Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version:04-05-2016 Exécuté par Guillaume (administrateur) sur PC-DE-GUILLAUME (04-05-2016 19:58:18) Exécuté depuis C:\Users\Guillaume\Desktop Profils chargés: Guillaume (Profils disponibles: Guillaume) Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Langue: Français (France) Internet Explorer Version 9 (Navigateur par défaut: FF) Mode d'amorçage: Safe Mode (with Networking) Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor) HKLM\...\Run: [FijiKeyboard] => c:\Acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe [79416 2008-09-18] (Packard Bell BV) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-31] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKU\S-1-5-21-3398291942-3088011309-892675740-1000\...\Run: [OrangeInside] => C:\Users\Guillaume\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1526272 2012-11-22] (Orange) HKU\S-1-5-21-3398291942-3088011309-892675740-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-3398291942-3088011309-892675740-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation) HKU\S-1-5-21-3398291942-3088011309-892675740-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3398291942-3088011309-892675740-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3398291942-3088011309-892675740-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1391616 2006-11-02] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-11-28] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RIM.lnk [2014-04-28] ShortcutTarget: RIM.lnk -> C:\Program Files (x86)\Orange\RIM\fscommand\RIM.exe (WebToGo Mobiles Internet GmbH) BootExecute: autocheck autochk * ø˸ ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{1CDCC957-7A65-49B4-96BB-1636957A2978}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0609&m=imedia_s1710 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0609&m=imedia_s1710 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0609&m=imedia_s1710 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0609&m=imedia_s1710 HKU\S-1-5-21-3398291942-3088011309-892675740-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3398291942-3088011309-892675740-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKU\S-1-5-21-3398291942-3088011309-892675740-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW BHO: Désactivation du cookie publicitaire -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-11] (Google Inc) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-28] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2009-09-12] (Google Inc.) BHO: Pas de nom -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Pas de fichier BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation) BHO-x32: Désactivation du cookie publicitaire -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-11] (Google Inc) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-28] (AVAST Software) BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-12] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation) Toolbar: HKU\S-1-5-21-3398291942-3088011309-892675740-1000 -> Pas de nom - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Pas de fichier Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\7ziug170.default FF DefaultSearchEngine: Yahoo! (Avast) FF DefaultSearchUrl: hxxps://fr.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF FF Keyword.URL: hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] () FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] () FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-15] (Google) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\7ziug170.default\user.js [2016-05-04] FF SearchPlugin: C:\Users\Guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\7ziug170.default\searchplugins\yahoo-avast.xml [2014-09-15] FF Extension: MEGA - C:\Users\Guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\7ziug170.default\Extensions\firefox@mega.co.nz.xpi [2016-04-27] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [non signé] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-04] Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} CHR DefaultSearchKeyword: Default -> www.yahoo.com CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR Profile: C:\Users\Guillaume\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (avast! WebRep) - C:\Users\Guillaume\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-09-22] CHR Extension: (Portail Orange) - C:\Users\Guillaume\AppData\Local\Google\Chrome\User Data\Default\Extensions\jafdhbipfdlldljdanpnlipdinjcjjid [2014-04-28] CHR Extension: (Pas de nom) - C:\Users\Guillaume\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-15] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-28] ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-28] (AVAST Software) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2009-04-28] (Macrovision Europe Ltd.) [Fichier non signé] S2 GenericHidService; C:\Windows\system32\HidService.exe [83264 2008-05-29] (Packard Bell Services) S2 GenericHidService; C:\Windows\SysWOW64\HidService.exe [83264 2008-05-29] (Packard Bell Services) S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation) S2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2820424 2014-06-24] (CybelSoft) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-24] (Electronic Arts) S3 wampapache; c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation) [Fichier non signé] S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] () [Fichier non signé] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-28] () S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-11-28] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-28] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-28] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-28] (AVAST Software) S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-11-28] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-28] () S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2014-02-24] (CybelSoft) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U3 wampapache64; pas de ImagePath ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-05-04 19:58 - 2016-05-04 19:59 - 00016383 _____ C:\Users\Guillaume\Desktop\FRST.txt 2016-05-04 19:57 - 2016-05-04 19:57 - 02377216 _____ (Farbar) C:\Users\Guillaume\Desktop\FRST64.exe 2016-05-04 17:52 - 2014-11-28 16:26 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-05-03 22:37 - 2016-05-03 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-05-03 10:17 - 2016-05-03 10:17 - 00000000 ____D C:\Users\Guillaume\AppData\Roaming\Apple Computer 2016-05-02 07:32 - 2016-05-02 07:32 - 00000000 ____D C:\Users\Guillaume\AppData\Local\Apple 2016-05-02 07:32 - 2016-05-02 07:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-05-02 07:28 - 2016-05-02 07:28 - 00000000 ____D C:\Users\Guillaume\AppData\LocalLow\Apple Computer 2016-04-30 07:34 - 2016-04-30 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-04-29 13:10 - 2016-04-29 13:20 - 00039448 _____ C:\Users\Guillaume\Documents\RQTH.pdf 2016-04-29 13:08 - 2016-04-29 13:17 - 00026570 _____ C:\Users\Guillaume\Documents\RQTH.odt 2016-04-13 12:34 - 2016-03-22 01:00 - 01589168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-04-13 12:34 - 2016-03-22 01:00 - 01171488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-04-13 12:34 - 2016-03-18 20:15 - 01915392 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-04-13 12:34 - 2016-03-18 20:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-04-13 12:34 - 2016-03-18 19:10 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-04-13 12:34 - 2016-03-18 19:10 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-04-13 12:33 - 2016-03-18 18:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-04-13 12:33 - 2016-03-18 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-04-13 12:32 - 2016-03-29 23:48 - 02800640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-04-13 12:31 - 2016-03-18 20:15 - 00660480 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2016-04-13 12:31 - 2016-03-18 20:15 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-04-13 12:31 - 2016-03-18 20:15 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2016-04-13 12:31 - 2016-03-18 20:15 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-04-13 12:31 - 2016-03-18 20:14 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-04-13 12:31 - 2016-03-18 19:10 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-04-13 12:31 - 2016-03-18 19:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-04-13 12:31 - 2016-03-18 19:10 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2016-04-13 12:31 - 2016-03-04 18:40 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2016-04-13 12:30 - 2016-03-04 18:52 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2016-04-13 12:29 - 2016-03-17 21:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-04-13 12:29 - 2016-03-17 19:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-04-13 12:29 - 2016-03-17 19:45 - 00105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-04-13 06:24 - 2016-03-24 23:17 - 18804736 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-04-13 06:24 - 2016-03-24 23:14 - 02351616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-04-13 06:24 - 2016-03-24 23:09 - 10938880 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-04-13 06:24 - 2016-03-24 23:09 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-04-13 06:24 - 2016-03-24 23:08 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-04-13 06:24 - 2016-03-24 23:08 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-04-13 06:24 - 2016-03-24 23:07 - 02159104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-04-13 06:24 - 2016-03-24 23:07 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-04-13 06:24 - 2016-03-24 23:07 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2016-04-13 06:24 - 2016-03-24 23:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2016-04-13 06:24 - 2016-03-24 23:07 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2016-04-13 06:24 - 2016-03-24 22:40 - 01815552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-04-13 06:24 - 2016-03-24 22:38 - 12841472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-04-13 06:24 - 2016-03-24 22:36 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-04-13 06:24 - 2016-03-24 22:35 - 09753600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-04-13 06:24 - 2016-03-24 22:35 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-04-13 06:24 - 2016-03-24 22:34 - 01129984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-04-13 06:24 - 2016-03-24 22:33 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-04-13 06:24 - 2016-03-24 22:33 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-04-13 06:24 - 2016-03-24 22:33 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-04-13 06:24 - 2016-03-24 22:33 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-04-13 06:24 - 2016-03-24 22:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2016-04-13 06:24 - 2016-03-24 22:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-04-13 06:24 - 2016-03-24 22:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-04-13 06:24 - 2016-03-24 22:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-04-13 06:24 - 2016-03-24 22:32 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-04-13 06:24 - 2016-03-24 22:32 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-04-13 06:24 - 2016-03-24 22:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-04-13 06:24 - 2016-03-24 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-04-13 06:24 - 2016-03-24 22:32 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-04-13 06:24 - 2016-03-24 22:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2016-04-13 06:24 - 2016-03-24 22:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2016-04-13 06:24 - 2016-03-24 22:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2016-04-11 23:56 - 2016-04-12 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-04-08 08:12 - 2016-04-08 08:11 - 03119168 _____ C:\Users\Guillaume\Desktop\adwcleaner_5.109.exe ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-05-05 03:46 - 2014-09-18 11:10 - 00000000 ____D C:\AdwCleaner 2016-05-05 03:46 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool 2016-05-05 03:46 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc 2016-05-05 03:46 - 2006-11-02 14:33 - 79167488 _____ C:\Windows\system32\config\software_previous 2016-05-05 03:46 - 2006-11-02 14:33 - 36700160 _____ C:\Windows\system32\config\system_previous 2016-05-05 03:37 - 2006-11-02 14:33 - 76283904 _____ C:\Windows\system32\config\components_previous 2016-05-05 03:37 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\sam_previous 2016-05-04 19:58 - 2014-09-19 11:14 - 00000000 ____D C:\FRST 2016-05-04 19:07 - 2014-09-27 09:32 - 00000732 _____ C:\Users\Guillaume\AppData\Local\d3d9caps64.dat 2016-05-04 18:40 - 2008-01-21 12:01 - 01615904 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-04 18:40 - 2008-01-21 12:00 - 00721474 _____ C:\Windows\system32\perfh00C.dat 2016-05-04 18:40 - 2008-01-21 12:00 - 00145678 _____ C:\Windows\system32\perfc00C.dat 2016-05-04 18:40 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\inf 2016-05-04 18:36 - 2009-12-27 19:33 - 03364638 _____ C:\Windows\ntbtlog.txt 2016-05-04 18:14 - 2014-09-21 14:02 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-04 18:10 - 2014-09-18 16:52 - 00000000 ____D C:\Users\Guillaume\AppData\Local\CrashDumps 2016-05-04 18:04 - 2009-09-12 13:27 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-04 17:53 - 2014-11-28 16:27 - 00001789 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-05-04 17:52 - 2014-09-09 06:34 - 00003838 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-05-04 17:50 - 2015-09-01 16:19 - 00000000 ____D C:\Program Files (x86)\Steam 2016-05-04 17:50 - 2014-04-28 11:29 - 00000184 _____ C:\Users\Public\Documents\rim_expiry.xml 2016-05-04 17:48 - 2009-09-12 13:27 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-04 17:48 - 2009-08-28 13:36 - 00000000 ____D C:\Users\Guillaume 2016-05-04 17:48 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-04 17:48 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-04 17:48 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-04 17:10 - 2010-08-16 18:35 - 00001356 _____ C:\Users\Guillaume\AppData\Local\d3d9caps.dat 2016-05-04 17:10 - 2006-11-02 14:33 - 00524288 _____ C:\Windows\system32\config\default_previous 2016-05-04 17:07 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\security_previous 2016-05-04 15:31 - 2009-10-27 17:53 - 00000000 ____D C:\Windows\Minidump 2016-05-04 02:23 - 2016-01-24 11:33 - 00000000 ____D C:\Users\Guillaume\Documents\Pronostics 2016 2016-05-03 22:29 - 2011-05-05 11:15 - 00000000 ____D C:\Windows\SysWOW64\QuickTime 2016-05-03 22:26 - 2011-05-05 11:15 - 00000000 ____D C:\Program Files (x86)\QuickTime 2016-05-03 21:21 - 2014-09-21 13:54 - 00000000 ____D C:\Program Files (x86)\Java 2016-05-03 21:21 - 2014-02-25 09:09 - 00000000 ____D C:\Program Files\CCleaner 2016-05-03 21:21 - 2011-05-05 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-05-02 07:24 - 2009-08-28 13:36 - 00000000 ____D C:\Users\Guillaume\AppData\Local\VirtualStore 2016-04-25 18:40 - 2014-09-21 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-04-25 18:39 - 2016-01-30 16:34 - 00000000 ____D C:\Users\Guillaume\.oracle_jre_usage 2016-04-21 15:05 - 2012-12-05 06:58 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-04-16 21:24 - 2006-11-02 17:42 - 00032526 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-04-16 11:20 - 2009-09-12 13:25 - 00001012 _____ C:\Windows\Tasks\Google Software Updater.job 2016-04-13 14:06 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache 2016-04-13 13:42 - 2006-11-02 17:21 - 00330600 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-13 13:38 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2016-04-13 12:41 - 2013-07-29 03:00 - 00000000 ____D C:\Windows\system32\MRT 2016-04-13 12:35 - 2006-11-02 14:35 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-04-12 12:45 - 2014-10-24 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-04-12 12:45 - 2012-01-12 04:31 - 00003767 _____ C:\Windows\wininit.ini 2016-04-12 01:08 - 2009-09-12 13:29 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-08 17:58 - 2014-09-21 14:02 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-04-08 17:58 - 2014-09-21 14:02 - 00003854 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-04-08 17:58 - 2012-02-19 09:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-08 08:27 - 2014-09-18 17:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-04-08 08:26 - 2015-05-29 12:05 - 00000943 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-04-08 08:26 - 2014-09-18 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-04-08 08:26 - 2014-09-18 17:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware ==================== Fichiers à la racine de certains dossiers ======= 2014-01-09 16:03 - 2014-01-09 16:04 - 35404078 _____ () C:\Program Files (x86)\algoboxwin32_install.exe 2011-05-27 11:51 - 2011-05-27 11:51 - 0024576 _____ () C:\Program Files (x86)\removekey.exe 2015-09-01 16:19 - 2015-09-01 16:19 - 1476720 _____ () C:\Program Files (x86)\SteamSetup-1440016726.exe 2010-01-08 13:02 - 2013-06-01 08:10 - 0024492 _____ () C:\Users\Guillaume\AppData\Roaming\wklnhst.dat 2009-08-28 18:33 - 2013-10-28 12:42 - 0000552 _____ () C:\Users\Guillaume\AppData\Local\d3d8caps.dat 2010-08-16 18:35 - 2016-05-04 17:10 - 0001356 _____ () C:\Users\Guillaume\AppData\Local\d3d9caps.dat 2014-09-27 09:32 - 2016-05-04 19:07 - 0000732 _____ () C:\Users\Guillaume\AppData\Local\d3d9caps64.dat 2009-08-28 22:52 - 2015-10-16 06:01 - 0025088 _____ () C:\Users\Guillaume\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-10 16:58 - 2014-05-10 16:58 - 0432722 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistMSI0A47.txt 2011-03-01 07:57 - 2011-03-01 07:58 - 0438682 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistMSI0D54.txt 2015-03-06 17:14 - 2015-03-06 17:14 - 0416850 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistMSI2631.txt 2011-09-21 13:03 - 2011-09-21 13:03 - 0431332 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistMSI3A3D.txt 2012-10-29 14:57 - 2012-10-29 14:58 - 0386868 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistMSI5FC7.txt 2014-04-28 11:30 - 2014-04-28 11:30 - 0415152 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistMSI65AE.txt 2014-05-12 21:34 - 2014-05-12 21:34 - 0413956 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistMSI796A.txt 2014-05-10 16:58 - 2014-05-10 16:58 - 0011488 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistUI0A47.txt 2011-03-01 07:57 - 2011-03-01 07:58 - 0011722 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistUI0D54.txt 2015-03-06 17:14 - 2015-03-06 17:14 - 0011248 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistUI2631.txt 2011-09-21 13:03 - 2011-09-21 13:03 - 0011494 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistUI3A3D.txt 2012-10-29 14:57 - 2012-10-29 14:58 - 0011376 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistUI5FC7.txt 2014-04-28 11:30 - 2014-04-28 11:30 - 0011656 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistUI65AE.txt 2014-05-12 21:34 - 2014-05-12 21:34 - 0011964 _____ () C:\Users\Guillaume\AppData\Local\dd_vcredistUI796A.txt 2012-12-13 13:24 - 2012-12-13 13:24 - 0002251 _____ () C:\Users\Guillaume\AppData\Local\recently-used.xbel Fichiers à déplacer ou supprimer: ==================== C:\Users\Guillaume\Apache_OpenOffice_4.1.1_Win_x86_install_fr.exe C:\Users\Guillaume\avast_free6_01Net.exe C:\Users\Guillaume\install_flash_player.exe Certains fichiers dans TEMP: ==================== C:\Users\Guillaume\AppData\Local\Temp\AutoEdManager14.exe C:\Users\Guillaume\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Guillaume\AppData\Local\Temp\jre-8u51-windows-au.exe C:\Users\Guillaume\AppData\Local\Temp\jre-8u65-windows-au.exe C:\Users\Guillaume\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\Guillaume\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\Guillaume\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Guillaume\AppData\Local\Temp\libeay32.dll C:\Users\Guillaume\AppData\Local\Temp\msvcr120.dll C:\Users\Guillaume\AppData\Local\Temp\Quarantine.exe C:\Users\Guillaume\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2016-05-04 18:55 ==================== Fin de FRST.txt ============================