cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 16-04-29.01 - MOHAMED 09/05/2016 18:02:53.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3062.2053 [GMT 0:00]
Lancé depuis: c:\users\MOHAMED\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.375.1 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET Smart Security 9.0.375.1 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\programdata\Roaming
c:\windows\system32\drivers\etc\hosts.ics
d:\images\_PAlbTN
d:\images\_PAlbTN\170x128\02042015193.jpg_170x128
d:\images\_PAlbTN\170x128\02042015194.jpg_170x128
d:\images\_PAlbTN\170x128\02042015195.jpg_170x128
d:\images\_PAlbTN\170x128\02042015196.jpg_170x128
d:\images\_PAlbTN\170x128\04042015197.jpg_170x128
d:\images\_PAlbTN\170x128\05072015288.jpg_170x128
d:\images\_PAlbTN\170x128\05072015289.jpg_170x128
d:\images\_PAlbTN\170x128\05072015290.jpg_170x128
d:\images\_PAlbTN\170x128\07082014044.jpg_170x128
d:\images\_PAlbTN\170x128\07082014045.jpg_170x128
d:\images\_PAlbTN\170x128\07082014046.jpg_170x128
d:\images\_PAlbTN\170x128\07082014047.jpg_170x128
d:\images\_PAlbTN\170x128\07082014053.jpg_170x128
d:\images\_PAlbTN\170x128\09102014050.jpg_170x128
d:\images\_PAlbTN\170x128\10072015291.jpg_170x128
d:\images\_PAlbTN\170x128\10995678_1402315993410463_7744667881531921448_n.jpg_170x128
d:\images\_PAlbTN\170x128\11025179_580069218795498_7797086510287924085_n.jpg_170x128
d:\images\_PAlbTN\170x128\13042015199.jpg_170x128
d:\images\_PAlbTN\170x128\13042015200.jpg_170x128
d:\images\_PAlbTN\170x128\13042015201.jpg_170x128
d:\images\_PAlbTN\170x128\13072015293.jpg_170x128
d:\images\_PAlbTN\170x128\1545156_1561735094038958_3673163670034113791_n.jpg_170x128
d:\images\_PAlbTN\170x128\1625570_593317150757963_533724629_n.jpg_170x128
d:\images\_PAlbTN\170x128\17281_1570920919857821_2858457485004320704_n.jpg_170x128
d:\images\_PAlbTN\170x128\20032015186.jpg_170x128
d:\images\_PAlbTN\170x128\20150213_215807.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_182940.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_182955.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_183006.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_183139.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_183150.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_183156.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_183159.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_221525.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_221541.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_221607.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_221701.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_221725.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_221744.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_221759.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_221804.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_221819.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_221839.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_222323.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_222531.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_222551.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_222604.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_222641.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_222650.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_222706.jpg_170x128
d:\images\_PAlbTN\170x128\20150222_223123.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_134949.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_135003.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_135033.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_135043.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_135231.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_135252.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_135533.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_135554.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_135618.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_135628.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_141552.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_141904.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_141910.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142020.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142047.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142158.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142216.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142232.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142535-1.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142535.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142542.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142548.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142645.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142745.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142827.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142934.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142936.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_142937.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143006.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143008.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143009.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143226.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143228.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143230.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143532.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143535.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143651.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143653.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143655.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_143745.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_144031.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_144328.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_145121.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_145734.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_145743.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_145815.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_154626.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_154630.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_154632.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_154641.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_163057.jpg_170x128
d:\images\_PAlbTN\170x128\20150926_163519.jpg_170x128
d:\images\_PAlbTN\170x128\21082014079.jpg_170x128
d:\images\_PAlbTN\170x128\21082014080.jpg_170x128
d:\images\_PAlbTN\170x128\21082014081.jpg_170x128
d:\images\_PAlbTN\170x128\21082014082.jpg_170x128
d:\images\_PAlbTN\170x128\26042015224.jpg_170x128
d:\images\_PAlbTN\170x128\28032015189.jpg_170x128
d:\images\_PAlbTN\170x128\44394701pv31.png_170x128
d:\images\_PAlbTN\170x128\azerspace1kue.jpg_170x128
d:\images\_PAlbTN\170x128\cable.jpg_170x128
d:\images\_PAlbTN\170x128\DSC_0000680.jpg_170x128
d:\images\_PAlbTN\170x128\DSC_0000681.jpg_170x128
d:\images\_PAlbTN\170x128\DSC_0000684.jpg_170x128
d:\images\_PAlbTN\170x128\EUTELSAT_7A_.JPG_170x128
d:\images\_PAlbTN\170x128\Express.jpg_170x128
d:\images\_PAlbTN\170x128\hadi-001.jpg_170x128
d:\images\_PAlbTN\170x128\IMG-20141030-00097.jpg_170x128
d:\images\_PAlbTN\170x128\IMG_20150411_125234.jpg_170x128
d:\images\_PAlbTN\170x128\IMG_20150414_171407.jpg_170x128
d:\images\_PAlbTN\170x128\IMG_20150414_172237.jpg_170x128
d:\images\_PAlbTN\170x128\IMG_20150414_172328.jpg_170x128
d:\images\_PAlbTN\170x128\IMG_20150414_172524.jpg_170x128
d:\images\_PAlbTN\170x128\IMG_20150426_182951.jpg_170x128
d:\images\_PAlbTN\170x128\IMG_50426_182951.jpg_170x128
d:\images\_PAlbTN\170x128\NSS+12-c+band-global+beam.jpg_170x128
d:\images\_PAlbTN\170x128\PCFMUSBDB9.jpg_170x128
d:\images\_PAlbTN\170x128\Photo0043.jpg_170x128
d:\images\_PAlbTN\170x128\Photo0133.jpg_170x128
d:\images\_PAlbTN\170x128\Photo0134.jpg_170x128
d:\images\_PAlbTN\170x128\rur23691.jpg_170x128
d:\images\_PAlbTN\170x128\Sadam.jpg_170x128
d:\images\_PAlbTN\170x128\sadam2_170x128
d:\images\_PAlbTN\170x128\sadam3_170x128
d:\images\_PAlbTN\170x128\Scr.jpg_170x128
d:\images\_PAlbTN\170x128\Screenshot0002.jpg_170x128
d:\images\_PAlbTN\170x128\WP_20150129_002.jpg_170x128
d:\images\_PAlbTN\170x128\yossef.ben.tachafine.jpg_170x128
d:\images\_PAlbTN\320x320\02042015193.jpg_320x320
d:\images\_PAlbTN\320x320\02042015194.jpg_320x320
d:\images\_PAlbTN\320x320\02042015195.jpg_320x320
d:\images\_PAlbTN\320x320\02042015196.jpg_320x320
d:\images\_PAlbTN\320x320\04042015197.jpg_320x320
d:\images\_PAlbTN\320x320\05072015288.jpg_320x320
d:\images\_PAlbTN\320x320\05072015289.jpg_320x320
d:\images\_PAlbTN\320x320\05072015290.jpg_320x320
d:\images\_PAlbTN\320x320\07082014044.jpg_320x320
d:\images\_PAlbTN\320x320\07082014045.jpg_320x320
d:\images\_PAlbTN\320x320\07082014046.jpg_320x320
d:\images\_PAlbTN\320x320\07082014047.jpg_320x320
d:\images\_PAlbTN\320x320\07082014053.jpg_320x320
d:\images\_PAlbTN\320x320\09102014050.jpg_320x320
d:\images\_PAlbTN\320x320\10072015291.jpg_320x320
d:\images\_PAlbTN\320x320\10728816_717923268289679_596419023_n.jpg_320x320
d:\images\_PAlbTN\320x320\10995678_1402315993410463_7744667881531921448_n.jpg_320x320
d:\images\_PAlbTN\320x320\11025179_580069218795498_7797086510287924085_n.jpg_320x320
d:\images\_PAlbTN\320x320\13042015199.jpg_320x320
d:\images\_PAlbTN\320x320\13042015200.jpg_320x320
d:\images\_PAlbTN\320x320\13042015201.jpg_320x320
d:\images\_PAlbTN\320x320\13072015293.jpg_320x320
d:\images\_PAlbTN\320x320\1545156_1561735094038958_3673163670034113791_n.jpg_320x320
d:\images\_PAlbTN\320x320\1625570_593317150757963_533724629_n.jpg_320x320
d:\images\_PAlbTN\320x320\17281_1570920919857821_2858457485004320704_n.jpg_320x320
d:\images\_PAlbTN\320x320\20032015186.jpg_320x320
d:\images\_PAlbTN\320x320\20150213_215807.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_182940.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_182955.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_183006.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_183139.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_183150.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_183156.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_183159.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_221525.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_221541.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_221607.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_221701.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_221725.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_221744.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_221759.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_221804.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_221819.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_221839.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_222323.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_222531.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_222551.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_222604.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_222641.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_222650.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_222706.jpg_320x320
d:\images\_PAlbTN\320x320\20150222_223123.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_134949.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_135003.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_135033.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_135043.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_135231.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_135252.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_135533.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_135554.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_135618.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_135628.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_141552.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_141904.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_141910.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142020.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142047.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142158.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142216.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142232.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142535-1.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142535.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142542.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142548.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142645.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142745.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142827.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142934.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142936.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_142937.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143006.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143008.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143009.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143226.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143228.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143230.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143532.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143535.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143651.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143653.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143655.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_143745.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_144031.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_144328.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_145121.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_145734.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_145743.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_145815.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_154626.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_154630.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_154632.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_154641.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_163057.jpg_320x320
d:\images\_PAlbTN\320x320\20150926_163519.jpg_320x320
d:\images\_PAlbTN\320x320\21082014079.jpg_320x320
d:\images\_PAlbTN\320x320\21082014080.jpg_320x320
d:\images\_PAlbTN\320x320\21082014081.jpg_320x320
d:\images\_PAlbTN\320x320\21082014082.jpg_320x320
d:\images\_PAlbTN\320x320\26042015224.jpg_320x320
d:\images\_PAlbTN\320x320\28032015189.jpg_320x320
d:\images\_PAlbTN\320x320\44394701pv31.png_320x320
d:\images\_PAlbTN\320x320\azerspace1kue.jpg_320x320
d:\images\_PAlbTN\320x320\cable.jpg_320x320
d:\images\_PAlbTN\320x320\DSC_0000680.jpg_320x320
d:\images\_PAlbTN\320x320\DSC_0000681.jpg_320x320
d:\images\_PAlbTN\320x320\DSC_0000684.jpg_320x320
d:\images\_PAlbTN\320x320\EUTELSAT_7A_.JPG_320x320
d:\images\_PAlbTN\320x320\Express.jpg_320x320
d:\images\_PAlbTN\320x320\hadi-001.jpg_320x320
d:\images\_PAlbTN\320x320\IMG-20141030-00097.jpg_320x320
d:\images\_PAlbTN\320x320\IMG_20150411_125234.jpg_320x320
d:\images\_PAlbTN\320x320\IMG_20150414_171407.jpg_320x320
d:\images\_PAlbTN\320x320\IMG_20150414_172237.jpg_320x320
d:\images\_PAlbTN\320x320\IMG_20150414_172328.jpg_320x320
d:\images\_PAlbTN\320x320\IMG_20150414_172524.jpg_320x320
d:\images\_PAlbTN\320x320\IMG_20150426_182951.jpg_320x320
d:\images\_PAlbTN\320x320\IMG_50426_182951.jpg_320x320
d:\images\_PAlbTN\320x320\NSS+12-c+band-global+beam.jpg_320x320
d:\images\_PAlbTN\320x320\PCFMUSBDB9.jpg_320x320
d:\images\_PAlbTN\320x320\Photo0043.jpg_320x320
d:\images\_PAlbTN\320x320\Photo0133.jpg_320x320
d:\images\_PAlbTN\320x320\Photo0134.jpg_320x320
d:\images\_PAlbTN\320x320\rur23691.jpg_320x320
d:\images\_PAlbTN\320x320\Sadam.jpg_320x320
d:\images\_PAlbTN\320x320\sadam2_320x320
d:\images\_PAlbTN\320x320\sadam3_320x320
d:\images\_PAlbTN\320x320\Scr.jpg_320x320
d:\images\_PAlbTN\320x320\Screenshot0002.jpg_320x320
d:\images\_PAlbTN\320x320\WP_20150129_002.jpg_320x320
d:\images\_PAlbTN\320x320\yossef.ben.tachafine.jpg_320x320
d:\images\_PAlbTN\56x42\02042015193.jpg_56x42
d:\images\_PAlbTN\56x42\02042015194.jpg_56x42
d:\images\_PAlbTN\56x42\02042015195.jpg_56x42
d:\images\_PAlbTN\56x42\02042015196.jpg_56x42
d:\images\_PAlbTN\56x42\04042015197.jpg_56x42
d:\images\_PAlbTN\56x42\05072015288.jpg_56x42
d:\images\_PAlbTN\56x42\05072015289.jpg_56x42
d:\images\_PAlbTN\56x42\05072015290.jpg_56x42
d:\images\_PAlbTN\56x42\07082014044.jpg_56x42
d:\images\_PAlbTN\56x42\07082014045.jpg_56x42
d:\images\_PAlbTN\56x42\07082014046.jpg_56x42
d:\images\_PAlbTN\56x42\07082014047.jpg_56x42
d:\images\_PAlbTN\56x42\07082014053.jpg_56x42
d:\images\_PAlbTN\56x42\09102014050.jpg_56x42
d:\images\_PAlbTN\56x42\10072015291.jpg_56x42
d:\images\_PAlbTN\56x42\10728816_717923268289679_596419023_n.jpg_56x42
d:\images\_PAlbTN\56x42\10995678_1402315993410463_7744667881531921448_n.jpg_56x42
d:\images\_PAlbTN\56x42\11025179_580069218795498_7797086510287924085_n.jpg_56x42
d:\images\_PAlbTN\56x42\13042015199.jpg_56x42
d:\images\_PAlbTN\56x42\13042015200.jpg_56x42
d:\images\_PAlbTN\56x42\13042015201.jpg_56x42
d:\images\_PAlbTN\56x42\13072015293.jpg_56x42
d:\images\_PAlbTN\56x42\1545156_1561735094038958_3673163670034113791_n.jpg_56x42
d:\images\_PAlbTN\56x42\1625570_593317150757963_533724629_n.jpg_56x42
d:\images\_PAlbTN\56x42\17281_1570920919857821_2858457485004320704_n.jpg_56x42
d:\images\_PAlbTN\56x42\20032015186.jpg_56x42
d:\images\_PAlbTN\56x42\20150213_215807.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_182940.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_182955.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_183006.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_183139.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_183150.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_183156.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_183159.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_221525.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_221541.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_221607.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_221701.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_221725.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_221744.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_221759.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_221804.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_221819.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_221839.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_222323.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_222531.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_222551.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_222604.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_222641.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_222650.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_222706.jpg_56x42
d:\images\_PAlbTN\56x42\20150222_223123.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_134949.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_135003.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_135033.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_135043.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_135231.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_135252.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_135533.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_135554.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_135618.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_135628.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_141552.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_141904.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_141910.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142020.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142047.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142158.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142216.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142232.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142535-1.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142535.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142542.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142548.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142645.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142745.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142827.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142934.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142936.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_142937.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143006.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143008.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143009.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143226.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143228.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143230.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143532.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143535.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143651.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143653.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143655.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_143745.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_144031.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_144328.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_145121.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_145734.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_145743.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_145815.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_154626.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_154630.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_154632.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_154641.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_163057.jpg_56x42
d:\images\_PAlbTN\56x42\20150926_163519.jpg_56x42
d:\images\_PAlbTN\56x42\21082014079.jpg_56x42
d:\images\_PAlbTN\56x42\21082014080.jpg_56x42
d:\images\_PAlbTN\56x42\21082014081.jpg_56x42
d:\images\_PAlbTN\56x42\21082014082.jpg_56x42
d:\images\_PAlbTN\56x42\26042015224.jpg_56x42
d:\images\_PAlbTN\56x42\28032015189.jpg_56x42
d:\images\_PAlbTN\56x42\44394701pv31.png_56x42
d:\images\_PAlbTN\56x42\azerspace1kue.jpg_56x42
d:\images\_PAlbTN\56x42\cable.jpg_56x42
d:\images\_PAlbTN\56x42\DSC_0000680.jpg_56x42
d:\images\_PAlbTN\56x42\DSC_0000681.jpg_56x42
d:\images\_PAlbTN\56x42\DSC_0000684.jpg_56x42
d:\images\_PAlbTN\56x42\EUTELSAT_7A_.JPG_56x42
d:\images\_PAlbTN\56x42\Express.jpg_56x42
d:\images\_PAlbTN\56x42\hadi-001.jpg_56x42
d:\images\_PAlbTN\56x42\IMG-20141030-00097.jpg_56x42
d:\images\_PAlbTN\56x42\IMG_20150411_125234.jpg_56x42
d:\images\_PAlbTN\56x42\IMG_20150414_171407.jpg_56x42
d:\images\_PAlbTN\56x42\IMG_20150414_172237.jpg_56x42
d:\images\_PAlbTN\56x42\IMG_20150414_172328.jpg_56x42
d:\images\_PAlbTN\56x42\IMG_20150414_172524.jpg_56x42
d:\images\_PAlbTN\56x42\IMG_20150426_182951.jpg_56x42
d:\images\_PAlbTN\56x42\IMG_50426_182951.jpg_56x42
d:\images\_PAlbTN\56x42\Motor.jpg%3foh=a52e5280bc09531a506ef66a028436a4&oe=54D93626&__gda__=1424969408_4439a4f2291091c7d22dd5c91991f16f_56x42
d:\images\_PAlbTN\56x42\NSS+12-c+band-global+beam.jpg_56x42
d:\images\_PAlbTN\56x42\PCFMUSBDB9.jpg_56x42
d:\images\_PAlbTN\56x42\Photo0043.jpg_56x42
d:\images\_PAlbTN\56x42\Photo0133.jpg_56x42
d:\images\_PAlbTN\56x42\Photo0134.jpg_56x42
d:\images\_PAlbTN\56x42\rur23691.jpg_56x42
d:\images\_PAlbTN\56x42\Sadam.jpg_56x42
d:\images\_PAlbTN\56x42\sadam2_56x42
d:\images\_PAlbTN\56x42\sadam3_56x42
d:\images\_PAlbTN\56x42\Scr.jpg_56x42
d:\images\_PAlbTN\56x42\Screenshot0002.jpg_56x42
d:\images\_PAlbTN\56x42\Tiznit.jpg%3foh=706358ccabf0360a7b4c1a6fdf6a9e67&oe=54F229CC&__gda__=1424473061_16c5a83e1bbf8d47e95c8ee6bd2d77db_56x42
d:\images\_PAlbTN\56x42\WP_20150129_002.jpg_56x42
d:\images\_PAlbTN\56x42\yossef.ben.tachafine.jpg_56x42
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-04-09 au 2016-05-09 ))))))))))))))))))))))))))))))))))))
.
.
2016-05-09 18:13 . 2016-05-09 18:16 -------- d-----w- c:\users\MOHAMED\AppData\Local\temp
2016-05-09 18:13 . 2016-05-09 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-09 11:42 . 2016-05-09 11:46 -------- d-----w- C:\AdsFix
2016-05-08 10:54 . 2016-04-26 10:25 9317056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E67403D9-B008-4CD6-B031-AC900DF8FA45}\mpengine.dll
2016-05-07 16:14 . 2016-05-07 16:15 -------- d-----w- C:\KVRT_Data
2016-05-07 06:39 . 2016-05-07 15:07 -------- d-----w- C:\FRST
2016-05-07 06:34 . 2016-05-07 06:34 -------- d-----w- c:\users\MOHAMED\AppData\Local\WindowsUpdateFixer
2016-05-07 06:31 . 2016-05-07 06:31 -------- d-----w- c:\program files\WindowsUpdateFixer
2016-05-06 23:01 . 2016-05-06 23:01 95616 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2016-05-06 23:01 . 2016-05-06 23:01 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2016-05-06 23:01 . 2016-05-06 23:01 76544 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2016-05-06 23:01 . 2016-05-06 23:01 67584 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2016-05-06 23:01 . 2016-05-06 23:01 369152 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2016-05-06 23:01 . 2016-05-06 23:01 27520 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2016-05-06 23:01 . 2016-05-06 23:01 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2016-05-06 23:01 . 2016-05-06 23:01 199168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2016-05-06 23:01 . 2016-05-06 23:01 195072 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2016-05-06 23:01 . 2016-05-06 23:01 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2016-05-06 23:01 . 2016-05-06 23:01 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2016-05-06 23:01 . 2016-05-06 23:01 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2016-05-06 15:46 . 2016-05-06 15:46 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2016-05-06 15:46 . 2016-05-06 15:46 -------- d-----w- c:\program files\QuickTime
2016-05-06 15:46 . 2016-05-06 15:46 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2016-05-06 15:46 . 2016-05-06 15:46 -------- d-----w- c:\programdata\TechSmith
2016-05-06 15:46 . 2016-05-06 15:46 -------- d-----w- c:\program files\TechSmith
2016-05-05 17:20 . 2016-05-09 17:58 -------- d-----w- c:\users\MOHAMED\AppData\Local\CrashDumps
2016-05-04 20:40 . 2016-05-04 20:49 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\DriverCure
2016-05-04 20:39 . 2016-05-04 23:44 -------- d-----w- c:\programdata\ParetoLogic
2016-05-04 20:39 . 2016-05-04 23:44 -------- d-----w- c:\programdata\DriverCure
2016-05-04 20:39 . 2016-05-04 20:39 -------- d-----w- c:\program files\ParetoLogic
2016-05-04 17:30 . 2016-05-04 17:30 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\TechSmith
2016-05-04 17:28 . 2016-05-04 17:28 -------- d-----w- c:\users\MOHAMED\AppData\Local\TechSmith
2016-05-04 12:06 . 2016-05-04 13:15 -------- d-----r- C:\Intel PROSet Wireless
2016-04-27 08:42 . 2016-04-27 08:47 -------- d-----w- c:\program files\CCleaner
2016-04-26 23:42 . 2016-04-26 23:42 -------- d-----w- c:\users\MOHAMED\AppData\Local\Chronotron
2016-04-26 23:34 . 2016-04-26 23:34 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\MP3 Speed
2016-04-26 22:07 . 2016-04-26 22:07 -------- d-----w- c:\programdata\ByteFence
2016-04-26 21:56 . 2016-04-26 23:50 -------- d-----w- c:\program files\ByteFence
2016-04-26 19:52 . 2016-04-27 00:02 -------- d--h--w- c:\program files\Temp
2016-04-26 19:52 . 2016-04-26 19:52 -------- d-----w- c:\program files\Common Files\InstallShield
2016-04-26 17:53 . 1998-09-15 14:53 305152 ----a-w- c:\windows\system32\setresae.dll
2016-04-26 17:53 . 1998-09-15 14:45 305152 ----a-w- c:\windows\system32\setresar.dll
2016-04-26 17:52 . 1997-11-28 16:28 35328 ----a-w- c:\windows\system32\Shellses.dll
2016-04-26 17:52 . 1997-11-21 15:13 18944 ----a-w- c:\windows\system32\Ibmwave.exe
2016-04-26 17:52 . 1998-09-16 15:29 388608 ----a-w- c:\windows\system32\setnote.cpl
2016-04-26 17:52 . 1997-12-05 20:23 305152 ----a-w- c:\windows\system32\setresuk.dll
2016-04-26 17:52 . 1997-10-02 20:02 22528 ----a-w- c:\windows\system32\rhmmplay.dll
2016-04-26 17:18 . 1997-09-12 13:44 299520 ----a-w- c:\windows\uninst.exe
2016-04-26 17:07 . 2016-04-26 17:07 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\PowerISO
2016-04-26 14:59 . 2016-05-06 14:24 -------- d-----w- c:\users\MOHAMED\AppData\Local\Google
2016-04-26 13:32 . 2016-04-26 13:32 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\OpenOffice
2016-04-26 13:28 . 2016-04-26 13:29 -------- d-----w- c:\program files\OpenOffice 4
2016-04-24 14:15 . 2016-04-24 14:17 -------- d-----w- c:\users\MOHAMED\AppData\Local\Windows Live Writer
2016-04-24 14:15 . 2016-04-24 14:15 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\Windows Live Writer
2016-04-18 17:29 . 2016-04-26 20:23 -------- d-----w- c:\users\MOHAMED\AppData\Local\ElevatedDiagnostics
2016-04-16 12:30 . 2016-04-16 12:32 -------- d-----w- c:\program files\Baidu WiFiHotspot
2016-04-16 12:19 . 2016-04-16 12:19 -------- d-----w- c:\users\Public\Roaming
2016-04-16 12:19 . 2016-04-16 12:19 -------- d-----w- c:\users\MOHAMED\Roaming
2016-04-16 12:19 . 2016-04-16 12:19 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\Intel
2016-04-16 12:19 . 2016-04-16 12:19 -------- d-----w- c:\users\Default\Roaming
2016-04-16 12:19 . 2016-04-16 12:19 -------- d-----w- c:\users\Administrator\Roaming
2016-04-16 12:17 . 2016-04-16 12:17 -------- d-----w- c:\program files\Cisco
2016-04-16 12:17 . 2016-04-16 12:17 -------- d-----w- c:\program files\Common Files\Intel
2016-04-16 12:17 . 2016-04-16 12:17 -------- d-----w- c:\programdata\Intel
2016-04-16 12:16 . 2016-04-16 12:16 -------- d-----w- C:\dell
2016-04-16 11:42 . 2016-04-16 11:42 -------- d-----w- c:\users\MOHAMED\AppData\Local\Apps
2016-04-16 11:42 . 2016-05-05 17:24 -------- d-----w- c:\users\MOHAMED\AppData\Local\Deployment
2016-04-16 10:12 . 2016-04-16 10:12 31616 ----a-w- c:\windows\system32\drivers\cfywlan1.sys
2016-04-16 10:11 . 2016-04-16 10:18 -------- d-----w- c:\programdata\Connectify
2016-04-16 09:06 . 2014-08-14 09:18 37408 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2016-04-15 14:31 . 2016-04-22 13:40 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\TSv
2016-04-15 14:30 . 2016-04-26 15:01 -------- d-----w- c:\program files\Google
2016-04-15 10:38 . 2016-04-15 10:38 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-04-15 10:38 . 2016-04-15 10:38 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-15 10:38 . 2016-04-15 10:38 -------- d-----w- c:\windows\system32\Macromed
2016-04-15 10:34 . 2016-04-15 10:40 -------- d-----w- c:\users\MOHAMED\AppData\Local\Adobe
2016-04-13 19:40 . 2016-04-27 09:10 -------- d-----w- c:\users\MOHAMED\Tracing
2016-04-13 19:36 . 2016-04-13 19:36 -------- d-----w- c:\windows\fr
2016-04-13 19:36 . 2014-03-31 21:36 49856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2016-04-13 19:34 . 2016-04-13 19:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2016-04-13 19:30 . 2016-04-13 19:30 -------- d-----w- c:\windows\PCHEALTH
2016-04-13 19:28 . 2016-04-13 19:36 -------- d-----w- c:\program files\Windows Live
2016-04-13 19:27 . 2010-06-02 04:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2016-04-13 19:27 . 2010-06-02 04:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2016-04-13 19:27 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2016-04-13 19:27 . 2010-05-26 11:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2016-04-13 19:26 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2016-04-13 19:25 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2016-04-13 19:24 . 2016-04-13 19:24 -------- d-----w- c:\program files\Microsoft OneDrive
2016-04-13 19:24 . 2016-04-13 19:24 -------- d-----r- c:\users\MOHAMED\OneDrive
2016-04-13 19:23 . 2016-04-13 19:23 -------- d-----w- c:\programdata\Microsoft OneDrive
2016-04-13 19:22 . 2016-04-24 14:14 -------- d-----w- c:\users\MOHAMED\AppData\Local\Windows Live
2016-04-13 19:22 . 2016-04-13 19:22 -------- d-----w- c:\program files\Common Files\Windows Live
2016-04-13 18:50 . 2016-04-13 18:50 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\VideoEditor
2016-04-13 18:50 . 2016-04-13 18:50 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\FlashIntegro
2016-04-11 22:45 . 2016-04-11 22:45 -------- d-----w- c:\program files\WinTsks
2016-04-11 22:45 . 2016-04-11 22:45 -------- d-----w- c:\program files\WinSvces
2016-04-11 22:45 . 2016-04-27 10:42 -------- d-----w- c:\program files\SpeedSearchesbnd
2016-04-10 18:49 . 2016-04-13 18:46 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\NCH Software
2016-04-10 18:48 . 2016-04-13 18:41 -------- d-----w- c:\programdata\NCH Software
2016-04-10 18:48 . 2016-04-11 22:38 -------- d-----w- c:\program files\NCH Software
2016-04-09 23:08 . 2016-04-09 23:09 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\HaiYuInst
2016-04-09 19:49 . 2015-09-08 08:16 104096 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2016-04-09 19:49 . 2016-04-09 19:49 -------- d-----w- c:\program files\DIFX
2016-04-09 19:48 . 2016-04-09 19:58 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\Nox
2016-04-09 19:48 . 2016-04-09 19:58 -------- d-----w- c:\users\MOHAMED\AppData\Local\Nox
2016-04-09 19:31 . 2016-04-09 19:31 -------- d-----w- c:\users\MOHAMED\AppData\Local\BlueStacks
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-06 23:01 . 2016-04-01 15:21 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2016-05-06 23:01 . 2016-04-01 15:21 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2016-04-13 19:29 . 2012-07-17 14:37 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-04-06 10:18 . 2016-03-31 18:54 374944 ------w- c:\windows\system32\MpSigStub.exe
2016-03-31 21:42 . 2016-03-31 21:42 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-03-31 20:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2016-03-04 17:52 . 2016-03-04 17:52 174192 ----a-w- c:\windows\system32\drivers\VBoxNetLwf.sys
2016-03-04 17:52 . 2016-03-04 17:52 108208 ----a-w- c:\windows\system32\drivers\VBoxNetAdp6.sys
2016-02-23 15:25 . 2016-02-23 15:25 71488 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-02-23 15:25 . 2016-02-23 15:25 44608 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-02-23 15:25 . 2016-02-23 15:25 206312 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-02-23 15:25 . 2016-02-23 15:25 154288 ----a-w- c:\windows\system32\drivers\edevmon.sys
2016-02-23 15:25 . 2016-02-23 15:25 152728 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-02-23 15:25 . 2016-02-23 15:25 146024 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-02-23 15:25 . 2016-02-23 15:25 111040 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-04-15 6675672]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2016-04-15 6675672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-03-20 595480]
"jswtrayutil"="c:\program files\Jumpstart\jswtrayutil.exe" [2008-09-26 528384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2016-03-31 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-03-04 108208]
R2 Modem HDM EC156. RunOuc;Modem HDM EC156. OUC;c:\program files\Modem HDM EC156\UpdateDog\ouc.exe [2016-05-06 655712]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2016-05-06 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2016-05-06 11136]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2016-05-06 369152]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2016-05-06 95616]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2016-05-06 27520]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2016-05-06 195072]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-09-26 954368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys [2016-02-23 154288]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2016-02-23 71488]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-02-23 206312]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2016-02-23 146024]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2016-02-23 44608]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-05-15 20384]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2014-08-14 37408]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys [2015-09-08 203424]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2016-02-23 111040]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2016-02-23 1982752]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 jswpbapi;JumpStart Push-Button Service;c:\program files\Jumpstart\jswpbapi.exe [2008-09-26 188416]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2016-05-06 76544]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-28 4233728]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-02 22:05 1186968 ----a-w- c:\program files\Google\Chrome\Application\50.0.2661.94\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-05-07 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-15 10:38]
.
2016-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-15 10:38]
.
2016-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-04-26 14:59]
.
2016-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-04-26 14:59]
.
.
------- Examen supplémentaire -------
.
Trusted Zone: dell.com
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A195F425-92B8-4C62-854A-E8700FCC0362}: NameServer = 192.168.50.58 192.168.60.55
FF - ProfilePath - c:\users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\
FF - prefs.js: keyword.URL - hxxp://www.hohosearch.com/chrome.php?uid=EF2CDDAFD1C58637F2EBC1D2B9BD1185&ptid=amz&ts=AHEqA3ElAH4lAU..&v=20160409&mode=ffexttoolbar&q=
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-998902749-2816007284-3194843033-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-998902749-2816007284-3194843033-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(3208)
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\igfxrFRA.lrc
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\taskhost.exe
c:\programdata\Modem HDM EC156\OnlineUpdate\ouc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ESET\ESET Smart Security\egui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2016-05-09 18:19:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-05-09 18:19
.
Avant-CF: 158 264 999 936 octets libres
Après-CF: 158 161 420 288 octets libres
.
- - End Of File - - 8F62917C4A6C56A71A0CC2B7BE0C267B
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité