Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by cezki (administrator) on PC-DE-CEZKI on 15-03-2015 14:56:22 Running from C:\Users\cezki\bureau Loaded Profiles: cezki (Available profiles: cezki) Platform: Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86) OS Language: Français (France) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [QuickTime Task] => C:\Program Files\VistaCodecPack\QT\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKU\S-1-5-21-230460946-3536391274-1308363112-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-230460946-3536391274-1308363112-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-230460946-3536391274-1308363112-1000\...\MountPoints2: {b0799589-5bed-11de-b894-001921da85da} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\launcher.exe HKU\S-1-5-21-230460946-3536391274-1308363112-1000\...\MountPoints2: {f418b0ba-a421-11de-bce9-001921da85da} - J:\Memorybar.exe HKU\S-1-5-21-230460946-3536391274-1308363112-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION! ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-230460946-3536391274-1308363112-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-230460946-3536391274-1308363112-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-230460946-3536391274-1308363112-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com?fr=hp-avast&type=avastbcl HKU\S-1-5-21-230460946-3536391274-1308363112-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp URLSearchHook: HKLM - (No Name) - {33727f97-486d-4d19-97c3-23f432ef93fc} - No File SearchScopes: HKLM -> {91E3C76E-B1B6-414F-9AAF-E0E3B87B1C23} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-230460946-3536391274-1308363112-1000 -> E7408E019B754A4D9379AE9E6624614D URL = http://www.google.fr/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_fr SearchScopes: HKU\S-1-5-21-230460946-3536391274-1308363112-1000 -> Live Search URL = http://search.live.com/results.aspx?q={searchTerms}&mkt=fr-fr&FORM=MIMWA2 SearchScopes: HKU\S-1-5-21-230460946-3536391274-1308363112-1000 -> {6424E0C4-0C27-4691-AD1F-A4F09B9E017C} URL = http://www.google.fr/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_fr SearchScopes: HKU\S-1-5-21-230460946-3536391274-1308363112-1000 -> {814C76CB-2623-43F4-AAD0-58A0E5190A20} URL = http://r.orange.fr/r?ref=O_OI_hook_openSearchIE&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata={searchTerms} SearchScopes: HKU\S-1-5-21-230460946-3536391274-1308363112-1000 -> {91E3C76E-B1B6-414F-9AAF-E0E3B87B1C23} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 SearchScopes: HKU\S-1-5-21-230460946-3536391274-1308363112-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: No Name -> {33727f97-486d-4d19-97c3-23f432ef93fc} -> No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-14] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09] (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-14] (Google Inc.) DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File [] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\cezki\AppData\Roaming\Mozilla\Firefox\Profiles\1ugain1c.default FF SearchEngineOrder.3: Bing FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.11.2105 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2006-11-03] (RealNetworks, Inc.) FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll [2006-11-03] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.2.2629 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2007-03-08] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll [2006-11-03] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-10] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-10] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-06-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-06-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-06-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-06-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-06-18] (Apple Inc.) FF SearchPlugin: C:\Users\cezki\AppData\Roaming\Mozilla\Firefox\Profiles\1ugain1c.default\searchplugins\orange.xml [2012-07-28] FF Extension: No Name - C:\Users\cezki\AppData\Roaming\Mozilla\Firefox\Profiles\1ugain1c.default\Extensions\menu_contextuel_orange@orange.fr [2012-04-26] FF Extension: barre d'outils Orange - C:\Users\cezki\AppData\Roaming\Mozilla\Firefox\Profiles\1ugain1c.default\Extensions\toolbar@Orange.fr [2012-07-22] FF Extension: Plugin Orange Installeur - C:\Users\cezki\AppData\Roaming\Mozilla\Firefox\Profiles\1ugain1c.default\Extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF} [2012-04-26] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-30] FF Extension: No Name - C:\Users\cezki\AppData\Roaming\Mozilla\Firefox\Profiles\1ugain1c.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f} [Not Found] FF Extension: No Name - C:\Users\cezki\AppData\Roaming\Mozilla\Firefox\Profiles\1ugain1c.default\extensions\wrigtdamon@yahoo.com [Not Found] FF Extension: No Name - C:\Users\cezki\AppData\Roaming\Mozilla\Firefox\Profiles\1ugain1c.default\extensions\faststartff@gmail.com [Not Found] Chrome: ======= CHR HomePage: Default -> https://fr.yahoo.com?fr=hp-avast&type=avastbcl CHR StartupUrls: Default -> "https://fr.yahoo.com?fr=hp-avast&type=avastbcl" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll () CHR Plugin: (Orange Installer Plugin) - C:\Users\cezki\AppData\Local\Google\Chrome\User Data\Default\Extensions\flgckaanghhcpoadadiendjemegkccmf\1.2.5.0_0\/plugins/npOrangeInstaller.dll (Orange IT&L@bs) CHR Plugin: (Java(TM) Platform SE 6 U19) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Google Update) - C:\Users\cezki\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\cezki\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\cezki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17] CHR Extension: (Google Search) - C:\Users\cezki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17] CHR Extension: (Plugin Orange Installeur) - C:\Users\cezki\AppData\Local\Google\Chrome\User Data\Default\Extensions\flgckaanghhcpoadadiendjemegkccmf [2012-07-22] CHR Extension: (Portail Orange) - C:\Users\cezki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jafdhbipfdlldljdanpnlipdinjcjjid [2012-07-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\cezki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11] CHR Extension: (Menu Contextuel Orange) - C:\Users\cezki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkdglgjjpicgkbfdflchobhdiblbjgf [2012-07-22] CHR Extension: (Google Wallet) - C:\Users\cezki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] CHR Extension: (Gmail) - C:\Users\cezki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 CLSched; C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [118880 2006-11-28] () [File not signed] S4 CyberLink Media Library Service; C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe [1073152 2006-11-28] (Cyberlink) [File not signed] S4 FTRTSVC; C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632 2009-08-24] (France Telecom SA) [File not signed] S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) S2 CLCapSvc; "C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed] S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-10-26] (Sonic Solutions) [File not signed] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-15 14:56 - 2015-03-15 14:56 - 00017280 _____ () C:\Users\cezki\bureau\FRST.txt 2015-03-15 14:54 - 2015-03-15 14:56 - 00000000 ____D () C:\FRST 2015-03-15 14:53 - 2015-03-15 14:49 - 01135104 _____ (Farbar) C:\Users\cezki\bureau\FRST.exe 2015-03-15 14:16 - 2015-03-15 14:17 - 00005429 _____ () C:\Windows\WindowsUpdate.log 2015-03-15 00:33 - 2015-03-15 00:33 - 00000800 _____ () C:\Users\cezki\bureau\ZHP.lnk 2015-03-15 00:29 - 2015-03-15 00:29 - 00004720 _____ () C:\Users\cezki\Documents\Documents\cc_20150315_002910.reg 2015-03-15 00:15 - 2015-03-15 00:15 - 00022374 _____ () C:\Users\cezki\Documents\Documents\cc_20150315_001545.reg 2015-03-14 23:58 - 2015-03-14 23:58 - 00028905 _____ () C:\Users\cezki\bureau\ZHPDiag retest.txt 2015-03-14 23:54 - 2015-03-14 23:54 - 00028905 _____ () C:\Users\cezki\bureau\ZHPDiag.txt 2015-03-14 19:02 - 2015-03-14 19:02 - 00000000 ____D () C:\Users\cezki\bureau\desinstal SECURITOOL 2015-03-14 19:02 - 2015-03-14 19:02 - 00000000 ____D () C:\ProgramData\F-Secure-UninstallationTool 2015-03-14 16:32 - 2015-03-15 00:04 - 00001029 _____ () C:\Users\cezki\bureau\ZHPFixReport.txt 2015-03-14 16:30 - 2015-03-14 16:31 - 00000000 ____D () C:\Program Files\ZHPFix 2015-03-14 16:29 - 2015-03-14 16:27 - 03521480 _____ (Nicolas Coolman ) C:\Users\cezki\bureau\ZHPFix.exe 2015-03-14 15:34 - 2015-03-14 15:34 - 00041469 _____ () C:\Users\cezki\bureau\ZHPCleaner.txt 2015-03-14 15:16 - 2015-03-14 15:17 - 00000742 _____ () C:\Users\cezki\bureau\ZHPCleaner.lnk 2015-03-14 15:14 - 2015-03-14 15:10 - 01697792 _____ () C:\Users\cezki\bureau\ZHPCleaner.exe 2015-03-14 14:16 - 2015-03-14 13:55 - 00001992 _____ () C:\Users\cezki\bureau\AdwCleaner[S1].txt 2015-03-14 13:50 - 2015-03-14 13:45 - 06876430 _____ (Nicolas Coolman ) C:\Users\cezki\bureau\ZHPDiag2.exe 2015-03-14 13:50 - 2015-03-14 13:45 - 02171392 _____ () C:\Users\cezki\bureau\adwcleaner_4.112.exe 2015-03-11 11:15 - 2015-03-11 11:16 - 00000000 ____D () C:\Windows\system32\vbox 2015-03-11 10:57 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 10:56 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 10:56 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 10:55 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2015-03-11 10:55 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2015-03-11 10:55 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2015-03-11 10:54 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2015-03-11 10:54 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 10:54 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 10:53 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-03-11 10:52 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-03-11 10:47 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 10:47 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-03-11 10:47 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-03-11 10:46 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-03-11 10:46 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2015-03-11 10:45 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 10:45 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 10:44 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-11 10:44 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 10:44 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 10:44 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 10:44 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 10:43 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2015-03-11 10:40 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 10:40 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 10:40 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 10:39 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-03-11 10:37 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-03-11 10:37 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-03-11 10:37 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-03-11 10:37 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 10:37 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 10:37 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 10:37 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 10:36 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 10:36 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys 2015-03-11 10:31 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-03-11 10:30 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-03-11 10:28 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 10:28 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-03-11 10:28 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 10:28 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 10:28 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 10:28 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 10:28 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 10:28 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-03-11 10:28 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 10:28 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 10:28 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 10:28 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 10:28 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 10:28 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 10:28 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 10:28 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 10:28 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 10:28 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 10:28 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-03-11 10:28 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-03-11 10:28 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-03-11 10:28 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 10:34 - 2015-03-10 10:34 - 00000472 _____ () C:\Users\cezki\bureau\Connexion au réseau local - Raccourci.lnk 2015-02-27 10:26 - 2015-03-11 11:50 - 00013030 _____ () C:\PDOXUSRS.NET 2015-02-27 10:25 - 2015-03-11 11:48 - 00000000 ____D () C:\Program Files\ZebHelpProcess 2015-02-27 10:25 - 2015-02-27 10:25 - 00000000 ____D () C:\Program Files\Common Files\Borland Shared 2015-02-27 10:25 - 1999-11-12 05:11 - 00183808 _____ () C:\Windows\system32\BDEADMIN.CPL 2015-02-27 10:25 - 1999-01-20 05:01 - 00210032 _____ () C:\Windows\system32\DBCLIENT.DLL 2015-02-25 09:25 - 2015-03-14 13:55 - 00000000 ____D () C:\AdwCleaner 2015-02-23 11:42 - 2015-02-23 11:44 - 00000000 ____D () C:\OETemp 2015-02-19 19:18 - 2015-02-19 19:18 - 00001023 _____ () C:\Users\cezki\bureau\Revo Uninstaller.lnk 2015-02-19 19:18 - 2015-02-19 19:18 - 00000000 ____D () C:\Program Files\VS Revo Group ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-15 14:56 - 2007-06-15 18:10 - 00000000 ___RD () C:\Users\cezki\bureau 2015-03-15 14:37 - 2010-02-02 13:40 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-15 14:14 - 2010-02-02 13:40 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-15 14:14 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-15 14:14 - 2006-11-02 13:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-15 14:14 - 2006-11-02 13:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-15 14:13 - 2006-11-02 13:58 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-15 00:04 - 2015-01-21 21:07 - 00000000 ____D () C:\Users\cezki\AppData\Roaming\ZHP 2015-03-14 23:53 - 2015-01-21 21:17 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin 2015-03-14 23:53 - 2015-01-21 21:07 - 00000000 ____D () C:\Program Files\ZHPDiag 2015-03-14 21:38 - 2015-01-19 21:17 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-14 20:32 - 2012-06-14 18:32 - 00000000 ____D () C:\ProgramData\Apple 2015-03-14 19:53 - 2010-04-22 17:24 - 00000000 ____D () C:\ProgramData\Adobe 2015-03-14 19:53 - 2007-07-25 16:09 - 00000000 ____D () C:\Users\cezki\AppData\Local\Adobe 2015-03-14 19:53 - 2007-03-08 06:14 - 00000000 ____D () C:\Program Files\Adobe 2015-03-14 19:16 - 2007-07-02 16:01 - 00000000 ____D () C:\ProgramData\Skype 2015-03-14 19:06 - 2007-07-01 19:01 - 00000000 ____D () C:\ProgramData\F-Secure 2015-03-14 18:21 - 2011-03-26 18:28 - 00000000 ____D () C:\ProgramData\tmp 2015-03-14 18:21 - 2008-01-10 19:06 - 00000000 ____D () C:\ProgramData\TEMP 2015-03-14 18:21 - 2007-07-02 16:37 - 00000000 ____D () C:\Users\cezki\AppData\Roaming\Skype 2015-03-14 18:21 - 2007-06-15 18:30 - 00000000 ____D () C:\Users\cezki\AppData\Local\PowerCinema 2015-03-14 17:41 - 2015-02-02 21:02 - 00000000 ____D () C:\Users\cezki\AppData\Local\CrashDumps 2015-03-14 16:30 - 2015-01-21 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2015-03-14 14:02 - 2015-01-21 21:07 - 00001611 _____ () C:\Users\cezki\bureau\ZHPDiag.lnk 2015-03-14 12:18 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-03-12 23:40 - 2007-06-15 18:10 - 00000000 ____D () C:\Users\cezki 2015-03-11 13:17 - 2013-08-15 17:07 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 13:05 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2015-03-11 12:57 - 2006-11-02 11:33 - 01615574 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-11 12:05 - 2007-06-30 16:49 - 00000000 ____D () C:\Program Files\Orange 2015-03-11 11:02 - 2006-11-02 13:44 - 00331152 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 10:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fr-FR 2015-03-10 11:44 - 2010-07-15 15:12 - 00000000 ____D () C:\Users\cezki\AppData\Local\Orange 2015-02-27 09:57 - 2015-01-21 21:40 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-02-26 21:20 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-02-25 12:06 - 2007-07-01 18:59 - 00001356 _____ () C:\Users\cezki\AppData\Local\d3d9caps.dat 2015-02-25 09:25 - 2015-01-19 19:16 - 00000000 ____D () C:\Users\cezki\bureau\sala 2015-02-24 04:23 - 2009-10-03 08:26 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-23 11:29 - 2007-07-31 20:12 - 00000000 ____D () C:\Windows\Google Toolbar ==================== Files in the root of some directories ======= 2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\cezki\AppData\Roaming\ASCCJT 2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\cezki\AppData\Roaming\DEPX 2008-12-10 17:57 - 2008-12-10 17:58 - 0114414 _____ () C:\Users\cezki\AppData\Roaming\install.txt 2009-01-21 13:21 - 2009-01-21 13:21 - 0029239 _____ () C:\Users\cezki\AppData\Roaming\UserTile.png 2013-12-20 19:31 - 2014-09-23 08:37 - 0000165 _____ () C:\Users\cezki\AppData\Roaming\WB.CFG 2008-01-21 22:21 - 2013-05-06 19:07 - 0000892 _____ () C:\Users\cezki\AppData\Roaming\wklnhst.dat 2007-07-01 18:59 - 2015-02-25 12:06 - 0001356 _____ () C:\Users\cezki\AppData\Local\d3d9caps.dat 2007-06-17 20:01 - 2015-02-09 11:20 - 0090112 _____ () C:\Users\cezki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2007-10-21 09:26 - 2007-10-21 17:31 - 0002245 _____ () C:\Users\cezki\AppData\Local\fdcafdclki.dat 2007-10-23 17:44 - 2007-10-23 21:08 - 0002244 _____ () C:\Users\cezki\AppData\Local\moavxumep.dat 2007-11-08 13:52 - 2007-11-08 21:56 - 0002244 _____ () C:\Users\cezki\AppData\Local\nqxmjmham.dat 2008-03-17 18:14 - 2008-03-17 18:14 - 0000032 _____ () C:\ProgramData\ezsid.dat 2008-09-27 17:14 - 2008-09-27 17:14 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Files to move or delete: ==================== C:\ProgramData\ezsid.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 14:20 ==================== End Of Log ============================