Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2016 Exécuté par francine (administrateur) sur PC-DE-FRANCINE (28-10-2016 18:28:02) Exécuté depuis C:\Users\francine\Desktop Profils chargés: francine (Profils disponibles: francine) Platform: Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86) Langue: Français (France) Internet Explorer Version 9 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe () C:\Program Files\Acer\Empowering Technology\SysMonitor.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () C:\Program Files\Cyberlink\Shared files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-04-25] () HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor) HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated) HKLM\...\Run: [Setresolution] => C:\ACER\config\1440x900.cmd [240 2008-02-27] () HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [187152 2016-09-13] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [187152 2016-09-13] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation) HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation) HKU\S-1-5-21-3629343305-3452528987-3318794603-1000\...\Run: [tkkhh] => rundll32 HKU\S-1-5-21-3629343305-3452528987-3318794603-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3629343305-3452528987-3318794603-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_23_0_0_185_Plugin.exe [1224896 2016-10-11] (Adobe Systems Incorporated) HKU\S-1-5-21-3629343305-3452528987-3318794603-1000\...\MountPoints2: {4a032651-c52a-11de-acec-001fe2041d79} - J:\mostick.exe HKU\S-1-5-21-3629343305-3452528987-3318794603-1000\...\MountPoints2: {9f536af0-09d5-11e5-8a22-001fe2041d79} - D:\HTC_Sync_Manager_PC.exe ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-03-04] (Egis Incorporated) Startup: C:\Users\francine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - .lnk [2013-09-07] ShortcutTarget: Alertes de surveillance de l'encre - .lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240 Tcpip\..\Interfaces\{37745DC5-0243-46B0-BE5A-5ECCE988FB09}: [DhcpNameServer] 212.27.40.241 212.27.40.240 Tcpip\..\Interfaces\{597325EF-9901-4DEE-A5C7-C3AEA3E71DEF}: [DhcpNameServer] 212.27.40.241 212.27.40.240 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fr.fr.acer.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://fr.fr.acer.yahoo.com HKU\S-1-5-21-3629343305-3452528987-3318794603-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google SearchScopes: HKLM -> DefaultScope la valeur est absente SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-3629343305-3452528987-3318794603-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.fr/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3629343305-3452528987-3318794603-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.fr/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3629343305-3452528987-3318794603-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://fr.search.yahoo.com/search?p={searchTerms}&fr=chr-acer BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04] (Egis Incorporated.) Handler: avgsecuritytoolbar - Y - Pas de fichier Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\francine\AppData\Roaming\Mozilla\Firefox\Profiles\z6nr9qrz.default-1472375335728 [2016-10-28] FF NewTab: Mozilla\Firefox\Profiles\z6nr9qrz.default-1472375335728 -> Google FF DefaultSearchEngine: Mozilla\Firefox\Profiles\z6nr9qrz.default-1472375335728 -> Google FF SelectedSearchEngine: Mozilla\Firefox\Profiles\z6nr9qrz.default-1472375335728 -> Google FF Homepage: Mozilla\Firefox\Profiles\z6nr9qrz.default-1472375335728 -> Google FF Keyword.URL: Mozilla\Firefox\Profiles\z6nr9qrz.default-1472375335728 -> hxxps://www.google.com/search?q= FF SearchPlugin: C:\Users\francine\AppData\Roaming\Mozilla\Firefox\Profiles\z6nr9qrz.default-1472375335728\searchplugins\google-lavasoft.xml [2016-10-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [non signé] FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared => non trouvé(e) FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2015-04-17] [non signé] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] () FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-02] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-05] (Google) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-21] (RocketLife, LLP) FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll [Pas de fichier] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-30] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4149312 2016-10-13] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [945936 2016-09-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [605336 2016-10-13] (AVG Technologies CZ, s.r.o.) R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] () [Fichier non signé] R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-08-13] (Freemake) [Fichier non signé] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [Fichier non signé] S2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [49152 2008-02-25] (NewTech InfoSystems, Inc.) [Fichier non signé] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] () [Fichier non signé] R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [257792 2016-09-22] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [210176 2016-07-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [218880 2016-09-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.) R0 avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.) S3 fbxusb; C:\Windows\System32\DRIVERS\fbxusb32.sys [31128 2007-08-27] (FreeBox SA) S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.) [Fichier non signé] S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-09] (Malwarebytes) R2 tvicport; C:\Windows\system32\drivers\tvicport.sys [14544 2008-02-25] (EnTech Taiwan) [Fichier non signé] R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2008-02-25] (Zeal SoftStudio) [Fichier non signé] S3 catchme; \??\C:\Users\francine\AppData\Local\Temp\catchmerkyv.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-10-28 18:28 - 2016-10-28 18:31 - 00016525 _____ C:\Users\francine\Desktop\FRST.txt 2016-10-28 18:26 - 2016-10-28 18:26 - 00000000 ____D C:\Users\francine\Desktop\FRST-OlderVersion 2016-10-28 18:22 - 2016-10-28 18:22 - 00000000 ____D C:\Users\francine\Desktop\28 oct bis 2016-10-28 18:12 - 2016-10-28 18:12 - 01064100 _____ C:\Users\francine\Desktop\PC-DE-FRANCINE.txt 2016-10-28 18:11 - 2016-10-28 18:11 - 00000780 _____ C:\Users\Public\Desktop\Speccy.lnk 2016-10-28 18:08 - 2016-10-28 18:08 - 05201280 _____ (Piriform Ltd) C:\Users\francine\Desktop\spsetup129(1).exe 2016-10-28 15:58 - 2016-10-28 15:59 - 00000000 ____D C:\Users\francine\Desktop\28 oct envoyé 2016-10-27 08:31 - 2016-10-27 08:31 - 00000000 ____D C:\Users\francine\Desktop\27oct 2016-10-26 09:58 - 2016-10-27 21:24 - 00000743 _____ C:\Users\francine\Desktop\ZHPCleaner.lnk 2016-10-26 09:56 - 2016-10-26 09:55 - 02472960 _____ C:\Users\francine\Downloads\ZHPCleaner - Copie.exe 2016-10-26 09:55 - 2016-10-26 09:55 - 02472960 _____ C:\Users\francine\Desktop\ZHPCleaner.exe 2016-10-25 15:18 - 2016-10-25 15:18 - 03910208 _____ C:\Users\francine\Downloads\adwcleaner_6.030.exe 2016-10-25 14:48 - 2016-10-25 14:48 - 00001026 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2016-10-25 14:47 - 2016-10-25 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-10-25 14:47 - 2016-10-25 14:47 - 00000000 ____D C:\Program Files\VS Revo Group 2016-10-25 14:45 - 2016-10-25 14:45 - 07100088 _____ (VS Revo Group ) C:\Users\francine\Downloads\revouninstaller_2-01_fr_39528.exe 2016-10-24 17:51 - 2016-10-24 16:16 - 00000952 _____ C:\Windows\Tasks\Google Software Updater.job 2016-10-24 15:18 - 2016-10-24 15:18 - 01453048 _____ (RaMMicHaeL) C:\Users\francine\Desktop\unchecky_setup.exe 2016-10-24 11:20 - 2016-10-24 11:20 - 02424320 _____ C:\Users\francine\Desktop\ZHPDiag3.exe 2016-10-23 10:38 - 2016-10-24 09:33 - 00000000 ____D C:\Users\francine\Desktop\Anciens rapports 2016-10-21 17:59 - 2016-10-25 15:08 - 00000000 ____D C:\ProgramData\Auslogics 2016-10-21 17:59 - 2016-10-25 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2016-10-21 17:46 - 2016-10-21 17:46 - 00001638 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2016-10-21 17:46 - 2016-10-21 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2016-10-21 17:45 - 2016-10-21 17:45 - 03521617 _____ (Nicolas Coolman ) C:\Users\francine\Desktop\ZHPFix.exe 2016-10-21 15:59 - 2016-10-28 18:28 - 00000000 ____D C:\FRST 2016-10-21 15:57 - 2016-10-28 18:26 - 01757184 _____ (Farbar) C:\Users\francine\Desktop\FRST.exe 2016-10-20 19:01 - 2016-10-20 19:01 - 07900192 _____ (Auslogics Labs Pty Ltd ) C:\Users\francine\Downloads\auslogics-disk-defrag_7-0-0-0_en_26672.exe 2016-10-20 18:20 - 2016-10-20 18:21 - 00477822 _____ C:\Users\francine\Desktop\cc_20161020_182045.reg 2016-10-20 18:09 - 2016-10-20 18:09 - 00000691 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-10-20 18:08 - 2016-10-20 18:08 - 08282352 _____ (Piriform Ltd) C:\Users\francine\Downloads\ccsetup_523.exe 2016-10-20 16:38 - 2016-10-20 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-10-20 16:38 - 2016-10-20 16:38 - 00000000 ____D C:\Users\francine\Desktop\Nouveau dossier (3) 2016-10-20 12:32 - 2016-10-20 12:32 - 02418176 _____ C:\Users\francine\ZHPDiag3.exe 2016-10-19 17:44 - 2016-10-19 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-10-19 17:44 - 2016-10-19 17:44 - 00000000 ____D C:\Program Files\Speccy 2016-10-19 17:40 - 2016-10-19 17:40 - 05201280 _____ (Piriform Ltd) C:\Users\francine\Downloads\spsetup129.exe 2016-10-19 16:37 - 2016-10-19 16:37 - 01531079 _____ C:\Users\francine\Downloads\Enrichir-sa-terre_inter-jardiniers.pdf 2016-10-18 18:33 - 2016-10-18 18:33 - 00000000 ____D C:\Users\francine\AppData\Roaming\AVG 2016-10-18 18:31 - 2016-10-18 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-10-18 18:29 - 2016-10-18 18:29 - 00000000 ___HD C:\$AVG 2016-10-18 18:22 - 2016-10-28 08:25 - 00000000 ____D C:\ProgramData\MFAData 2016-10-18 18:22 - 2016-10-18 18:22 - 00000000 ____D C:\Users\francine\AppData\Local\MFAData 2016-10-18 18:16 - 2016-10-18 18:16 - 00000735 _____ C:\Users\Public\Desktop\AVG.lnk 2016-10-18 18:16 - 2016-10-18 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-10-18 18:14 - 2016-10-18 18:24 - 00000000 ____D C:\Program Files\AVG 2016-10-18 18:10 - 2016-10-18 18:33 - 00000000 ____D C:\Users\francine\AppData\Local\Avg 2016-10-18 18:10 - 2016-10-18 18:29 - 00000000 ____D C:\ProgramData\Avg 2016-10-18 18:10 - 2016-10-18 18:21 - 00000000 ____D C:\Users\francine\AppData\Local\AvgSetupLog 2016-10-18 16:48 - 2016-10-21 17:46 - 00000000 ____D C:\Program Files\ZHPFix 2016-10-17 14:44 - 2016-10-17 14:45 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\francine\Downloads\avira_fr_av_5804e3ce0ddb6__ws.exe 2016-10-17 12:15 - 2016-10-17 12:15 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\francine\Downloads\AVG_Protection_Free_1597.exe 2016-10-17 10:38 - 2016-10-17 10:38 - 07301864 _____ C:\Users\francine\Downloads\Startups-vf(1).chm 2016-10-13 23:26 - 2016-10-13 23:26 - 00000000 ____D C:\Users\francine\Desktop\Anciennes données de Firefox 2016-10-13 15:20 - 2016-10-13 15:23 - 00123075 _____ C:\Users\francine\Downloads\desinstaller-ask-toolbar-25714-odr5oh.pdf 2016-10-12 13:28 - 2016-10-28 12:55 - 00000000 ____D C:\Users\francine\AppData\Roaming\ZHP 2016-10-12 11:39 - 2016-10-12 11:39 - 01270466 _____ C:\Users\francine\Downloads\ProcessExplorer.zip 2016-10-11 16:21 - 2016-10-11 16:21 - 00000856 _____ C:\Users\francine\AppData\Local\recently-used.xbel 2016-10-10 16:42 - 2009-06-17 15:26 - 00828928 _____ (Neuber Software) C:\Users\francine\Downloads\svchostviewer.exe 2016-10-09 19:14 - 2016-10-09 19:14 - 07272464 _____ C:\Users\francine\Downloads\Startups-vf.chm 2016-10-03 14:03 - 2016-10-03 14:03 - 00358794 _____ C:\Users\francine\Downloads\Ivanhov Mikhaël - Le devoir d'être heureux.pdf 2016-09-28 18:19 - 2016-09-28 18:19 - 00345925 _____ C:\Users\francine\Downloads\Napoleon Hill les lois du succès.La Règled'or.pdf 2016-09-28 14:23 - 2016-09-28 14:24 - 00000000 ____D C:\Program Files\QuickTime(2) 2016-09-28 14:10 - 2016-09-28 14:10 - 00001830 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-09-28 14:10 - 2016-09-28 14:10 - 00000000 ____D C:\Program Files\Apple Software Update ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2099-07-22 10:17 - 2009-01-19 11:50 - 00524288 ___SH C:\Users\Public\NTUSER.DAT{6b82c917-e60c-11dd-bfd9-001fe2041d79}.TMContainer00000000000000000001.regtrans-ms 2099-07-22 10:17 - 2009-01-19 11:50 - 00065536 ___SH C:\Users\Public\NTUSER.DAT{6b82c917-e60c-11dd-bfd9-001fe2041d79}.TM.blf 2099-07-22 10:17 - 2008-10-25 14:06 - 00262144 _____ C:\Users\Public\NTUSER.DAT 2099-07-22 10:17 - 2008-10-25 14:06 - 00005120 ____H C:\Users\Public\NTUSER.DAT.LOG1 2016-10-28 18:16 - 2006-11-02 14:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-28 18:16 - 2006-11-02 14:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-28 18:12 - 2010-02-20 16:43 - 00002687 _____ C:\Users\francine\Desktop\Word.lnk 2016-10-28 13:46 - 2009-12-03 21:49 - 00000000 ____D C:\Users\francine\AppData\Local\Paint.NET 2016-10-27 20:16 - 2008-07-07 11:14 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml 2016-10-27 20:16 - 2006-11-02 14:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-27 19:07 - 2006-11-02 14:58 - 00032502 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-10-27 18:28 - 2013-11-06 11:47 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-10-27 18:28 - 2012-05-03 09:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-10-27 15:31 - 2012-10-25 21:24 - 00000000 ____D C:\Users\francine\Pictures PC 2016-10-25 17:22 - 2014-04-04 18:52 - 00000000 ____D C:\AdwCleaner 2016-10-24 20:33 - 2008-10-08 11:20 - 00000000 ____D C:\Users\francine 2016-10-24 20:33 - 2008-03-16 16:03 - 00000000 ____D C:\ACER 2016-10-24 20:33 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool 2016-10-24 20:33 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc 2016-10-24 20:33 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration 2016-10-24 20:33 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf 2016-10-24 20:33 - 2006-11-02 12:22 - 63700992 _____ C:\Windows\system32\config\software_previous 2016-10-24 20:33 - 2006-11-02 12:22 - 25165824 _____ C:\Windows\system32\config\system_previous 2016-10-24 20:31 - 2006-11-02 12:22 - 49020928 _____ C:\Windows\system32\config\components_previous 2016-10-24 20:31 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous 2016-10-24 10:26 - 2006-11-02 12:22 - 00524288 _____ C:\Windows\system32\config\default_previous 2016-10-24 10:26 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous 2016-10-23 17:36 - 2009-08-15 11:29 - 00000000 ____D C:\Users\francine\AppData\Roaming\Media Player Classic 2016-10-20 19:27 - 2010-05-26 16:59 - 00000000 ____D C:\Users\francine\AppData\Roaming\PhotoScape 2016-10-20 19:20 - 2012-09-08 19:19 - 00007168 ____H C:\Users\francine\photothumb.db 2016-10-20 12:12 - 2008-01-21 09:24 - 01615904 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-20 12:12 - 2008-01-21 09:23 - 00722238 _____ C:\Windows\system32\perfh00C.dat 2016-10-20 12:12 - 2008-01-21 09:23 - 00146072 _____ C:\Windows\system32\perfc00C.dat 2016-10-18 18:09 - 2014-08-20 18:29 - 00000000 ____D C:\ProgramData\Package Cache 2016-10-17 16:00 - 2015-04-24 08:51 - 00000000 ____D C:\Users\francine\Desktop\MATTHIEU 2016-10-17 09:28 - 2008-10-08 12:42 - 00157184 _____ C:\Users\francine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-10-16 20:29 - 2016-02-07 11:41 - 00000000 ____D C:\Users\francine\{afdb3f64-63d7-442b-b3d0-7e1dcc4623b4} 2016-10-16 20:29 - 2015-09-25 13:05 - 00000000 ____D C:\Users\francine\AppData\Roaming\vlc 2016-10-16 20:29 - 2015-08-27 20:49 - 00000000 ____D C:\Users\francine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Toolbox 2016-10-16 20:29 - 2015-08-21 15:22 - 00000000 ____D C:\Users\francine\Downloads\logiciels 2016-10-16 20:29 - 2015-08-21 15:14 - 00000000 ____D C:\Users\francine\Downloads\AVG ET logiciels nettoyage 2016-10-16 20:29 - 2015-07-18 12:48 - 00000000 ____D C:\Users\francine\Downloads\ancien 2016-10-16 20:29 - 2013-12-01 18:21 - 00000000 ____D C:\Users\francine\AppData\Roaming\PhotoFiltre 7 2016-10-16 20:29 - 2013-09-12 15:44 - 00000000 ____D C:\Users\francine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-10-16 20:29 - 2012-06-02 21:20 - 00000000 ____D C:\Users\francine\AppData\Roaming\Audacity 2016-10-16 20:29 - 2011-01-18 19:07 - 00000000 ____D C:\Users\francine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D 2016-10-16 20:29 - 2010-10-25 14:31 - 00000000 ____D C:\Users\francine\AppData\Roaming\PhotoFiltre 2016-10-16 20:29 - 2010-01-09 16:18 - 00000000 ____D C:\Users\francine\AppData\Roaming\mp3keyshifter 2016-10-16 20:29 - 2009-10-08 15:56 - 00000000 ____D C:\Users\francine\AppData\Roaming\Thunderbird 2016-10-16 20:29 - 2009-08-05 18:57 - 00000000 ____D C:\Users\francine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2016-10-16 20:29 - 2009-02-04 13:53 - 00000000 ____D C:\Users\francine\AppData\Roaming\OpenAlchemist 2016-10-16 20:29 - 2008-12-25 17:03 - 00000000 ____D C:\Users\francine\Desktop\PhotoScape 2016-10-16 20:29 - 2008-11-10 20:24 - 00000000 ____D C:\Users\francine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jeux 2016-10-16 20:29 - 2008-10-08 14:12 - 00000000 ____D C:\Users\francine\AppData\Local\Microsoft Help 2016-10-16 20:29 - 2008-10-08 11:20 - 00000000 ____D C:\Users\francine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 2016-10-13 16:40 - 2008-03-16 23:44 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-11 17:10 - 2011-07-14 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDLL 2016-10-11 16:21 - 2012-06-01 00:08 - 00000000 ____D C:\Users\francine\.gimp-2.8 2016-10-11 16:18 - 2009-07-28 16:32 - 00000000 ____D C:\Program Files\Garmin 2016-10-11 08:49 - 2012-04-12 09:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-10-11 08:49 - 2012-03-14 12:16 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-10-10 10:21 - 2008-01-21 04:43 - 00000000 ____D C:\PerfLogs 2016-10-09 20:26 - 2016-08-31 20:50 - 00000000 ____D C:\Users\francine\Downloads\DIVERS 2016-10-09 17:52 - 2012-01-06 15:00 - 00745254 _____ C:\Users\francine\AppData\Local\census.cache 2016-10-09 17:52 - 2012-01-06 14:59 - 00209407 _____ C:\Users\francine\AppData\Local\ars.cache 2016-10-09 15:55 - 2015-10-22 20:29 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-10-05 14:45 - 2015-08-26 15:28 - 00000000 ____D C:\Mes documents 2016-09-30 10:43 - 2015-06-26 21:35 - 00000000 ____D C:\Users\francine\dwhelper 2016-09-29 12:53 - 2011-12-04 12:45 - 00000000 ____D C:\MP Navigator ==================== Fichiers à la racine de certains dossiers ======= 2013-12-26 11:51 - 2014-12-16 10:35 - 0000081 _____ () C:\Users\francine\AppData\Roaming\Camdata.ini 2013-12-26 11:51 - 2014-12-16 10:35 - 0000408 _____ () C:\Users\francine\AppData\Roaming\CamLayout.ini 2013-12-26 11:51 - 2014-12-16 10:35 - 0000408 _____ () C:\Users\francine\AppData\Roaming\CamShapes.ini 2013-12-26 11:51 - 2014-12-16 10:34 - 0004416 _____ () C:\Users\francine\AppData\Roaming\CamStudio.cfg 2016-10-14 11:38 - 2016-10-14 11:51 - 0000115 _____ () C:\Users\francine\AppData\Roaming\LogFile.txt 2009-02-06 15:46 - 2010-11-16 10:05 - 0079693 _____ () C:\Users\francine\AppData\Roaming\UserTile.png 2010-01-19 20:06 - 2010-01-19 22:23 - 0001028 _____ () C:\Users\francine\AppData\Roaming\WavCodec.wff 2013-07-01 10:28 - 2013-07-01 10:28 - 0000005 _____ () C:\Users\francine\AppData\Roaming\WBPU-TTL.DAT 2008-10-08 11:53 - 2016-04-11 09:22 - 0000780 _____ () C:\Users\francine\AppData\Roaming\wklnhst.dat 2012-01-06 14:59 - 2016-10-09 17:52 - 0209407 _____ () C:\Users\francine\AppData\Local\ars.cache 2012-01-06 15:00 - 2016-10-09 17:52 - 0745254 _____ () C:\Users\francine\AppData\Local\census.cache 2009-04-23 09:44 - 2010-09-29 12:33 - 0000680 _____ () C:\Users\francine\AppData\Local\d3d9caps.dat 2008-10-08 12:42 - 2016-10-17 09:28 - 0157184 _____ () C:\Users\francine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-06 14:41 - 2012-01-06 14:41 - 0000036 _____ () C:\Users\francine\AppData\Local\housecall.guid.cache 2010-12-23 18:54 - 2010-12-23 18:54 - 0004096 ____H () C:\Users\francine\AppData\Local\keyfile3.drm 2016-10-11 16:21 - 2016-10-11 16:21 - 0000856 _____ () C:\Users\francine\AppData\Local\recently-used.xbel 2012-07-08 14:51 - 2012-07-08 14:51 - 0000057 _____ () C:\ProgramData\Ament.ini Fichiers à déplacer ou supprimer: ==================== C:\Users\francine\ZHPDiag3.exe Certains fichiers dans TEMP: ==================== C:\Users\francine\AppData\Local\Temp\libeay32.dll C:\Users\francine\AppData\Local\Temp\msvcr120.dll C:\Users\francine\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2016-10-28 08:28 ==================== Fin de FRST.txt ============================