Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016 Exécuté par yas (administrateur) sur MAROC-PC (15-02-2016 11:26:07) Exécuté depuis C:\Users\yas.yas-PC\Desktop Profils chargés: yas (Profils disponibles: yas) Platform: Microsoft Windows 7 Édition Intégrale (X86) Langue: Français (France) Internet Explorer Version 9 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\ProgramData\Internet Mobile\OnlineUpdate\ouc.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Murray Hurps Software Pty Ltd) C:\Program Files\Ad Muncher\AdMunch.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe () C:\Program Files\Aiseesoft Studio\FoneLab\AppService.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Facebook Inc.) C:\Users\yas.yas-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.213.6186.0.exe (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2010-12-23] (Intel(R) Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Ad Muncher] => C:\Program Files\Ad Muncher\AdMunch.exe [595144 2014-07-29] (Murray Hurps Software Pty Ltd) HKLM\...\Run: [FoneLabAppService] => C:\Program Files\Aiseesoft Studio\FoneLab\AppService.exe [78472 2014-09-30] () HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.) HKLM\...\Run: [pcmgr] => C:\Program Files\ppt\Uninst.exe [1571296 2015-12-28] (Tencent) HKLM\...\Run: [setup] => C:\Users\YAS~1.YAS\AppData\Local\Temp\setup.exe /start <===== ATTENTION HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\Run: [Facebook Update] => C:\Users\yas.yas-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-19] (Facebook Inc.) HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\Run: [AvgUpdater0814tb] => C:\ProgramData\Avg_Update_0814tb\0814tb_{5BC5BD0D-F377-42CA-80D0-D6A9F61518DF}.exe /SETINFO /CMPID=0814tb /INFORETRY=-139 HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\MountPoints2: {0457a03f-fb10-11e2-bedc-e006e6da5e9e} - F:\AutoRun.exe HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\MountPoints2: {0457a04c-fb10-11e2-bedc-e006e6da5e9e} - F:\AutoRun.exe HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\MountPoints2: {1b23a89f-7a27-11e4-ad3f-e006e6da5e9e} - F:\setup.exe HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\MountPoints2: {9f0baac5-fb1f-11e2-bef1-e006e6da5e9e} - F:\AutoRun.exe HKU\S-1-5-21-867478414-427001765-3327074332-1000\...\MountPoints2: {c5e6643f-0151-11e3-bf3d-e006e6da5e9e} - F:\AutoRun.exe ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Hosts: 127.0.0.1 gs.apple.com #iHelper Added. Tcpip\Parameters: [DhcpNameServer] 212.76.224.172 89.2.0.1 89.2.0.2 Tcpip\..\Interfaces\{26D49D06-E01A-4336-8845-97982E8A94C5}: [DhcpNameServer] 212.76.224.172 89.2.0.1 89.2.0.2 Tcpip\..\Interfaces\{4DB1CFE0-A200-4E47-83ED-E379C7F97DE8}: [NameServer] 212.217.0.1 212.217.1.1 Tcpip\..\Interfaces\{A9A53FA1-83AC-42F9-9C47-73C55BB21731}: [DhcpNameServer] 212.76.224.172 89.2.0.1 89.2.0.2 Tcpip\..\Interfaces\{DD3F47CC-BBC8-4345-BF07-F18F7875B381}: [NameServer] 212.217.0.1 212.217.1.1 Tcpip\..\Interfaces\{F483F383-6D5D-494C-851D-2DFE602D56E0}: [NameServer] 212.217.0.1 212.217.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99136537_hao_pg HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-867478414-427001765-3327074332-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99136537_hao_pg SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-867478414-427001765-3327074332-1000 -> DefaultScope {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=98012088_5_dg&ch=11 SearchScopes: HKU\S-1-5-21-867478414-427001765-3327074332-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-02-03&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKU\S-1-5-21-867478414-427001765-3327074332-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-867478414-427001765-3327074332-1000 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=98012088_5_dg&ch=11 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Pas de fichier] FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Pas de fichier] FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation) FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin HKU\S-1-5-21-867478414-427001765-3327074332-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\yas.yas-PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) Chrome: ======= CHR Profile: C:\Users\yas.yas-PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adblock Plus) - C:\Users\yas.yas-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-14] CHR Extension: (AdBlock) - C:\Users\yas.yas-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-14] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\yas.yas-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-25] ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation) R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-14] (Foxit Software Inc.) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1894224 2014-11-03] (LogMeIn Inc.) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 Internet Mobile. RunOuc; C:\Program Files\Internet Mobile\UpdateDog\ouc.exe [655712 2013-08-02] () R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-10-21] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-09-21] (Microsoft Corporation) [Fichier non signé] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [577536 2010-12-23] (Intel(R) Corporation) [Fichier non signé] ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-12-03] (Disc Soft Ltd) R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [584872 2013-06-26] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [197800 2013-06-26] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [24232 2013-06-26] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [20136 2013-06-26] (Microsoft Corporation) S3 USB_FPRd; C:\Windows\System32\Drivers\UT_FPRd.sys [16128 2007-02-13] (USBest Corporation) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-11-12] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-11-12] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-11-12] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-11-12] (Microsoft Corporation) S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X] S3 catchme; \??\C:\Users\YAS~1.YAS\AppData\Local\Temp\catchme.sys [X] R1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\11.3.17207.222\QMUdisk.sys [X] R1 softaal; \??\C:\Program Files\Tencent\QQPCMgr\11.3.17207.222\softaal.sys [X] R4 TAOKernelDriver; \??\C:\Windows\system32\Drivers\TAOKernel.sys [X] R4 TsFltMgr; System32\drivers\TsFltMgr.sys [X] R2 tsnethlp; \??\C:\Program Files\Tencent\QQPCMgr\11.3.17207.222\TsNetHlp.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-02-15 11:26 - 2016-02-15 11:27 - 00016291 _____ C:\Users\yas.yas-PC\Desktop\FRST.txt 2016-02-14 21:24 - 2016-02-15 11:26 - 00000000 ____D C:\FRST 2016-02-14 21:23 - 2016-02-14 21:23 - 01721344 _____ (Farbar) C:\Users\yas.yas-PC\Desktop\FRST.exe 2016-02-14 21:21 - 2016-02-14 21:21 - 01721344 _____ (Farbar) C:\Users\yas.yas-PC\Downloads\BA21.tmp 2016-02-10 11:28 - 2016-01-12 18:22 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-02-10 11:28 - 2016-01-12 18:19 - 01198592 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-02-10 11:28 - 2016-01-12 18:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-02-10 11:28 - 2016-01-12 18:19 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-02-10 11:28 - 2016-01-12 18:19 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-02-10 11:28 - 2016-01-12 18:19 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-02-10 11:28 - 2016-01-12 18:16 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-02-03 01:44 - 2016-02-03 01:44 - 00141736 _____ (Rentabiliweb) C:\Users\yas.yas-PC\Downloads\Setupplansq (3).exe 2016-02-02 16:07 - 2016-02-02 16:07 - 00141736 _____ (Rentabiliweb) C:\Users\yas.yas-PC\Downloads\Setupplansq (2).exe 2016-02-02 16:06 - 2016-02-02 16:06 - 00141736 _____ (Rentabiliweb) C:\Users\yas.yas-PC\Downloads\Setupplansq (1).exe 2016-02-02 15:48 - 2016-02-02 15:48 - 00152358 _____ C:\Users\yas.yas-PC\Desktop\image1.jpeg 2016-02-02 15:35 - 2016-02-03 12:22 - 00000000 ____D C:\Users\yas.yas-PC\AppData\Local\plansq 2016-02-02 15:35 - 2016-02-02 15:35 - 00141736 _____ (Rentabiliweb) C:\Users\yas.yas-PC\Downloads\Setupplansq.exe 2016-01-29 07:54 - 2016-01-29 07:54 - 00155472 _____ C:\Windows\Minidump\012916-39873-01.dmp 2016-01-29 07:36 - 2016-01-29 07:36 - 00001795 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2016-01-29 07:36 - 2016-01-29 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2016-01-29 07:35 - 2016-01-29 07:38 - 00000000 ____D C:\Program Files\ZHPFix 2016-01-29 07:34 - 2016-01-29 07:35 - 03521617 _____ (Nicolas Coolman ) C:\Users\yas.yas-PC\Downloads\ZHPFix.exe 2016-01-25 22:07 - 2016-02-02 06:22 - 02105344 _____ C:\Users\yas.yas-PC\ZHPDiag3.exe 2016-01-25 21:57 - 2016-01-25 21:57 - 00001022 _____ C:\anti-malware-fichier-analyse.txt 2016-01-25 21:15 - 2016-01-25 21:15 - 00000000 ____D C:\Users\yas.yas-PC\AppData\LocalLow\TENCENT 2016-01-25 21:00 - 2016-01-25 21:54 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-25 21:00 - 2016-01-25 21:49 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-25 21:00 - 2016-01-25 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-01-25 20:59 - 2016-01-25 21:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-01-25 20:59 - 2016-01-25 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-25 20:59 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-01-25 20:59 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-01-25 20:59 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-01-25 20:54 - 2016-01-25 20:58 - 22908888 _____ (Malwarebytes ) C:\Users\yas.yas-PC\Downloads\mbam-setup-2.2.0.1024.exe 2016-01-25 20:52 - 2016-02-14 22:34 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys 2016-01-25 20:52 - 2016-01-25 21:08 - 00000000 ____D C:\Program Files\Common Files\Tencent 2016-01-25 20:49 - 2016-01-25 20:49 - 00000000 ____D C:\ProgramData\TXQMPC 2016-01-25 20:37 - 2016-01-25 20:46 - 00000000 ____D C:\AdwCleaner 2016-01-25 20:35 - 2016-01-25 20:35 - 01507840 _____ C:\Users\yas.yas-PC\Downloads\adwcleaner_5.031.exe 2016-01-25 20:20 - 2016-01-25 20:20 - 00087154 _____ C:\Users\yas.yas-PC\Desktop\ZHPCleaner.txt 2016-01-25 19:36 - 2016-01-25 22:23 - 00000835 _____ C:\Users\yas.yas-PC\Desktop\ZHPCleaner.lnk 2016-01-25 19:35 - 2016-01-25 19:36 - 02019840 _____ C:\Users\yas.yas-PC\Downloads\ZHPCleaner.exe 2016-01-24 23:01 - 2016-01-28 08:24 - 00000564 _____ C:\Users\yas.yas-PC\Desktop\ZHPDiag.txt.lnk 2016-01-24 22:56 - 2016-02-02 06:29 - 00097174 _____ C:\Users\yas.yas-PC\Desktop\ZHPDiag.txt 2016-01-24 22:34 - 2016-01-24 22:34 - 00005120 _____ C:\Users\yas.yas-PC\AppData\Roaming\GiftBag.db 2016-01-24 22:17 - 2016-02-02 06:24 - 00000000 ____D C:\Users\yas.yas-PC\AppData\Roaming\ZHP 2016-01-24 22:17 - 2016-02-02 06:22 - 00000825 _____ C:\Users\yas.yas-PC\Desktop\ZHPDiag.lnk 2016-01-24 22:17 - 2016-01-24 22:17 - 02088960 _____ C:\Users\yas.yas-PC\Downloads\ZHPDiag3.exe 2016-01-22 02:35 - 2016-01-25 21:50 - 00001429 _____ C:\Users\yas.yas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-22 02:29 - 2015-12-28 16:38 - 00074040 ____N (电脑管家) C:\Windows\system32\TSSK.sys 2016-01-22 02:27 - 2016-01-25 22:04 - 00000000 ____D C:\Users\yas.yas-PC\AppData\Roaming\Tencent 2016-01-22 02:27 - 2016-01-25 22:04 - 00000000 ____D C:\ProgramData\Tencent 2016-01-22 02:27 - 2016-01-22 02:27 - 00000000 ____D C:\Program Files\Tencent 2016-01-22 02:25 - 2016-01-22 02:25 - 00000000 ____D C:\Program Files\t_201601220225 2016-01-22 02:24 - 2016-01-22 02:24 - 00000000 ____D C:\Users\yas.yas-PC\Angelina Black (Velvet touch 12.03.11)SD 2016-01-22 02:24 - 2016-01-22 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÃÀͼä¯ÀÀ 2016-01-22 02:22 - 2016-01-25 21:43 - 00000000 ____D C:\Program Files\ppt 2016-01-22 02:22 - 2016-01-22 02:22 - 00000000 ____D C:\ProgramData\kingsoft 2016-01-22 02:17 - 2016-01-22 02:18 - 01047526 _____ C:\Users\yas.yas-PC\Downloads\IEvade Activator Downloader.rar 2016-01-19 18:09 - 2016-01-19 18:11 - 00000000 ____D C:\Users\yas.yas-PC\Desktop\cd 012016 ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-02-15 11:14 - 2013-07-19 03:48 - 00000912 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-867478414-427001765-3327074332-1000Core.job 2016-02-15 11:14 - 2013-07-07 22:58 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-15 00:42 - 2013-07-07 22:58 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-14 22:41 - 2009-07-14 05:34 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-14 22:41 - 2009-07-14 05:34 - 00013952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-14 22:34 - 2013-07-07 04:49 - 00000000 ___HD C:\Windows\system32\WLANProfiles 2016-02-14 22:33 - 2014-12-03 00:34 - 00000000 ____D C:\Users\yas.yas-PC\AppData\Local\LogMeIn Hamachi 2016-02-14 22:33 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-12 07:33 - 2013-07-13 02:35 - 00000000 ____D C:\Windows\system32\MRT 2016-02-12 07:24 - 2014-12-11 04:46 - 00000000 ____D C:\Windows\system32\appraiser 2016-02-12 07:24 - 2014-07-29 02:10 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-02-12 07:24 - 2009-11-12 00:39 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-02-11 07:01 - 2013-07-07 22:59 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-11 07:01 - 2013-07-07 22:59 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-02-07 23:05 - 2013-12-22 12:25 - 00000000 ____D C:\Users\yas.yas-PC\Desktop\PHOTO 2016-02-02 06:22 - 2013-07-07 02:50 - 00000000 ____D C:\Users\yas.yas-PC 2016-02-01 10:17 - 2015-01-17 12:26 - 00000000 ____D C:\Users\yas.yas-PC\AppData\Local\HP 2016-02-01 00:58 - 2014-09-09 09:00 - 00000000 ____D C:\ProgramData\Avg_Update_0814tb 2016-01-31 22:13 - 2015-04-06 14:45 - 00000000 ____D C:\Users\yas.yas-PC\Desktop\b 2016-01-29 07:54 - 2014-01-10 13:17 - 450177883 _____ C:\Windows\MEMORY.DMP 2016-01-29 07:54 - 2014-01-10 13:17 - 00000000 ____D C:\Windows\Minidump 2016-01-25 21:51 - 2015-01-17 12:46 - 00001153 _____ C:\Users\Public\Desktop\Achat de consommables - HP Deskjet 2540 series.lnk 2016-01-25 21:51 - 2014-12-03 00:17 - 00000816 _____ C:\Users\Public\Desktop\Age of Empires II HD.lnk 2016-01-25 21:51 - 2013-07-07 11:15 - 00000959 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-01-25 21:50 - 2015-06-13 07:21 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2016-01-25 21:50 - 2014-12-03 00:17 - 00000834 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires II HD.lnk 2016-01-25 21:50 - 2014-08-29 22:15 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-01-25 21:50 - 2013-07-07 10:45 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2016-01-25 21:50 - 2013-07-07 00:48 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-01-25 21:50 - 2013-07-07 00:48 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-01-25 21:50 - 2009-07-14 05:46 - 00001491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-01-25 21:50 - 2009-07-14 05:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-01-25 21:50 - 2009-07-14 05:42 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-01-25 21:50 - 2009-07-14 05:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-01-25 21:50 - 2009-07-14 05:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-01-25 21:50 - 2009-07-14 05:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-01-25 21:49 - 2015-09-16 00:07 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-01-25 21:49 - 2015-01-17 12:48 - 00001949 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk 2016-01-25 21:49 - 2015-01-17 12:46 - 00002170 _____ C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk 2016-01-25 21:49 - 2014-12-21 12:59 - 00001156 _____ C:\Users\yas.yas-PC\Desktop\lettre de motivation.docx.lnk 2016-01-25 21:49 - 2014-12-05 01:30 - 00000397 _____ C:\Users\yas.yas-PC\Desktop\Lecteur de CD - Raccourci.lnk 2016-01-25 21:49 - 2014-12-03 00:32 - 00000896 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2016-01-25 21:49 - 2014-12-03 00:04 - 00001896 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2016-01-25 21:49 - 2014-11-27 16:44 - 00001120 _____ C:\Users\yas.yas-PC\Desktop\curiculum vitae.lnk 2016-01-25 21:49 - 2014-11-18 04:31 - 00002024 _____ C:\Users\Public\Desktop\FoneLab.lnk 2016-01-25 21:49 - 2014-10-21 04:19 - 00001064 _____ C:\Users\Public\Desktop\Picasa 3.lnk 2016-01-25 21:49 - 2014-07-29 02:55 - 00001126 _____ C:\Users\yas.yas-PC\Desktop\Nero Burning ROM.lnk 2016-01-25 21:49 - 2014-07-29 02:33 - 00002785 _____ C:\Users\Public\Desktop\Nero Video 12.lnk 2016-01-25 21:49 - 2014-07-29 02:32 - 00002889 _____ C:\Users\Public\Desktop\Nero Recode 12.lnk 2016-01-25 21:49 - 2014-07-29 02:31 - 00002055 _____ C:\Users\Public\Desktop\Nero Kwik Media.lnk 2016-01-25 21:49 - 2014-07-29 02:30 - 00002771 _____ C:\Users\Public\Desktop\Nero BackItUp 12.lnk 2016-01-25 21:49 - 2014-07-29 02:29 - 00002857 _____ C:\Users\Public\Desktop\Nero 12.lnk 2016-01-25 21:49 - 2014-07-29 02:29 - 00002831 _____ C:\Users\Public\Desktop\Nero Burning ROM 12.lnk 2016-01-25 21:49 - 2014-06-18 00:01 - 00002122 _____ C:\Users\yas.yas-PC\Desktop\FLV Player.lnk 2016-01-25 21:49 - 2013-08-20 17:47 - 00002178 _____ C:\Users\yas.yas-PC\Desktop\Microsoft Age of Empires II Trial.lnk 2016-01-25 21:49 - 2013-08-18 22:56 - 00000944 _____ C:\Users\Public\Desktop\PPÖúÊÖ.lnk 2016-01-25 21:49 - 2013-08-02 02:10 - 00001049 _____ C:\Users\Public\Desktop\Internet Mobile.lnk 2016-01-25 21:49 - 2013-07-07 09:47 - 00001734 _____ C:\Users\Public\Desktop\Choix de navigateur .lnk 2016-01-25 21:49 - 2013-07-07 02:51 - 00001399 _____ C:\Users\yas.yas-PC\Desktop\Internet Explorer.lnk 2016-01-25 21:47 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-01-25 21:45 - 2015-09-16 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-01-25 21:45 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-01-24 22:01 - 2014-02-03 06:20 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection 2016-01-22 02:36 - 2013-07-07 10:47 - 00112224 _____ C:\Users\yas.yas-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-22 02:35 - 2013-07-07 02:51 - 00000000 ___RD C:\Users\yas.yas-PC\Virtual Machines 2016-01-22 02:33 - 2009-07-14 05:33 - 00434464 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-22 02:22 - 2014-07-29 02:54 - 00000000 ____D C:\Users\yas.yas-PC\Desktop\Patch ==================== Fichiers à la racine de certains dossiers ======= 2013-12-04 07:16 - 2013-12-04 07:16 - 4216840 _____ (Microsoft Corporation) C:\Program Files\Common Files\vcredist.exe 2016-01-24 22:34 - 2016-01-24 22:34 - 0005120 _____ () C:\Users\yas.yas-PC\AppData\Roaming\GiftBag.db 2013-12-19 03:29 - 2014-01-27 00:32 - 0000118 _____ () C:\Users\yas.yas-PC\AppData\Roaming\WB.CFG 2015-12-21 21:45 - 2015-12-21 21:45 - 0000000 ____H () C:\Users\yas.yas-PC\AppData\Local\BIT4293.tmp 2015-12-21 21:44 - 2015-12-21 21:44 - 0000000 _____ () C:\Users\yas.yas-PC\AppData\Local\{A1FE73AC-38FF-4E37-8D24-4C1ACC9E1166} 2015-03-13 08:19 - 2015-03-13 08:20 - 0000000 _____ () C:\Users\yas.yas-PC\AppData\Local\{D3DC73D7-6E8B-4DE3-B5E8-8B1E17F7D44B} 2013-11-06 02:48 - 2014-05-02 00:49 - 0000041 ___SH () C:\ProgramData\.zreglib 2015-01-17 12:45 - 2015-01-17 12:45 - 0000057 _____ () C:\ProgramData\Ament.ini Fichiers à déplacer ou supprimer: ==================== C:\Users\yas.yas-PC\ZHPDiag3.exe Certains fichiers dans TEMP: ==================== C:\Users\yas.yas-PC\AppData\Local\Temp\YesMessenger-full-installer-sign.exe ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2015-10-12 22:24 ==================== Fin de FRST.txt ============================