Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02 Exécuté par PROPRIETAIRE (administrateur) sur PROPRIETAIRE-PC (13-07-2016 21:57:06) Exécuté depuis C:\Users\PROPRIETAIRE\Downloads Profils chargés: PROPRIETAIRE (Profils disponibles: PROPRIETAIRE) Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-07] (AVAST Software) HKLM-x32\...\Run: [gmsd_fr_004010058] => [X] HKLM-x32\...\Run: [gmsd_fr_002020057] => [X] HKLM-x32\...\Run: [ospd_us_013010060] => [X] HKLM-x32\...\Run: [gmsd_fr_005010060] => [X] HKLM-x32\...\Run: [gmsd_fr_005010061] => [X] HKLM-x32\...\Run: [gmsd_fr_005010062] => [X] HKLM-x32\...\Run: [gmsd_fr_005010065] => [X] HKLM-x32\...\Run: [rec_fr_70] => [X] HKLM-x32\...\Run: [rec_fr_74] => [X] HKLM-x32\...\Run: [rec_fr_130] => [X] HKLM-x32\...\Run: [rec_fr_142] => "C:\Program Files (x86)\rec_fr_142\rec_fr_142.exe" HKLM-x32\...\Run: [rec_fr_194] => [X] HKLM-x32\...\Run: [rec_fr_217] => [X] HKLM-x32\...\Run: [rec_fr_236] => [X] HKLM-x32\...\Run: [rec_fr_245] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.) HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8824024 2016-06-21] (Piriform Ltd) HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\MountPoints2: {62629f10-35c5-11e5-ae88-806e6f6e6963} - D:\Autorun.exe HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-05-26] (Microsoft Corporation) <==== ATTENTION ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] () ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-29] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PROPRIETAIRE\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-22] (Microsoft Corporation) Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-11-12] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG.ccc [2015-11-22] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT.ccc [2015-11-22] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_bmjqq.html [2015-11-08] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_bmjqq.txt [2015-11-08] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_eopss.html [2015-11-05] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_eopss.txt [2015-11-05] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_xmcyc.html [2015-11-05] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\howto_recover_file_xmcyc.txt [2015-11-05] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+bax.html [2015-12-13] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+bax.txt [2015-12-13] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+jyv.html [2015-12-21] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+jyv.txt [2015-12-21] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+xiq.html [2015-12-22] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+xiq.txt [2015-12-22] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_how_recover_bwr.HTML [2015-11-22] () Startup: C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_how_recover_bwr.TXT [2015-11-22] () GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.192.1 Tcpip\..\Interfaces\{F588E4C1-E2C7-4BD7-98B4-8E1A3E3454EF}: [DhcpNameServer] 192.168.192.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms} HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439587144&z=a3df213f01db3fdaa818017g5z6cat9w9b0m3efwdz&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms} HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509 HKU\S-1-5-21-1021159736-3934540969-1454484023-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439587144&z=a3df213f01db3fdaa818017g5z6cat9w9b0m3efwdz&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms} SearchScopes: HKLM -> OldSearch URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1021159736-3934540969-1454484023-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1021159736-3934540969-1454484023-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439763809&z=e7e63d1189c73f1e6b56f2bgbzdcet4m7q6c9m2g6w&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509&q={searchTerms} SearchScopes: HKU\S-1-5-21-1021159736-3934540969-1454484023-1000 -> {C9C37F1F-5B6F-4454-A2AB-85B37B49C573} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Pass and Play -> {292eca49-b475-4045-bad4-fe9e5d9cd084} -> C:\Program Files (x86)\Pass and Play\Extensions\292eca49-b475-4045-bad4-fe9e5d9cd084.dll => Pas de fichier BHO-x32: Search My Window -> {4e31961d-e8c3-4ab0-9829-8e0f08f8dd01} -> C:\Program Files (x86)\Search My Window\Extensions\4e31961d-e8c3-4ab0-9829-8e0f08f8dd01.dll => Pas de fichier BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1439587144&z=a3df213f01db3fdaa818017g5z6cat9w9b0m3efwdz&from=face&uid=KINGSTONXSV300S37A120G_50026B775604E509 FireFox: ======== FF ProfilePath: C:\Users\PROPRIETAIRE\AppData\Roaming\Mozilla\Firefox\Profiles\ljc4p2kk.default FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Pas de fichier] FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems) Chrome: ======= CHR dev: Chrome dev build détecté(e)! <======= ATTENTION CHR HomePage: Default -> hxxps://www.google.fr/ CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBcgleWFpBFhgUeAgMTA0QRAYOeAhaWRQURAZGdwwKUVpCQ1cFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8WGJKLl1XFg==" CHR Profile: C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22] CHR Extension: (Google Docs) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22] CHR Extension: (Google Drive) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22] CHR Extension: (YouTube) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22] CHR Extension: (Recherche Google) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22] CHR Extension: (Google Sheets) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22] CHR Extension: (Skype) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-03] CHR Extension: (Gmail) - C:\Users\PROPRIETAIRE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-29] (AVAST Software) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [Fichier non signé] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [Fichier non signé] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-06-24] (Micro-Star International Co., Ltd.) [Fichier non signé] R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [Fichier non signé] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X] ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-29] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-29] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-29] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-29] (AVAST Software) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.) S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) R1 {9d137548-46b5-486c-959a-b80a01c74d8c}Gw64; C:\Windows\System32\drivers\{9d137548-46b5-486c-959a-b80a01c74d8c}Gw64.sys [48784 2015-08-14] (StdLib) R1 {f626d478-aad6-4329-b6e1-e53ccb31466e}Gw64; C:\Windows\System32\drivers\{f626d478-aad6-4329-b6e1-e53ccb31466e}Gw64.sys [48792 2015-08-19] (StdLib) S3 cpuz134; \??\C:\Users\PROPRI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] S3 MBfilt; system32\drivers\MBfilt64.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-07-13 21:57 - 2016-07-13 21:57 - 00022026 _____ C:\Users\PROPRIETAIRE\Downloads\FRST.txt 2016-07-13 21:56 - 2016-07-13 21:57 - 00000000 ____D C:\FRST 2016-07-13 21:55 - 2016-07-13 21:56 - 02390528 _____ (Farbar) C:\Users\PROPRIETAIRE\Downloads\FRST64.exe 2016-07-13 21:49 - 2016-07-13 21:49 - 00242376 _____ C:\Users\PROPRIETAIRE\Downloads\Firefox Setup Stub 47.0.1.exe 2016-07-13 21:49 - 2016-07-13 21:49 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-07-13 21:49 - 2016-07-13 21:49 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Mozilla 2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Mozilla 2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-07-13 21:49 - 2016-07-13 21:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-07-13 21:28 - 2016-07-13 21:28 - 03712064 _____ C:\Users\PROPRIETAIRE\Downloads\AdwCleaner (1).exe 2016-07-10 22:06 - 2016-07-10 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pop up Blocker v6.0.6 2016-07-10 22:05 - 2016-07-10 22:05 - 00547577 _____ C:\Users\PROPRIETAIRE\Downloads\PB.exe 2016-07-10 21:36 - 2016-07-10 21:36 - 06996256 _____ (Piriform Ltd) C:\Users\PROPRIETAIRE\Downloads\ccsetup_519.exe 2016-07-10 21:36 - 2016-07-10 21:36 - 06996256 _____ (Piriform Ltd) C:\Users\PROPRIETAIRE\Downloads\ccsetup_519 (1).exe 2016-07-10 21:36 - 2016-07-10 21:36 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-07-10 21:36 - 2016-07-10 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-07-10 21:36 - 2016-07-10 21:36 - 00000000 ____D C:\Program Files\CCleaner 2016-07-10 21:26 - 2016-07-10 21:26 - 00000000 ____D C:\ProgramData\Realtek 2016-07-10 12:54 - 2016-07-10 12:54 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Apps\2.0 ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-07-13 21:56 - 2015-07-30 23:43 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Skype 2016-07-13 21:46 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-13 21:46 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-13 21:38 - 2015-07-29 10:04 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-13 21:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-07-13 21:36 - 2011-05-26 11:48 - 00632420 _____ C:\Windows\system32\perfh007.dat 2016-07-13 21:36 - 2011-05-26 11:48 - 00125478 _____ C:\Windows\system32\perfc007.dat 2016-07-13 21:36 - 2011-05-26 11:38 - 00694212 _____ C:\Windows\system32\perfh00C.dat 2016-07-13 21:36 - 2011-05-26 11:38 - 00426456 _____ C:\Windows\system32\perfh001.dat 2016-07-13 21:36 - 2011-05-26 11:38 - 00127214 _____ C:\Windows\system32\perfc00C.dat 2016-07-13 21:36 - 2011-05-26 11:38 - 00075714 _____ C:\Windows\system32\perfc001.dat 2016-07-13 21:36 - 2009-07-14 07:13 - 02777086 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-13 21:32 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2016-07-13 21:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-13 21:30 - 2015-07-29 09:46 - 00000973 _____ C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-07-13 21:30 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System 2016-07-10 21:48 - 2015-09-12 11:16 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Experience Web 2016-07-10 21:43 - 2015-08-14 16:33 - 00000000 ____D C:\Windows\pss 2016-07-10 21:38 - 2015-10-30 13:14 - 00000000 ____D C:\Windows\Minidump 2016-07-10 21:38 - 2015-07-29 19:42 - 00000000 ____D C:\Windows\Panther 2016-07-10 21:26 - 2015-07-29 10:04 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Adobe 2016-07-10 21:26 - 2015-07-29 09:45 - 00000000 ____D C:\Users\PROPRIETAIRE 2016-07-10 21:26 - 2009-07-14 07:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-07-10 21:25 - 2016-02-08 16:21 - 00000000 ____D C:\Users\PROPRIETAIRE\Documents\Nouveau dossier 2016-07-10 21:25 - 2015-12-21 22:15 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Adworks 2016-07-10 21:25 - 2015-11-05 22:04 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2016-07-10 21:25 - 2015-08-15 13:35 - 00000000 ____D C:\Program Files (x86)\SavaeLooTTs 2016-07-10 21:25 - 2015-08-15 13:35 - 00000000 ____D C:\Program Files (x86)\SaaveLLoets 2016-07-10 21:25 - 2015-08-14 23:45 - 00000000 ____D C:\Program Files (x86)\933d0288-7b9e-4ed7-ac01-2a516afcd449 2016-07-10 21:25 - 2015-08-14 23:25 - 00000000 ____D C:\Users\Public\QiYi 2016-07-10 21:25 - 2015-08-13 22:57 - 00000000 ____D C:\ProgramData\CersIuo 2016-07-10 21:25 - 2015-08-12 21:51 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\ICSharpCode.net 2016-07-10 21:25 - 2015-08-11 23:45 - 00000000 ___HD C:\ProgramData\wky 2016-07-10 21:25 - 2015-08-11 23:23 - 00000000 ____D C:\Program Files (x86)\13981c2b-505f-4f8c-9a61-7ec330cd7798 2016-07-10 21:25 - 2015-08-04 20:18 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Adobe 2016-07-10 21:25 - 2015-07-30 23:43 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Skype 2016-07-10 21:25 - 2015-07-29 11:15 - 00000000 __RHD C:\MSOCache 2016-07-10 21:25 - 2015-07-29 10:08 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\MSI 2016-07-10 21:25 - 2015-07-29 10:07 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-07-10 21:25 - 2015-07-29 10:05 - 00000000 ____D C:\ProgramData\Adobe 2016-07-10 21:25 - 2015-07-29 10:04 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Google 2016-07-10 21:25 - 2015-07-29 10:04 - 00000000 ____D C:\ProgramData\AVAST Software 2016-07-10 21:25 - 2015-07-29 09:58 - 00000000 ____D C:\Program Files (x86)\Cisco 2016-07-10 21:25 - 2015-07-29 09:57 - 00000000 ____D C:\Windows\SysWOW64\sda 2016-07-10 21:25 - 2015-07-29 09:57 - 00000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver 2016-07-10 21:25 - 2015-07-29 09:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-07-10 21:25 - 2015-07-29 09:54 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-07-10 21:25 - 2011-04-12 10:28 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-07-10 21:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-07-10 21:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security 2016-07-10 21:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2016-07-10 21:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2016-07-10 13:38 - 2015-10-10 23:33 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\PDAppFlex 2016-07-10 13:38 - 2015-08-20 12:32 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Intel 2016-07-10 13:38 - 2015-08-17 00:22 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\2521AAFA-BB26-4E55-A2A1-51F1E331C3B 2016-07-10 13:38 - 2015-08-15 23:03 - 00000000 ____D C:\Users\PROPRIETAIRE\.android 2016-07-10 13:38 - 2015-08-15 12:52 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Democratic Peace 2016-07-10 13:38 - 2015-08-14 23:25 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Unity 2016-07-10 13:38 - 2015-08-14 23:25 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Unity 2016-07-10 13:38 - 2015-08-14 23:21 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Macromedia 2016-07-10 13:38 - 2015-08-14 23:18 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Company 2016-07-10 13:38 - 2015-08-13 22:57 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Opera Software 2016-07-10 13:38 - 2015-08-13 22:57 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Opera Software 2016-07-10 13:38 - 2015-08-11 23:56 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\CrashRpt 2016-07-10 13:38 - 2015-08-09 23:29 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\GWX 2016-07-10 13:38 - 2015-08-05 11:03 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\LocalLow\Adobe 2016-07-10 13:38 - 2015-08-05 11:03 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\CEF 2016-07-10 13:38 - 2015-08-02 00:23 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Origin 2016-07-10 13:38 - 2015-08-01 11:51 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2016-07-10 13:38 - 2015-07-30 23:47 - 00000000 ____D C:\Users\PROPRIETAIRE\Tracing 2016-07-10 13:38 - 2015-07-30 10:34 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Local\Windows Live 2016-07-10 13:38 - 2015-07-29 10:05 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\AVAST Software 2016-07-10 13:38 - 2015-07-29 10:00 - 00000000 ____D C:\Users\PROPRIETAIRE\Intel 2016-07-10 13:38 - 2015-07-29 10:00 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Intel Corporation 2016-07-10 13:38 - 2015-07-29 09:59 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\InstallShield 2016-07-10 13:38 - 2015-07-29 09:45 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\Media Center Programs 2016-07-10 13:38 - 2011-04-12 10:28 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs 2016-07-10 13:38 - 2009-07-14 05:20 - 00000000 ____D C:\PerfLogs 2016-06-13 23:37 - 2015-08-14 16:37 - 00000000 ____D C:\Users\PROPRIETAIRE\AppData\Roaming\vlc ==================== Fichiers à la racine de certains dossiers ======= 2015-11-08 18:12 - 2015-11-08 18:12 - 0005716 _____ () C:\Program Files\howto_recover_file_bmjqq.html 2015-11-08 18:12 - 2015-11-08 18:12 - 0002570 _____ () C:\Program Files\howto_recover_file_bmjqq.txt 2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Program Files\howto_recover_file_eopss.html 2015-11-05 22:09 - 2015-11-05 22:09 - 0002543 _____ () C:\Program Files\howto_recover_file_eopss.txt 2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Program Files\howto_recover_file_xmcyc.html 2015-11-05 22:07 - 2015-11-05 22:07 - 0002543 _____ () C:\Program Files\howto_recover_file_xmcyc.txt 2015-12-13 16:43 - 2015-12-13 16:43 - 0010464 _____ () C:\Program Files\how_recover+bax.html 2015-12-13 16:43 - 2015-12-13 16:43 - 0002431 _____ () C:\Program Files\how_recover+bax.txt 2015-11-22 20:34 - 2015-11-22 20:34 - 0007322 _____ () C:\Program Files\_how_recover_bwr.HTML 2015-11-22 20:34 - 2015-11-22 20:34 - 0002597 _____ () C:\Program Files\_how_recover_bwr.TXT 2015-07-29 10:09 - 2015-07-29 10:09 - 6420480 _____ () C:\Program Files (x86)\GUTDE1F.tmp 2015-11-08 18:12 - 2015-11-08 18:12 - 0005716 _____ () C:\Program Files\Common Files\howto_recover_file_bmjqq.html 2015-11-08 18:12 - 2015-11-08 18:12 - 0002570 _____ () C:\Program Files\Common Files\howto_recover_file_bmjqq.txt 2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Program Files\Common Files\howto_recover_file_eopss.html 2015-11-05 22:09 - 2015-11-05 22:09 - 0002543 _____ () C:\Program Files\Common Files\howto_recover_file_eopss.txt 2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Program Files\Common Files\howto_recover_file_xmcyc.html 2015-11-05 22:07 - 2015-11-05 22:07 - 0002543 _____ () C:\Program Files\Common Files\howto_recover_file_xmcyc.txt 2015-12-13 16:43 - 2015-12-13 16:43 - 0010464 _____ () C:\Program Files\Common Files\how_recover+bax.html 2015-12-13 16:43 - 2015-12-13 16:43 - 0002431 _____ () C:\Program Files\Common Files\how_recover+bax.txt 2015-11-22 20:34 - 2015-11-22 20:34 - 0007322 _____ () C:\Program Files\Common Files\_how_recover_bwr.HTML 2015-11-22 20:34 - 2015-11-22 20:34 - 0002597 _____ () C:\Program Files\Common Files\_how_recover_bwr.TXT 2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\7X52i0gTexC.exe 2015-11-12 21:45 - 2015-11-12 21:45 - 0009096 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\HELP_DECRYPT.HTML 2015-11-12 21:45 - 2015-11-22 20:35 - 0048174 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\HELP_DECRYPT.PNG.ccc 2015-11-12 21:45 - 2015-11-22 20:35 - 0005166 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\HELP_DECRYPT.TXT.ccc 2015-11-08 18:14 - 2015-11-08 18:14 - 0005716 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_bmjqq.html 2015-11-08 18:14 - 2015-11-08 18:14 - 0002848 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_bmjqq.txt 2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_eopss.html 2015-11-05 22:09 - 2015-11-05 22:09 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_eopss.txt 2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_xmcyc.html 2015-11-05 22:07 - 2015-11-05 22:07 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\howto_recover_file_xmcyc.txt 2015-12-13 16:44 - 2015-12-13 16:44 - 0010464 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+bax.html 2015-12-13 16:44 - 2015-12-13 16:44 - 0002431 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+bax.txt 2015-12-21 22:15 - 2015-12-21 22:15 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+jyv.html 2015-12-21 22:15 - 2015-12-21 22:15 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+jyv.txt 2015-12-22 23:42 - 2015-12-22 23:42 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+xiq.html 2015-12-22 23:42 - 2015-12-22 23:42 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\how_recover+xiq.txt 2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\sqgps4h7o0lD.exe 2015-08-13 22:54 - 2015-08-14 11:48 - 0000074 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\WB.CFG 2015-11-22 20:35 - 2015-11-22 20:35 - 0007322 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\_how_recover_bwr.HTML 2015-11-22 20:35 - 2015-11-22 20:35 - 0002597 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\_how_recover_bwr.TXT 2015-12-22 23:29 - 2015-12-22 23:29 - 0000480 ____H () C:\Users\PROPRIETAIRE\AppData\Roaming\½ž’“Ó™œ‰ 2015-11-12 21:45 - 2015-11-12 21:45 - 0009096 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML 2015-11-12 21:45 - 2015-11-22 20:35 - 0048174 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG.ccc 2015-11-12 21:45 - 2015-11-22 20:35 - 0005166 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT.ccc 2015-11-08 18:14 - 2015-11-08 18:14 - 0005716 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_bmjqq.html 2015-11-08 18:14 - 2015-11-08 18:14 - 0002848 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_bmjqq.txt 2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_eopss.html 2015-11-05 22:09 - 2015-11-05 22:09 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_eopss.txt 2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_xmcyc.html 2015-11-05 22:07 - 2015-11-05 22:07 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\howto_recover_file_xmcyc.txt 2015-12-13 16:44 - 2015-12-13 16:44 - 0010464 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+bax.html 2015-12-13 16:44 - 2015-12-13 16:44 - 0002431 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+bax.txt 2015-12-21 22:15 - 2015-12-21 22:15 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+jyv.html 2015-12-21 22:15 - 2015-12-21 22:15 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+jyv.txt 2015-12-22 23:42 - 2015-12-22 23:42 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+xiq.html 2015-12-22 23:42 - 2015-12-22 23:42 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\how_recover+xiq.txt 2015-11-22 20:35 - 2015-11-22 20:35 - 0007322 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\_how_recover_bwr.HTML 2015-11-22 20:35 - 2015-11-22 20:35 - 0002597 _____ () C:\Users\PROPRIETAIRE\AppData\Roaming\Microsoft\_how_recover_bwr.TXT 2016-07-10 21:26 - 2016-07-13 21:31 - 0000846 _____ () C:\Users\PROPRIETAIRE\AppData\Local\BTServer.log 2015-11-12 21:44 - 2015-11-12 21:44 - 0009096 _____ () C:\Users\PROPRIETAIRE\AppData\Local\HELP_DECRYPT.HTML 2015-11-12 21:44 - 2015-11-22 20:34 - 0048174 _____ () C:\Users\PROPRIETAIRE\AppData\Local\HELP_DECRYPT.PNG.ccc 2015-11-12 21:44 - 2015-11-22 20:34 - 0005166 _____ () C:\Users\PROPRIETAIRE\AppData\Local\HELP_DECRYPT.TXT.ccc 2015-11-08 18:12 - 2015-11-08 18:14 - 0005716 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_bmjqq.html 2015-11-08 18:12 - 2015-11-08 18:14 - 0002848 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_bmjqq.txt 2015-11-05 22:09 - 2015-11-05 22:09 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_eopss.html 2015-11-05 22:09 - 2015-11-05 22:09 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_eopss.txt 2015-11-05 22:07 - 2015-11-05 22:07 - 0006671 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_xmcyc.html 2015-11-05 22:07 - 2015-11-05 22:07 - 0002816 _____ () C:\Users\PROPRIETAIRE\AppData\Local\howto_recover_file_xmcyc.txt 2015-12-13 16:43 - 2015-12-13 16:44 - 0010464 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+bax.html 2015-12-13 16:43 - 2015-12-13 16:44 - 0002431 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+bax.txt 2015-12-21 22:15 - 2015-12-21 22:15 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+jyv.html 2015-12-21 22:15 - 2015-12-21 22:15 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+jyv.txt 2015-12-22 23:35 - 2015-12-22 23:42 - 0010654 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+xiq.html 2015-12-22 23:35 - 2015-12-22 23:42 - 0002411 _____ () C:\Users\PROPRIETAIRE\AppData\Local\how_recover+xiq.txt 2015-08-20 12:44 - 2015-08-20 12:44 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nscE342.tmp 2015-08-20 14:07 - 2015-08-20 14:07 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nsh7F67.tmp 2015-08-14 23:20 - 2015-08-14 23:20 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nswDC77.tmp 2015-08-15 16:01 - 2015-08-15 16:01 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nswF82C.tmp 2015-08-15 23:35 - 2015-08-15 23:35 - 0613255 _____ (CMI Limited) C:\Users\PROPRIETAIRE\AppData\Local\nsx3876.tmp 2015-11-22 20:34 - 2015-11-22 20:35 - 0007322 _____ () C:\Users\PROPRIETAIRE\AppData\Local\_how_recover_bwr.HTML 2015-11-22 20:34 - 2015-11-22 20:35 - 0002597 _____ () C:\Users\PROPRIETAIRE\AppData\Local\_how_recover_bwr.TXT 2015-12-22 23:31 - 2015-12-22 23:31 - 0000008 ____H () C:\ProgramData\@000001.dat 2015-12-22 23:31 - 2016-04-06 12:26 - 0000000 ____H () C:\ProgramData\@system.temp 2015-12-22 23:29 - 2016-04-03 12:44 - 0000656 ____H () C:\ProgramData\@system3.att 2015-07-29 10:08 - 2015-07-29 10:08 - 0000108 _____ () C:\ProgramData\CameraRecorder.ini 2015-11-12 21:44 - 2015-11-12 21:44 - 0009096 _____ () C:\ProgramData\HELP_DECRYPT.HTML 2015-11-12 21:44 - 2015-11-12 21:44 - 0047751 _____ () C:\ProgramData\HELP_DECRYPT.PNG 2015-11-12 21:44 - 2015-11-12 21:44 - 0004736 _____ () C:\ProgramData\HELP_DECRYPT.TXT 2016-02-10 01:28 - 2016-02-10 01:28 - 0000016 _____ () C:\ProgramData\mntemp 2016-02-10 15:11 - 2016-02-10 15:11 - 0004881 _____ () C:\ProgramData\rxsmznjf.zcp 2015-11-07 16:55 - 2015-11-07 16:55 - 0005632 _____ () C:\ProgramData\taskhost.exe 2015-12-16 23:20 - 2015-12-16 23:20 - 0000000 _____ () C:\ProgramData\{d781e3a1-e512-422f-aa6c-27428437cbc4}.lock Fichiers à déplacer ou supprimer: ==================== C:\ProgramData\@000001.dat C:\ProgramData\taskhost.exe C:\Users\PROPRIETAIRE\bgfiznrs.exe C:\Users\PROPRIETAIRE\xcbevjno.exe C:\Users\PROPRIETAIRE\zedgxlpq.exe Certains fichiers dans TEMP: ==================== C:\Users\PROPRIETAIRE\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll [2011-05-26 12:01] - [2015-08-14 23:19] - 0357888 ____A (Microsoft Corporation) 0C04BFD58379086978EBB96A8DC73A2D C:\Windows\SysWOW64\dnsapi.dll [2011-05-26 12:01] - [2015-08-14 23:19] - 0270336 ____A (Microsoft Corporation) 213C8D386CE86F74A767A0589EFAC95F C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement ==================== BCD ================================ Gestionnaire de d‚marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {27a6db19-3619-11e5-878d-b84fca84ca3c} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Chargeur de d‚marrage Windows ----------------------------- identificateur {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale fr-FR inherit {bootloadersettings} recoverysequence {27a6db1b-3619-11e5-878d-b84fca84ca3c} recoveryenabled No bootems No advancedoptions No optionsedit No osdevice partition=C: systemroot \Windows resumeobject {27a6db19-3619-11e5-878d-b84fca84ca3c} nx OptIn bootstatuspolicy IgnoreAllFailures Chargeur de d‚marrage Windows ----------------------------- identificateur {27a6db1b-3619-11e5-878d-b84fca84ca3c} device ramdisk=[C:]\Recovery\27a6db1b-3619-11e5-878d-b84fca84ca3c\Winre.wim,{27a6db1c-3619-11e5-878d-b84fca84ca3c} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\27a6db1b-3619-11e5-878d-b84fca84ca3c\Winre.wim,{27a6db1c-3619-11e5-878d-b84fca84ca3c} systemroot \windows nx OptIn winpe Yes Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {27a6db19-3619-11e5-878d-b84fca84ca3c} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale fr-FR inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Testeur de m‚moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Diagnostics m‚moire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes ParamŠtres EMS -------------- identificateur {emssettings} bootems Yes ParamŠtres du d‚bogueur ----------------------- identificateur {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Erreurs de m‚moire RAM ---------------------- identificateur {badmemory} ParamŠtres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ParamŠtres du chargeur de d‚marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} ParamŠtres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ParamŠtres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de p‚riph‚rique ----------------------- identificateur {27a6db1c-3619-11e5-878d-b84fca84ca3c} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\27a6db1b-3619-11e5-878d-b84fca84ca3c\boot.sdi LastRegBack: 2015-07-31 17:23 ==================== Fin de FRST.txt ============================