.TXT
2015-07-29 10:09 - 2015-07-29 10:09 - 6420480 _____ () C:\Program Files (x86)\GUTDE1F.tmp
2015-11-08 18:12 - 2015-11-08 18:12 - 0005716 _____ () C:\Program Files\Common Files\howto_recover_file_bmjqq.html
2015-11-08 18:12 - 2015-11-08 18:12 - 0002570 _____ () C:\Program Files\Common Files\howto_recover_file_bmjqq.txt
2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Program Files\Common Files\howto_recover_file_eopss.html
2015-11-05 22:09 - 2015-11-05 22:09 - 0002543 _____ () C:\Program Files\Common Files\howto_recover_file_eopss.txt
2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Program Files\Common Files\howto_recover_file_xmcyc.html
2015-11-05 22:07 - 2015-11-05 22:07 - 0002543 _____ () C:\Program Files\Common Files\howto_recover_file_xmcyc.txt
2015-12-13 16:43 - 2015-12-13 16:43 - 0010464 _____ () C:\Program Files\Common Files\how_recover+bax.html
2015-12-13 16:43 - 2015-12-13 16:43 - 0002431 _____ () C:\Program Files\Common Files\how_recover+bax.txt
2015-11-22 20:34 - 2015-11-22 20:34 - 0007322 _____ () C:\Program Files\Common Files\_how_recover_bwr.HTML
2015-11-22 20:34 - 2015-11-22 20:34 - 0002597 _____ () C:\Program Files\Common Files\_how_recover_bwr.TXT
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\7X52i0gTexC.exe
2015-11-12 21:45 - 2015-11-12 21:45 - 0009096 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\HELP_DECRYPT.HTML
2015-11-12 21:45 - 2015-11-22 20:35 - 0048174 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\HELP_DECRYPT.PNG.ccc
2015-11-12 21:45 - 2015-11-22 20:35 - 0005166 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\HELP_DECRYPT.TXT.ccc
2015-11-08 18:14 - 2015-11-08 18:14 - 0005716 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_bmjqq.html
2015-11-08 18:14 - 2015-11-08 18:14 - 0002848 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_bmjqq.txt
2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_eopss.html
2015-11-05 22:09 - 2015-11-05 22:09 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_eopss.txt
2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_xmcyc.html
2015-11-05 22:07 - 2015-11-05 22:07 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_xmcyc.txt
2015-12-13 16:44 - 2015-12-13 16:44 - 0010464 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+bax.html
2015-12-13 16:44 - 2015-12-13 16:44 - 0002431 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+bax.txt
2015-12-21 22:15 - 2015-12-21 22:15 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+jyv.html
2015-12-21 22:15 - 2015-12-21 22:15 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+jyv.txt
2015-12-22 23:42 - 2015-12-22 23:42 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+xiq.html
2015-12-22 23:42 - 2015-12-22 23:42 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+xiq.txt
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\sqgps4h7o0lD.exe
2015-08-13 22:54 - 2015-08-14 11:48 - 0000074 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\WB.CFG
2015-11-22 20:35 - 2015-11-22 20:35 - 0007322 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\_how_recover_bwr.HTML
2015-11-22 20:35 - 2015-11-22 20:35 - 0002597 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\_how_recover_bwr.TXT
2015-12-22 23:29 - 2015-12-22 23:29 - 0000480 ____H () C:\Users\PROPRIETAIRE\AppData\Roaming\½Ó
2015-11-12 21:45 - 2015-11-12 21:45 - 0009096 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML
2015-11-12 21:45 - 2015-11-22 20:35 - 0048174 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG.ccc
2015-11-12 21:45 - 2015-11-22 20:35 - 0005166 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT.ccc
2015-11-08 18:14 - 2015-11-08 18:14 - 0005716 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_bmjqq.html
2015-11-08 18:14 - 2015-11-08 18:14 - 0002848 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_bmjqq.txt
2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_eopss.html
2015-11-05 22:09 - 2015-11-05 22:09 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_eopss.txt
2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_xmcyc.html
2015-11-05 22:07 - 2015-11-05 22:07 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_xmcyc.txt
2015-12-13 16:44 - 2015-12-13 16:44 - 0010464 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+bax.html
2015-12-13 16:44 - 2015-12-13 16:44 - 0002431 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+bax.txt
2015-12-21 22:15 - 2015-12-21 22:15 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+jyv.html
2015-12-21 22:15 - 2015-12-21 22:15 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+jyv.txt
2015-12-22 23:42 - 2015-12-22 23:42 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+xiq.html
2015-12-22 23:42 - 2015-12-22 23:42 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+xiq.txt
2015-11-22 20:35 - 2015-11-22 20:35 - 0007322 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\_how_recover_bwr.HTML
2015-11-22 20:35 - 2015-11-22 20:35 - 0002597 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\_how_recover_bwr.TXT
2016-07-10 21:26 - 2016-07-13 21:31 - 0000846 _____ () C:\Users\PROPRIETAIRE\AppData\Local\BTServer.log
2015-11-12 21:44 - 2015-11-12 21:44 - 0009096 _____ () C:\Users\PROPRIETAIRE\AppData\Local\HELP_DECRYPT.HTML
2015-11-12 21:44 - 2015-11-22 20:34 - 0048174 _____ () C:\Users\PROPRIETAIRE\AppData\Local\HELP_DECRYPT.PNG.ccc
2015-11-12 21:44 - 2015-11-22 20:34 - 0005166 _____ () C:\Users\PROPRIETAIRE\AppData\Local\HELP_DECRYPT.TXT.ccc
2015-11-08 18:12 - 2015-11-08 18:14 - 0005716 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_bmjqq.html
2015-11-08 18:12 - 2015-11-08 18:14 - 0002848 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_bmjqq.txt
2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_eopss.html
2015-11-05 22:09 - 2015-11-05 22:09 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_eopss.txt
2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_xmcyc.html
2015-11-05 22:07 - 2015-11-05 22:07 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_xmcyc.txt
2015-12-13 16:43 - 2015-12-13 16:44 - 0010464 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+bax.html
2015-12-13 16:43 - 2015-12-13 16:44 - 0002431 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+bax.txt
2015-12-21 22:15 - 2015-12-21 22:15 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+jyv.html
2015-12-21 22:15 - 2015-12-21 22:15 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+jyv.txt
2015-12-22 23:35 - 2015-12-22 23:42 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+xiq.html
2015-12-22 23:35 - 2015-12-22 23:42 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+xiq.txt
2015-08-20 12:44 - 2015-08-20 12:44 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nscE342.tmp
2015-08-20 14:07 - 2015-08-20 14:07 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nsh7F67.tmp
2015-08-14 23:20 - 2015-08-14 23:20 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nswDC77.tmp
2015-08-15 16:01 - 2015-08-15 16:01 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nswF82C.tmp
2015-08-15 23:35 - 2015-08-15 23:35 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nsx3876.tmp
2015-11-22 20:34 - 2015-11-22 20:35 - 0007322 _____ () C:\Users\PROPRIETAIRE\AppData\Local\_how_recover_bwr.HTML
2015-11-22 20:34 - 2015-11-22 20:35 - 0002597 _____ () C:\Users\PROPRIETAIRE\AppData\Local\_how_recover_bwr.TXT
2015-12-22 23:31 - 2015-12-22 23:31 - 0000008 ____H () C:\ProgramData\@000001.dat
2015-12-22 23:31 - 2016-04-06 12:26 - 0000000 ____H () C:\ProgramData\@system.temp
2015-12-22 23:29 - 2016-04-03 12:44 - 0000656 ____H () C:\ProgramData\@system3.att
2015-07-29 10:08 - 2015-07-29 10:08 - 0000108 _____ () C:\ProgramData\CameraRecorder.ini
2015-11-12 21:44 - 2015-11-12 21:44 - 0009096 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-11-12 21:44 - 2015-11-12 21:44 - 0047751 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-11-12 21:44 - 2015-11-12 21:44 - 0004736 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2016-02-10 01:28 - 2016-02-10 01:28 - 0000016 _____ () C:\ProgramData\mntemp
2016-02-10 15:11 - 2016-02-10 15:11 - 0004881 _____ () C:\ProgramData\rxsmznjf.zcp
2015-11-07 16:55 - 2015-11-07 16:55 - 0005632 _____ () C:\ProgramData\taskhost.exe
2015-12-16 23:20 - 2015-12-16 23:20 - 0000000 _____ () C:\ProgramData\{d781e3a1-e512-422f-aa6c-27428437cbc4}.lock
Fichiers à déplacer ou supprimer:
====================
C:\ProgramData\@000001.dat
C:\ProgramData\taskhost.exe
C:\Users\PROPRIETAIRE\bgfiznrs.exe
C:\Users\PROPRIETAIRE\xcbevjno.exe
C:\Users\PROPRIETAIRE\zedgxlpq.exe
Certains fichiers dans TEMP:
====================
C:\Users\PROPRIETAIRE\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap =================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll
[2011-05-26 12:01] - [2015-08-14 23:19] - 0357888 ____A (Microsoft Corporation) 0C04BFD58379086978EBB96A8DC73A2D
C:\Windows\SysWOW64\dnsapi.dll
[2011-05-26 12:01] - [2015-08-14 23:19] - 0270336 ____A (Microsoft Corporation) 213C8D386CE86F74A767A0589EFAC95F
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
==================== BCD ================================
Gestionnaire de d‚marrage Windows
---------------------------------
identificateur {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale fr-FR
inherit {globalsettings}
default {current}
resumeobject {27a6db19-3619-11e5-878d-b84fca84ca3c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Chargeur de d‚marrage Windows
-----------------------------
identificateur {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale fr-FR
inherit {bootloadersettings}
recoverysequence {27a6db1b-3619-11e5-878d-b84fca84ca3c}
recoveryenabled No
bootems No
advancedoptions No
optionsedit No
osdevice partition=C:
systemroot \Windows
resumeobject {27a6db19-3619-11e5-878d-b84fca84ca3c}
nx OptIn
bootstatuspolicy IgnoreAllFailures
Chargeur de d‚marrage Windows
-----------------------------
identificateur {27a6db1b-3619-11e5-878d-b84fca84ca3c}
device ramdisk=[C:]\Recovery\27a6db1b-3619-11e5-878d-b84fca84ca3c\Winre.wim,{27a6db1c-3619-11e5-878d-b84fca84ca3c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\27a6db1b-3619-11e5-878d-b84fca84ca3c\Winre.wim,{27a6db1c-3619-11e5-878d-b84fca84ca3c}
systemroot \windows
nx OptIn
winpe Yes
Reprendre … partir de la mise en veille prolong‚e
-------------------------------------------------
identificateur {27a6db19-3619-11e5-878d-b84fca84ca3c}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale fr-FR
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Testeur de m‚moire Windows
--------------------------
identificateur {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagnostics m‚moire Windows
locale fr-FR
inherit {globalsettings}
badmemoryaccess Yes
ParamŠtres EMS
--------------
identificateur {emssettings}
bootems Yes
ParamŠtres du d‚bogueur
-----------------------
identificateur {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
Erreurs de m‚moire RAM
----------------------
identificateur {badmemory}
ParamŠtres globaux
------------------
identificateur {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
ParamŠtres du chargeur de d‚marrage
-----------------------------------
identificateur {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
ParamŠtres de l'hyperviseur
-------------------
identificateur {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
ParamŠtres du chargeur de reprise
---------------------------------
identificateur {resumeloadersettings}
inherit {globalsettings}
Options de p‚riph‚rique
-----------------------
identificateur {27a6db1c-3619-11e5-878d-b84fca84ca3c}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\27a6db1b-3619-11e5-878d-b84fca84ca3c\boot.sdi
LastRegBack: 2015-07-31 17:23
==================== Fin de FRST.txt ============================
Exécuté par PROPRIETAIRE (administrateur) sur PROPRIETAIRE-PC (13-07-2016 21:57:06)
Exécuté depuis C:\Users\PROPRIETAIRE\Downloads
Profils chargés: PROPRIETAIRE (Profils disponibles: PROPRIETAIRE)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-07] (AVAST Software)
HKLM-x32\...\Run: [gmsd_fr_004010058] => [X]
HKLM-x32\...\Run: [gmsd_fr_002020057] => [X]
HKLM-x32\...\Run: [ospd_us_013010060] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010060] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010061] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010062] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010065] => [X]
HKLM-x32\...\Run: [rec_fr_70] => [X]
HKLM-x32\...\Run: [rec_fr_74] => [X]
HKLM-x32\...\Run: [rec_fr_130] => [X]
HKLM-x32\...\Run: [rec_fr_142] => "C:\Program Files (x86)\rec_fr_142\rec_fr_142.exe"
HKLM-x32\...\Run: [rec_fr_194] => [X]
HKLM-x32\...\Run: [rec_fr_217] => [X]
HKLM-x32\...\Run: [rec_fr_236] => [X]
HKLM-x32\...\Run: [rec_fr_245] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8824024 2016-06-21] (Piriform Ltd)
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\MountPoints2: {62629f10-35c5-11e5-ae88-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-05-26] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-29] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-22] (Microsoft Corporation)
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-11-12] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG.ccc [2015-11-22] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT.ccc [2015-11-22] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_bmjqq.html [2015-11-08] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_bmjqq.txt [2015-11-08] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_eopss.html [2015-11-05] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_eopss.txt [2015-11-05] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_xmcyc.html [2015-11-05] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_xmcyc.txt [2015-11-05] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+bax.html [2015-12-13] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+bax.txt [2015-12-13] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+jyv.html [2015-12-21] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+jyv.txt [2015-12-21] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+xiq.html [2015-12-22] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+xiq.txt [2015-12-22] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_how_recover_bwr.HTML [2015-11-22] ()
Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_how_recover_bwr.TXT [2015-11-22] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{F588E4C1-E2C7-4BD7-98B4-8E1A3E3454EF}: [DhcpNameServer] 192.168.192.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439587144&z=a3df213f01db3fdaa818017g5z6cat9w9b0m3efwdz&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509
HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439587144&z=a3df213f01db3fdaa818017g5z6cat9w9b0m3efwdz&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1021159736-3934540969-1454484023-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1021159736-3934540969-1454484023-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1021159736-3934540969-1454484023-1000 -> {C9C37F1F-5B6F-4454-A2AB-85B37B49C573} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Pass and Play -> {292eca49-b475-4045-bad4-fe9e5d9cd084} -> C:\Program Files (x86)\Pass and Play\Extensions\292eca49-b475-4045-bad4-fe9e5d9cd084.dll => Pas de fichier
BHO-x32: Search My Window -> {4e31961d-e8c3-4ab0-9829-8e0f08f8dd01} -> C:\Program Files (x86)\Search My Window\Extensions\4e31961d-e8c3-4ab0-9829-8e0f08f8dd01.dll => Pas de fichier
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1439587144&z=a3df213f01db3fdaa818017g5z6cat9w9b0m3efwdz&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509
FireFox:
========
FF ProfilePath: C:\Users\PROPRIETAIRE\AppData\Roaming\Mozilla\Firefox\Profiles\ljc4p2kk.default
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Pas de fichier]
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
Chrome:
=======
CHR dev: Chrome dev build détecté(e)! <======= ATTENTION
CHR HomePage: Default -> hxxps://www.google.fr/
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBcgleWFpBFhgUeAgMTA0QRAYOeAhaWRQURAZGdwwKUVpCQ1cFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8WGJKLl1XFg=="
CHR Profile: C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Recherche Google) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Sheets) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Skype) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-03]
CHR Extension: (Gmail) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Services (Avec liste blanche) ========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-29] (AVAST Software)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [Fichier non signé]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [Fichier non signé]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-06-24] (Micro-Star International Co., Ltd.) [Fichier non signé]
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
===================== Pilotes (Avec liste blanche) ==========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-29] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
R1 {9d137548-46b5-486c-959a-b80a01c74d8c}Gw64; C:\Windows\System32\drivers\{9d137548-46b5-486c-959a-b80a01c74d8c}Gw64.sys [48784 2015-08-14] (StdLib)
R1 {f626d478-aad6-4329-b6e1-e53ccb31466e}Gw64; C:\Windows\System32\drivers\{f626d478-aad6-4329-b6e1-e53ccb31466e}Gw64.sys [48792 2015-08-19] (StdLib)
S3 cpuz134; \??\C:\Users\PROPRI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2016-07-13 21:57 - 2016-07-13 21:57 - 00022026 _____ C:\Users\PROPRIETAIRE\Downloads\FRST.txt
2016-07-13 21:56 - 2016-07-13 21:57 - 00000000 ____D C:\FRST
2016-07-13 21:55 - 2016-07-13 21:56 - 02390528 _____ (Farbar) C:\Users\PROPRIETAIRE\Downloads\FRST64.exe
2016-07-13 21:49 - 2016-07-13 21:49 - 00242376 _____ C:\Users\PROPRIETAIRE\Downloads\Firefox Setup Stub 47.0.1.exe
2016-07-13 21:49 - 2016-07-13 21:49 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-13 21:49 - 2016-07-13 21:49 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Mozilla
2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Mozilla
2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-13 21:28 - 2016-07-13 21:28 - 03712064 _____ C:\Users\PROPRIETAIRE\Downloads\AdwCleaner (1).exe
2016-07-10 22:06 - 2016-07-10 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pop up Blocker v6.0.6
2016-07-10 22:05 - 2016-07-10 22:05 - 00547577 _____ C:\Users\PROPRIETAIRE\Downloads\PB.exe
2016-07-10 21:36 - 2016-07-10 21:36 - 06996256 _____ (Piriform Ltd) C:\Users\PROPRIETAIRE\Downloads\ccsetup_519.exe
2016-07-10 21:36 - 2016-07-10 21:36 - 06996256 _____ (Piriform Ltd) C:\Users\PROPRIETAIRE\Downloads\ccsetup_519 (1).exe
2016-07-10 21:36 - 2016-07-10 21:36 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-10 21:36 - 2016-07-10 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-10 21:36 - 2016-07-10 21:36 - 00000000 ____D C:\Program Files\CCleaner
2016-07-10 21:26 - 2016-07-10 21:26 - 00000000 ____D C:\ProgramData\Realtek
2016-07-10 12:54 - 2016-07-10 12:54 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Apps\2.0
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2016-07-13 21:56 - 2015-07-30 23:43 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Skype
2016-07-13 21:46 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-13 21:46 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-13 21:38 - 2015-07-29 10:04 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-13 21:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-13 21:36 - 2011-05-26 11:48 - 00632420 _____ C:\Windows\system32\perfh007.dat
2016-07-13 21:36 - 2011-05-26 11:48 - 00125478 _____ C:\Windows\system32\perfc007.dat
2016-07-13 21:36 - 2011-05-26 11:38 - 00694212 _____ C:\Windows\system32\perfh00C.dat
2016-07-13 21:36 - 2011-05-26 11:38 - 00426456 _____ C:\Windows\system32\perfh001.dat
2016-07-13 21:36 - 2011-05-26 11:38 - 00127214 _____ C:\Windows\system32\perfc00C.dat
2016-07-13 21:36 - 2011-05-26 11:38 - 00075714 _____ C:\Windows\system32\perfc001.dat
2016-07-13 21:36 - 2009-07-14 07:13 - 02777086 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-13 21:32 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-13 21:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-13 21:30 - 2015-07-29 09:46 - 00000973 _____ C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-13 21:30 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-07-10 21:48 - 2015-09-12 11:16 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Experience Web
2016-07-10 21:43 - 2015-08-14 16:33 - 00000000 ____D C:\Windows\pss
2016-07-10 21:38 - 2015-10-30 13:14 - 00000000 ____D C:\Windows\Minidump
2016-07-10 21:38 - 2015-07-29 19:42 - 00000000 ____D C:\Windows\Panther
2016-07-10 21:26 - 2015-07-29 10:04 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Adobe
2016-07-10 21:26 - 2015-07-29 09:45 - 00000000 ____D C:\Users\PROPRIETAIRE
2016-07-10 21:26 - 2009-07-14 07:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-10 21:25 - 2016-02-08 16:21 - 00000000 ____D C:\Users\PROPRIETAIRE\Documents\Nouveau dossier
2016-07-10 21:25 - 2015-12-21 22:15 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Adworks
2016-07-10 21:25 - 2015-11-05 22:04 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2016-07-10 21:25 - 2015-08-15 13:35 - 00000000 ____D C:\Program Files (x86)\SavaeLooTTs
2016-07-10 21:25 - 2015-08-15 13:35 - 00000000 ____D C:\Program Files (x86)\SaaveLLoets
2016-07-10 21:25 - 2015-08-14 23:45 - 00000000 ____D C:\Program Files (x86)\933d0288-7b9e-4ed7-ac01-2a516afcd449
2016-07-10 21:25 - 2015-08-14 23:25 - 00000000 ____D C:\Users\Public\QiYi
2016-07-10 21:25 - 2015-08-13 22:57 - 00000000 ____D C:\ProgramData\CersIuo
2016-07-10 21:25 - 2015-08-12 21:51 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\ICSharpCode.net
2016-07-10 21:25 - 2015-08-11 23:45 - 00000000 ___HD C:\ProgramData\wky
2016-07-10 21:25 - 2015-08-11 23:23 - 00000000 ____D C:\Program Files (x86)\13981c2b-505f-4f8c-9a61-7ec330cd7798
2016-07-10 21:25 - 2015-08-04 20:18 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Adobe
2016-07-10 21:25 - 2015-07-30 23:43 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Skype
2016-07-10 21:25 - 2015-07-29 11:15 - 00000000 __RHD C:\MSOCache
2016-07-10 21:25 - 2015-07-29 10:08 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\MSI
2016-07-10 21:25 - 2015-07-29 10:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-10 21:25 - 2015-07-29 10:05 - 00000000 ____D C:\ProgramData\Adobe
2016-07-10 21:25 - 2015-07-29 10:04 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Google
2016-07-10 21:25 - 2015-07-29 10:04 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-10 21:25 - 2015-07-29 09:58 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-07-10 21:25 - 2015-07-29 09:57 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-07-10 21:25 - 2015-07-29 09:57 - 00000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
2016-07-10 21:25 - 2015-07-29 09:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-10 21:25 - 2015-07-29 09:54 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-07-10 21:25 - 2011-04-12 10:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-10 21:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-10 21:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2016-07-10 21:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-07-10 21:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2016-07-10 13:38 - 2015-10-10 23:33 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\PDAppFlex
2016-07-10 13:38 - 2015-08-20 12:32 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Intel
2016-07-10 13:38 - 2015-08-17 00:22 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\2521AAFA-BB26-4E55-A2A1-51F1E331C3B
2016-07-10 13:38 - 2015-08-15 23:03 - 00000000 ____D C:\Users\PROPRIETAIRE\.android
2016-07-10 13:38 - 2015-08-15 12:52 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Democratic Peace
2016-07-10 13:38 - 2015-08-14 23:25 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Unity
2016-07-10 13:38 - 2015-08-14 23:25 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Unity
2016-07-10 13:38 - 2015-08-14 23:21 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Macromedia
2016-07-10 13:38 - 2015-08-14 23:18 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Company
2016-07-10 13:38 - 2015-08-13 22:57 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Opera Software
2016-07-10 13:38 - 2015-08-13 22:57 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Opera Software
2016-07-10 13:38 - 2015-08-11 23:56 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\CrashRpt
2016-07-10 13:38 - 2015-08-09 23:29 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\GWX
2016-07-10 13:38 - 2015-08-05 11:03 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Adobe
2016-07-10 13:38 - 2015-08-05 11:03 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\CEF
2016-07-10 13:38 - 2015-08-02 00:23 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Origin
2016-07-10 13:38 - 2015-08-01 11:51 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-07-10 13:38 - 2015-07-30 23:47 - 00000000 ____D C:\Users\PROPRIETAIRE\Tracing
2016-07-10 13:38 - 2015-07-30 10:34 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Windows Live
2016-07-10 13:38 - 2015-07-29 10:05 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\AVAST Software
2016-07-10 13:38 - 2015-07-29 10:00 - 00000000 ____D C:\Users\PROPRIETAIRE\Intel
2016-07-10 13:38 - 2015-07-29 10:00 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Intel Corporation
2016-07-10 13:38 - 2015-07-29 09:59 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\InstallShield
2016-07-10 13:38 - 2015-07-29 09:45 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Media Center Programs
2016-07-10 13:38 - 2011-04-12 10:28 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-07-10 13:38 - 2009-07-14 05:20 - 00000000 ____D C:\PerfLogs
2016-06-13 23:37 - 2015-08-14 16:37 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\vlc
==================== Fichiers à la racine de certains dossiers =======
2015-11-08 18:12 - 2015-11-08 18:12 - 0005716 _____ () C:\Program Files\howto_recover_file_bmjqq.html
2015-11-08 18:12 - 2015-11-08 18:12 - 0002570 _____ () C:\Program Files\howto_recover_file_bmjqq.txt
2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Program Files\howto_recover_file_eopss.html
2015-11-05 22:09 - 2015-11-05 22:09 - 0002543 _____ () C:\Program Files\howto_recover_file_eopss.txt
2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Program Files\howto_recover_file_xmcyc.html
2015-11-05 22:07 - 2015-11-05 22:07 - 0002543 _____ () C:\Program Files\howto_recover_file_xmcyc.txt
2015-12-13 16:43 - 2015-12-13 16:43 - 0010464 _____ () C:\Program Files\how_recover+bax.html
2015-12-13 16:43 - 2015-12-13 16:43 - 0002431 _____ () C:\Program Files\how_recover+bax.txt
2015-11-22 20:34 - 2015-11-22 20:34 - 0007322 _____ () C:\Program Files\_how_recover_bwr.HTML
2015-11-22 20:34 - 2015-11-22 20:34 - 0002597 _____ () C:\Program Files\_how_recover_bwr.TXT
2015-07-29 10:09 - 2015-07-29 10:09 - 6420480 _____ () C:\Program Files (x86)\GUTDE1F.tmp
2015-11-08 18:12 - 2015-11-08 18:12 - 0005716 _____ () C:\Program Files\Common Files\howto_recover_file_bmjqq.html
2015-11-08 18:12 - 2015-11-08 18:12 - 0002570 _____ () C:\Program Files\Common Files\howto_recover_file_bmjqq.txt
2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Program Files\Common Files\howto_recover_file_eopss.html
2015-11-05 22:09 - 2015-11-05 22:09 - 0002543 _____ () C:\Program Files\Common Files\howto_recover_file_eopss.txt
2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Program Files\Common Files\howto_recover_file_xmcyc.html
2015-11-05 22:07 - 2015-11-05 22:07 - 0002543 _____ () C:\Program Files\Common Files\howto_recover_file_xmcyc.txt
2015-12-13 16:43 - 2015-12-13 16:43 - 0010464 _____ () C:\Program Files\Common Files\how_recover+bax.html
2015-12-13 16:43 - 2015-12-13 16:43 - 0002431 _____ () C:\Program Files\Common Files\how_recover+bax.txt
2015-11-22 20:34 - 2015-11-22 20:34 - 0007322 _____ () C:\Program Files\Common Files\_how_recover_bwr.HTML
2015-11-22 20:34 - 2015-11-22 20:34 - 0002597 _____ () C:\Program Files\Common Files\_how_recover_bwr.TXT
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\7X52i0gTexC.exe
2015-11-12 21:45 - 2015-11-12 21:45 - 0009096 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\HELP_DECRYPT.HTML
2015-11-12 21:45 - 2015-11-22 20:35 - 0048174 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\HELP_DECRYPT.PNG.ccc
2015-11-12 21:45 - 2015-11-22 20:35 - 0005166 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\HELP_DECRYPT.TXT.ccc
2015-11-08 18:14 - 2015-11-08 18:14 - 0005716 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_bmjqq.html
2015-11-08 18:14 - 2015-11-08 18:14 - 0002848 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_bmjqq.txt
2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_eopss.html
2015-11-05 22:09 - 2015-11-05 22:09 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_eopss.txt
2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_xmcyc.html
2015-11-05 22:07 - 2015-11-05 22:07 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_xmcyc.txt
2015-12-13 16:44 - 2015-12-13 16:44 - 0010464 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+bax.html
2015-12-13 16:44 - 2015-12-13 16:44 - 0002431 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+bax.txt
2015-12-21 22:15 - 2015-12-21 22:15 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+jyv.html
2015-12-21 22:15 - 2015-12-21 22:15 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+jyv.txt
2015-12-22 23:42 - 2015-12-22 23:42 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+xiq.html
2015-12-22 23:42 - 2015-12-22 23:42 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+xiq.txt
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\sqgps4h7o0lD.exe
2015-08-13 22:54 - 2015-08-14 11:48 - 0000074 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\WB.CFG
2015-11-22 20:35 - 2015-11-22 20:35 - 0007322 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\_how_recover_bwr.HTML
2015-11-22 20:35 - 2015-11-22 20:35 - 0002597 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\_how_recover_bwr.TXT
2015-12-22 23:29 - 2015-12-22 23:29 - 0000480 ____H () C:\Users\PROPRIETAIRE\AppData\Roaming\½Ó
2015-11-12 21:45 - 2015-11-12 21:45 - 0009096 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML
2015-11-12 21:45 - 2015-11-22 20:35 - 0048174 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG.ccc
2015-11-12 21:45 - 2015-11-22 20:35 - 0005166 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT.ccc
2015-11-08 18:14 - 2015-11-08 18:14 - 0005716 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_bmjqq.html
2015-11-08 18:14 - 2015-11-08 18:14 - 0002848 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_bmjqq.txt
2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_eopss.html
2015-11-05 22:09 - 2015-11-05 22:09 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_eopss.txt
2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_xmcyc.html
2015-11-05 22:07 - 2015-11-05 22:07 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_xmcyc.txt
2015-12-13 16:44 - 2015-12-13 16:44 - 0010464 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+bax.html
2015-12-13 16:44 - 2015-12-13 16:44 - 0002431 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+bax.txt
2015-12-21 22:15 - 2015-12-21 22:15 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+jyv.html
2015-12-21 22:15 - 2015-12-21 22:15 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+jyv.txt
2015-12-22 23:42 - 2015-12-22 23:42 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+xiq.html
2015-12-22 23:42 - 2015-12-22 23:42 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+xiq.txt
2015-11-22 20:35 - 2015-11-22 20:35 - 0007322 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\_how_recover_bwr.HTML
2015-11-22 20:35 - 2015-11-22 20:35 - 0002597 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\_how_recover_bwr.TXT
2016-07-10 21:26 - 2016-07-13 21:31 - 0000846 _____ () C:\Users\PROPRIETAIRE\AppData\Local\BTServer.log
2015-11-12 21:44 - 2015-11-12 21:44 - 0009096 _____ () C:\Users\PROPRIETAIRE\AppData\Local\HELP_DECRYPT.HTML
2015-11-12 21:44 - 2015-11-22 20:34 - 0048174 _____ () C:\Users\PROPRIETAIRE\AppData\Local\HELP_DECRYPT.PNG.ccc
2015-11-12 21:44 - 2015-11-22 20:34 - 0005166 _____ () C:\Users\PROPRIETAIRE\AppData\Local\HELP_DECRYPT.TXT.ccc
2015-11-08 18:12 - 2015-11-08 18:14 - 0005716 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_bmjqq.html
2015-11-08 18:12 - 2015-11-08 18:14 - 0002848 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_bmjqq.txt
2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_eopss.html
2015-11-05 22:09 - 2015-11-05 22:09 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_eopss.txt
2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_xmcyc.html
2015-11-05 22:07 - 2015-11-05 22:07 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_xmcyc.txt
2015-12-13 16:43 - 2015-12-13 16:44 - 0010464 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+bax.html
2015-12-13 16:43 - 2015-12-13 16:44 - 0002431 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+bax.txt
2015-12-21 22:15 - 2015-12-21 22:15 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+jyv.html
2015-12-21 22:15 - 2015-12-21 22:15 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+jyv.txt
2015-12-22 23:35 - 2015-12-22 23:42 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+xiq.html
2015-12-22 23:35 - 2015-12-22 23:42 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+xiq.txt
2015-08-20 12:44 - 2015-08-20 12:44 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nscE342.tmp
2015-08-20 14:07 - 2015-08-20 14:07 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nsh7F67.tmp
2015-08-14 23:20 - 2015-08-14 23:20 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nswDC77.tmp
2015-08-15 16:01 - 2015-08-15 16:01 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nswF82C.tmp
2015-08-15 23:35 - 2015-08-15 23:35 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nsx3876.tmp
2015-11-22 20:34 - 2015-11-22 20:35 - 0007322 _____ () C:\Users\PROPRIETAIRE\AppData\Local\_how_recover_bwr.HTML
2015-11-22 20:34 - 2015-11-22 20:35 - 0002597 _____ () C:\Users\PROPRIETAIRE\AppData\Local\_how_recover_bwr.TXT
2015-12-22 23:31 - 2015-12-22 23:31 - 0000008 ____H () C:\ProgramData\@000001.dat
2015-12-22 23:31 - 2016-04-06 12:26 - 0000000 ____H () C:\ProgramData\@system.temp
2015-12-22 23:29 - 2016-04-03 12:44 - 0000656 ____H () C:\ProgramData\@system3.att
2015-07-29 10:08 - 2015-07-29 10:08 - 0000108 _____ () C:\ProgramData\CameraRecorder.ini
2015-11-12 21:44 - 2015-11-12 21:44 - 0009096 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-11-12 21:44 - 2015-11-12 21:44 - 0047751 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-11-12 21:44 - 2015-11-12 21:44 - 0004736 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2016-02-10 01:28 - 2016-02-10 01:28 - 0000016 _____ () C:\ProgramData\mntemp
2016-02-10 15:11 - 2016-02-10 15:11 - 0004881 _____ () C:\ProgramData\rxsmznjf.zcp
2015-11-07 16:55 - 2015-11-07 16:55 - 0005632 _____ () C:\ProgramData\taskhost.exe
2015-12-16 23:20 - 2015-12-16 23:20 - 0000000 _____ () C:\ProgramData\{d781e3a1-e512-422f-aa6c-27428437cbc4}.lock
Fichiers à déplacer ou supprimer:
====================
C:\ProgramData\@000001.dat
C:\ProgramData\taskhost.exe
C:\Users\PROPRIETAIRE\bgfiznrs.exe
C:\Users\PROPRIETAIRE\xcbevjno.exe
C:\Users\PROPRIETAIRE\zedgxlpq.exe
Certains fichiers dans TEMP:
====================
C:\Users\PROPRIETAIRE\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap =================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll
[2011-05-26 12:01] - [2015-08-14 23:19] - 0357888 ____A (Microsoft Corporation) 0C04BFD58379086978EBB96A8DC73A2D
C:\Windows\SysWOW64\dnsapi.dll
[2011-05-26 12:01] - [2015-08-14 23:19] - 0270336 ____A (Microsoft Corporation) 213C8D386CE86F74A767A0589EFAC95F
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
==================== BCD ================================
Gestionnaire de d‚marrage Windows
---------------------------------
identificateur {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale fr-FR
inherit {globalsettings}
default {current}
resumeobject {27a6db19-3619-11e5-878d-b84fca84ca3c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Chargeur de d‚marrage Windows
-----------------------------
identificateur {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale fr-FR
inherit {bootloadersettings}
recoverysequence {27a6db1b-3619-11e5-878d-b84fca84ca3c}
recoveryenabled No
bootems No
advancedoptions No
optionsedit No
osdevice partition=C:
systemroot \Windows
resumeobject {27a6db19-3619-11e5-878d-b84fca84ca3c}
nx OptIn
bootstatuspolicy IgnoreAllFailures
Chargeur de d‚marrage Windows
-----------------------------
identificateur {27a6db1b-3619-11e5-878d-b84fca84ca3c}
device ramdisk=[C:]\Recovery\27a6db1b-3619-11e5-878d-b84fca84ca3c\Winre.wim,{27a6db1c-3619-11e5-878d-b84fca84ca3c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\27a6db1b-3619-11e5-878d-b84fca84ca3c\Winre.wim,{27a6db1c-3619-11e5-878d-b84fca84ca3c}
systemroot \windows
nx OptIn
winpe Yes
Reprendre … partir de la mise en veille prolong‚e
-------------------------------------------------
identificateur {27a6db19-3619-11e5-878d-b84fca84ca3c}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale fr-FR
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Testeur de m‚moire Windows
--------------------------
identificateur {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagnostics m‚moire Windows
locale fr-FR
inherit {globalsettings}
badmemoryaccess Yes
ParamŠtres EMS
--------------
identificateur {emssettings}
bootems Yes
ParamŠtres du d‚bogueur
-----------------------
identificateur {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
Erreurs de m‚moire RAM
----------------------
identificateur {badmemory}
ParamŠtres globaux
------------------
identificateur {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
ParamŠtres du chargeur de d‚marrage
-----------------------------------
identificateur {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
ParamŠtres de l'hyperviseur
-------------------
identificateur {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
ParamŠtres du chargeur de reprise
---------------------------------
identificateur {resumeloadersettings}
inherit {globalsettings}
Options de p‚riph‚rique
-----------------------
identificateur {27a6db1c-3619-11e5-878d-b84fca84ca3c}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\27a6db1b-3619-11e5-878d-b84fca84ca3c\boot.sdi
LastRegBack: 2015-07-31 17:23
==================== Fin de FRST.txt ============================