Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2017
Exécuté par mohamed (administrateur) sur MOHAMED-PC (20-11-2017 15:48:42)
Exécuté depuis C:\Users\mohamed\Desktop
Profils chargés: mohamed (Profils disponibles: mohamed & medy)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
( ) C:\Windows\System32\lxcycoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\SQL.NEOSERVER\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [253344 2017-11-17] (AVAST Software)
HKLM\...\Run: [LXCYCATS] => rundll32 \3\LXCYtime.dll,RunDLLEntry******************************************************************************************************************************************************************** (l'élément de données a 59 caractères en plus).
HKLM\...\Run: [lxcymon.exe] => C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe [291496 2009-05-01] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1433766655-27953579-1754407475-1000\...\Run: [MsgCenterExe] => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe" -osboot
HKU\S-1-5-21-1433766655-27953579-1754407475-1000\...\MountPoints2: {0ca74c3c-4683-11e1-a68f-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-23] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\.DEFAULT\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1433766655-27953579-1754407475-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Hosts: Fichier hosts non détecté dans le dossier par défaut
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{0B2E35F2-7B5F-442E-8D8C-60B4D750396E}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{31EB6124-3292-4B97-B614-6695C8424ACE}: [NameServer] 192.168.137.1
Internet Explorer:
==================
HKU\S-1-5-21-1433766655-27953579-1754407475-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2017-11-17] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-11-17] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-30] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Pas de fichier
Toolbar: HKU\S-1-5-21-1433766655-27953579-1754407475-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
DPF: HKLM-x32 {3A226D85-574D-4272-B73C-DBCAECF709B3} hxxp://www.consoclicker.com/TNSClickrb.CAB
DPF: HKLM-x32 {70A5EBDC-3EA6-464A-9FF7-084BC150C417} hxxp://www.consoclicker.com/TNSClickra.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Pas de fichier
FireFox:
========
FF ProfilePath: C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default [2017-10-14]
FF Keyword.URL: Mozilla\Firefox\Profiles\81vkwl6m.default -> hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: Mozilla\Firefox\Profiles\81vkwl6m.default -> ftp", "proxy.prolixeserver.com"
FF Extension: (Firebug) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\firebug@software.joehewitt.com.xpi [2017-10-02] [Lagacy]
FF Extension: (Tampermonkey) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\firefox@tampermonkey.net.xpi [2017-10-02]
FF Extension: (Hide Favicons) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\hidefavicons@maarten.xpi [2016-05-05] [Lagacy]
FF Extension: (IPFlood) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\ipfuck@p4ul.info.xpi [2016-10-23] [Lagacy]
FF Extension: (X-Forwarded-For Header) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\jid1-vasLCl9ZsexfAQ@jetpack.xpi [2016-05-05] [Lagacy]
FF Extension: (leethax.net extension) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\leethax@leethax.net.xpi [2014-03-30] [Lagacy] [non signé]
FF Extension: (Avast SafePrice) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\sp@avast.com.xpi [2017-09-08]
FF Extension: (UnPlug) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\unplug@compunach.xpi [2016-02-17] [Lagacy]
FF Extension: (Avast Online Security) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\wrc@avast.com.xpi [2017-09-08]
FF Extension: (NoScript) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-10-02] [Lagacy]
FF Extension: (Video DownloadHelper) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-10-13] [Lagacy]
FF Extension: (Adblock Plus) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-02] [Lagacy]
FF Extension: (Greasemonkey) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-10-13] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [discountfinder@moneymillionaire.com] - C:\ProgramData\Promo-détective\FFExtension20141025162549
FF Extension: (Qassa+ extension) - C:\ProgramData\Promo-détective\FFExtension20141025162549 [2014-10-27] [Lagacy] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-02] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @MoneyMillionaire/npdf -> C:\ProgramData\Promo-détective\FFExtension20141025162549\plugins\npdf.dll [2012-11-15] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default [2017-11-20]
CHR Extension: (Chrome Media Router) - C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] -
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe [7549928 2017-11-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [281416 2017-11-17] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )
R2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [537520 2006-11-29] ( )
R2 MSSQL$NEOSERVER; c:\Program Files (x86)\Microsoft SQL Server\SQL.NEOSERVER\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 MySQL; C:\Clyo\mysql\bin\mysqld-nt.exe [4149248 2006-05-26] () [Fichier non signé]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [307488 2012-08-16] ()
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-17] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-17] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-17] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-17] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [105128 2017-10-13] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-17] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-17] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-09-29] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-17] (AVAST Software)
S2 DLPortIO; C:\Windows\SysWow64\Drivers\DLPortIO.sys [3584 1999-01-10] () [Fichier non signé]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET_AMD64.SYS [615440 2009-09-11] (TechniSat Digital, S.A.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2014-11-05] (The OpenVPN Project) [Fichier non signé]
R3 TSVAD_PCM; C:\Windows\System32\drivers\tsvadpcm.sys [33552 2012-08-22] (Windows (R) Win 7 DDK provider)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-03-26] (Oracle Corporation)
R3 wna3100m; C:\Windows\System32\DRIVERS\wna3100m.sys [1094760 2011-12-30] (NETGEAR Corporation )
S3 CV2K1; system32\DRIVERS\cv2k1.sys [X]
S3 Ipfw; system32\DRIVERS\ipfw.sys [X]
S3 IpfwMP; system32\DRIVERS\ipfw.sys [X]
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
S0 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 mvvideodemo; system32\DRIVERS\mvvideodemo.sys [X]
S3 Ndisrd; system32\DRIVERS\ndisrd.sys [X]
S2 WCMVCAM; system32\DRIVERS\wcmvcam64.sys [X]
S3 WPRO_41_2001; system32\drivers\WPRO_41_2001.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-20 15:48 - 2017-11-20 15:49 - 000017132 _____ C:\Users\mohamed\Desktop\FRST.txt
2017-11-20 15:48 - 2017-11-20 15:48 - 002391552 _____ (Farbar) C:\Users\mohamed\Desktop\FRST64.exe
2017-11-20 15:48 - 2017-11-20 15:48 - 000000000 ____D C:\FRST
2017-11-19 20:39 - 2017-11-19 20:39 - 000004130 _____ C:\Users\mohamed\Desktop\AdwCleaner[C0].txt
2017-11-19 20:38 - 2017-11-19 20:38 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-19 20:13 - 2017-11-19 20:23 - 000085255 _____ C:\Users\mohamed\Desktop\ZHPCleaner.txt
2017-11-19 19:33 - 2017-11-19 19:33 - 008261584 _____ (Malwarebytes) C:\Users\mohamed\Desktop\adwcleaner_7.0.4.0.exe
2017-11-19 19:29 - 2017-11-19 19:32 - 008261584 _____ C:\Users\mohamed\Downloads\adwcleaner_7.0.4.0.exe
2017-11-19 19:28 - 2017-11-19 19:28 - 002973056 _____ C:\Users\mohamed\Desktop\ZHPCleaner.exe
2017-11-19 19:28 - 2017-11-19 19:28 - 000000834 _____ C:\Users\mohamed\Desktop\ZHPCleaner.lnk
2017-11-19 17:34 - 2017-11-19 17:34 - 000202884 _____ C:\Users\mohamed\Downloads\ZHPDiag.txt
2017-11-19 17:33 - 2017-11-19 20:54 - 000196631 _____ C:\Users\mohamed\Desktop\ZHPDiag.txt
2017-11-19 17:22 - 2017-11-19 20:57 - 000000000 ____D C:\Users\mohamed\AppData\Roaming\ZHP
2017-11-19 17:22 - 2017-11-19 20:46 - 000000000 ____D C:\Users\mohamed\AppData\Local\ZHP
2017-11-19 17:22 - 2017-11-19 17:22 - 000000824 _____ C:\Users\mohamed\Desktop\ZHPDiag.lnk
2017-11-19 17:19 - 2017-11-19 17:21 - 002928512 _____ C:\Users\mohamed\Downloads\ZHPDiag3.exe
2017-11-17 15:18 - 2017-11-17 15:18 - 000275312 _____ C:\Windows\Minidump\111717-36519-01.dmp
2017-11-17 01:54 - 2017-11-17 01:53 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-17 01:54 - 2017-11-17 01:53 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-16 20:27 - 2017-11-16 20:29 - 017064297 _____ C:\Users\mohamed\Downloads\estimations_ss11_11.psd
2017-11-15 14:24 - 2017-11-15 14:24 - 000275312 _____ C:\Windows\Minidump\111517-30061-01.dmp
2017-11-09 20:02 - 2017-11-09 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-09 20:02 - 2017-11-09 20:02 - 000000000 ____D C:\Program Files\iPod
2017-11-09 20:01 - 2017-11-09 20:02 - 000000000 ____D C:\Program Files\iTunes
2017-11-09 19:27 - 2017-11-09 19:27 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-11-09 19:09 - 2017-11-09 19:22 - 261135176 _____ (Apple Inc.) C:\Users\mohamed\Downloads\iTunes64Setup (1).exe
2017-11-09 00:51 - 2017-11-09 00:51 - 000108347 _____ C:\Users\mohamed\Downloads\facture_freemobile_20170802 (1).pdf
2017-11-09 00:51 - 2017-11-09 00:51 - 000074638 _____ C:\Users\mohamed\Downloads\facture_freemobile_20171002.pdf
2017-11-09 00:46 - 2017-11-09 00:46 - 000108347 _____ C:\Users\mohamed\Downloads\facture_freemobile_20170802.pdf
2017-11-04 14:50 - 2017-11-04 14:50 - 000275312 _____ C:\Windows\Minidump\110417-30232-01.dmp
2017-11-02 19:43 - 2017-11-02 19:43 - 000166411 _____ C:\Users\mohamed\Downloads\8R30784393500.pdf
2017-11-02 15:35 - 2017-11-02 15:35 - 000275312 _____ C:\Windows\Minidump\110217-28969-01.dmp
2017-11-01 21:22 - 2017-11-01 22:31 - 019677450 _____ C:\Users\mohamed\Downloads\estimations2017-s9-Récupéré.psd
2017-11-01 20:40 - 2017-11-01 20:40 - 000001068 _____ C:\Users\mohamed\Desktop\Adobe Photoshop CC (64 Bit).lnk
2017-11-01 18:16 - 2017-11-01 18:16 - 000002832 _____ C:\Users\mohamed\Downloads\freebox.luac
2017-11-01 18:12 - 2017-11-01 18:12 - 000001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-11-01 18:12 - 2017-11-01 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-10-31 14:45 - 2017-11-01 20:46 - 019673193 _____ C:\Users\mohamed\Downloads\estimations2017-s9.psd
2017-10-29 22:27 - 2017-10-29 22:28 - 000029622 _____ C:\Users\mohamed\Downloads\0054612388-multi.pdf
2017-10-29 17:18 - 2017-10-29 17:18 - 000099561 _____ C:\Users\mohamed\Downloads\impot christ.pdf
2017-10-29 17:17 - 2017-10-29 17:17 - 000099561 _____ C:\Users\mohamed\Downloads\IR-Avis-1ASDIR-2016-17591678304988.pdf
2017-10-29 00:58 - 2017-10-29 00:58 - 000395359 _____ C:\Users\mohamed\Downloads\PAR_ENV001_EBCBRA2V.PDF
2017-10-28 22:05 - 2017-10-28 22:05 - 000099804 _____ C:\Users\mohamed\Downloads\impot armelle.pdf
2017-10-28 21:59 - 2017-10-28 21:59 - 000099522 _____ C:\Users\mohamed\Downloads\IMPOT MEDY.pdf
2017-10-28 20:48 - 2017-10-28 20:48 - 000196809 _____ C:\Users\mohamed\Downloads\Unidialog_4999862 (1).pdf
2017-10-27 12:27 - 2017-10-27 12:27 - 000166422 _____ C:\Users\mohamed\Downloads\8R30785714779.pdf
2017-10-25 14:02 - 2017-10-25 14:06 - 017707734 _____ C:\Users\mohamed\Downloads\estimations2017-s8.psd
2017-10-24 17:45 - 2017-10-24 17:45 - 026177452 _____ C:\Users\mohamed\Downloads\candidats decoupés2.psd
2017-10-24 13:27 - 2017-10-24 13:27 - 000000000 _____ C:\Users\mohamed\AppData\Local\{4DCE6791-BD20-48C1-A42B-F6235985B425}
2017-10-22 22:29 - 2017-10-22 22:29 - 000046638 _____ C:\Users\mohamed\Downloads\publisher-invoice-201709.pdf
2017-10-22 16:23 - 2017-10-22 16:23 - 000087460 _____ C:\Users\mohamed\Downloads\ticket (6).pdf
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-20 15:44 - 2014-12-04 20:12 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-11-20 15:40 - 2017-04-04 09:16 - 000004174 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-20 15:39 - 2017-04-05 09:30 - 000000913 _____ C:\Windows\Tasks\EPSON WF-2760 Series Update {E8D0290A-3980-4FFB-91BF-9BD01C943F47}.job
2017-11-20 15:39 - 2009-07-14 05:45 - 000024944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-20 15:39 - 2009-07-14 05:45 - 000024944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-19 20:35 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-19 20:33 - 2014-11-15 02:34 - 000000000 ____D C:\AdwCleaner
2017-11-19 19:25 - 2017-09-28 14:04 - 000000000 ____D C:\Users\mohamed\AppData\Roaming\vlc
2017-11-19 17:03 - 2016-01-29 02:32 - 000017920 ___SH C:\Users\mohamed\Thumbs.db
2017-11-19 16:23 - 2013-11-20 02:39 - 000890880 ___SH C:\Users\mohamed\Documents\Thumbs.db
2017-11-17 16:20 - 2014-02-22 02:29 - 000000000 ____D C:\Users\mohamed\Downloads\inter
2017-11-17 15:18 - 2017-07-18 18:50 - 939986292 _____ C:\Windows\MEMORY.DMP
2017-11-17 15:18 - 2013-02-02 15:23 - 000000000 ____D C:\Windows\Minidump
2017-11-17 01:55 - 2012-01-24 13:19 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-17 01:53 - 2014-09-29 00:36 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-17 01:53 - 2014-09-29 00:36 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-17 01:53 - 2014-09-29 00:30 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-17 01:53 - 2014-09-29 00:30 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-17 01:53 - 2012-04-28 17:29 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-17 01:53 - 2012-01-24 13:19 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151088011998404
2017-11-17 01:53 - 2012-01-24 13:19 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-17 01:52 - 2017-04-04 09:15 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-11-17 01:52 - 2017-04-04 09:15 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-11-17 01:52 - 2017-04-04 09:15 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-11-17 01:52 - 2017-04-04 09:15 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-11-17 01:52 - 2012-01-24 13:32 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-09 20:04 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-09 19:27 - 2012-07-29 23:56 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-11-09 18:31 - 2015-07-13 00:56 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-11-01 18:28 - 2009-07-14 16:24 - 006151084 _____ C:\Windows\system32\perfh00C.dat
2017-11-01 18:28 - 2009-07-14 16:24 - 001923524 _____ C:\Windows\system32\perfc00C.dat
2017-11-01 18:28 - 2009-07-14 06:13 - 000006484 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-01 18:12 - 2012-01-29 00:05 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2017-10-30 21:27 - 2013-06-19 12:28 - 000000132 _____ C:\Users\mohamed\AppData\Roaming\Préférences Adobe PNG Format CC
2017-10-30 16:11 - 2017-10-16 11:55 - 001946676 _____ C:\Users\mohamed\Downloads\candidat stop.psd
2017-10-30 16:01 - 2017-10-16 11:02 - 013343217 _____ C:\Users\mohamed\Downloads\cotedepopularite_ss11_v2.psd
2017-10-29 17:11 - 2012-01-30 17:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-28 20:42 - 2012-01-28 23:44 - 000000000 ____D C:\Users\mohamed\Desktop\Op sky
2017-10-23 12:30 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
==================== Fichiers à la racine de certains dossiers =======
2013-07-31 23:26 - 2013-06-22 23:37 - 001376768 _____ (cURL, http://curl.haxx.se/) C:\Users\mohamed\curl.exe
2013-12-09 20:22 - 2013-12-09 20:22 - 000113224 _____ () C:\Users\mohamed\g2ax_customer_downloadhelper_win32_x86.exe
2013-12-09 20:20 - 2013-12-09 20:20 - 000113224 _____ () C:\Users\mohamed\g2ax_expert_downloadhelper_win32_x86.exe
2013-08-19 06:21 - 2012-11-01 04:31 - 137580544 _____ () C:\Users\mohamed\redsn0w.exe
2010-01-29 05:04 - 2010-01-29 05:04 - 000230400 _____ () C:\Program Files (x86)\libmp3lame.dll
2006-03-05 11:11 - 2006-03-05 11:11 - 000027868 _____ () C:\Program Files (x86)\streamingserver.xml
2012-08-06 04:03 - 2010-01-26 10:11 - 000444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2014-03-30 02:21 - 2014-03-30 02:21 - 000002528 _____ () C:\Users\mohamed\AppData\Roaming\$_hpcst$.hpc
2014-06-17 01:59 - 2014-06-17 02:02 - 000000008 _____ () C:\Users\mohamed\AppData\Roaming\drivers
2017-02-17 23:47 - 2017-02-17 23:47 - 000000101 _____ () C:\Users\mohamed\AppData\Roaming\net.telestream.wirecast.app_user_guid.xml
2013-05-29 15:25 - 2017-10-13 18:14 - 000219605 _____ () C:\Users\mohamed\AppData\Roaming\net.telestream.wirecast.xml
2013-05-29 21:45 - 2014-09-25 18:06 - 000014120 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_destination.png
2013-05-29 21:45 - 2014-09-25 18:06 - 000005028 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_main.png
2013-05-29 21:46 - 2014-09-25 18:06 - 000014543 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2013-05-29 21:46 - 2014-09-25 18:06 - 000014186 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2017-08-05 23:10 - 2017-08-05 23:10 - 000002943 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_AFL9807076205_brandingimage_destination.png
2013-05-29 21:46 - 2017-06-17 22:12 - 000004755 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2016-05-01 19:14 - 2017-06-17 22:12 - 000004935 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png
2013-05-29 21:46 - 2017-08-05 23:10 - 000006012 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_DACAST_AFFILIATE_ID_brandingimage_destination.png
2017-02-17 23:47 - 2017-06-17 22:12 - 000003931 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_DAILYMOTION_AFFILIATE_ID_brandingimage_destination.png
2017-05-25 19:58 - 2017-10-13 17:50 - 000007923 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_ESE_NETWORKS_AFFILIATE_ID_brandingimage_destination.png
2013-05-29 21:46 - 2014-09-25 18:06 - 000004149 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFIALITE_ID_brandingimage_destination.png
2016-05-06 20:02 - 2016-05-06 20:02 - 000003213 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFILIATE_ID_brandingimage_destination.png
2017-02-17 23:47 - 2017-06-17 22:16 - 000005919 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_LIGHTCAST_AFFILIATE_ID_brandingimage_destination.png
2014-02-12 08:43 - 2014-09-25 18:06 - 000004356 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2015-10-22 19:27 - 000004356 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFILIATE_ID_brandingimage_destination.png
2013-05-29 21:46 - 2014-09-25 18:06 - 000003439 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_destination.png
2013-05-29 21:46 - 2014-09-25 18:06 - 000003825 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_main.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000002779 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000003134 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_main.png
2014-02-12 08:43 - 2014-09-25 18:06 - 000005621 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2015-10-22 19:27 - 000005621 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFILIATE_ID_brandingimage_destination.png
2013-11-21 23:17 - 2013-11-21 23:17 - 000005621 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2017-02-17 23:47 - 2017-06-17 22:16 - 000016357 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_ONSTREAM_AFFILIATE_ID_brandingimage_destination.png
2017-06-17 21:37 - 2017-06-17 22:16 - 000002642 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_SERMON.NET_AFFILIATE_ID_brandingimage_destination.png
2014-03-30 00:26 - 2014-09-25 18:06 - 000001451 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_SHOWCASTER_AFFILIATE_ID_brandingimage_destination.png
2014-03-01 12:41 - 2014-09-25 18:06 - 000010088 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_destination.png
2014-03-01 12:41 - 2014-09-25 18:06 - 000004482 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_main.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000010088 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000004482 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_main.png
2013-05-29 21:46 - 2017-06-17 22:16 - 000007122 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2017-02-17 23:47 - 2017-06-17 22:16 - 000008261 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMSHARK_AFFILIATE_ID_brandingimage_destination.png
2014-02-12 08:43 - 2014-09-25 18:06 - 000010619 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000010619 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFILIATE_ID_brandingimage_destination.png
2013-11-21 23:17 - 2013-11-21 23:17 - 000010619 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2014-12-17 01:36 - 2017-06-17 22:16 - 000005241 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAM_SPOT_AFFILIATE_ID_brandingimage_destination.png
2014-01-11 18:53 - 2014-09-25 18:06 - 000016966 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000031884 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFILIATE_ID_brandingimage_destination.png
2013-06-09 15:09 - 2014-09-25 18:06 - 000008986 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000008986 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFILIATE_ID_brandingimage_destination.png
2016-06-05 07:03 - 2017-06-17 22:16 - 000003213 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_THE_CUBE_AFFILIATE_ID_brandingimage_destination.png
2017-02-17 23:48 - 2017-06-17 22:16 - 000022670 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_TILTEDGLOBE_AFFILIATE_ID_brandingimage_destination.png
2014-02-12 08:43 - 2014-09-25 18:06 - 000003302 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000003302 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFILIATE_ID_brandingimage_destination.png
2014-01-10 09:57 - 2014-01-10 09:57 - 000003302 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2017-02-17 23:48 - 2017-06-17 22:16 - 000008949 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_destination.png
2017-02-17 23:48 - 2017-06-17 22:16 - 000008949 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_main.png
2017-06-17 21:37 - 2017-06-17 22:16 - 000005813 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_WORSHIP_STREAM_ID_brandingimage_destination.png
2014-05-12 23:54 - 2017-06-17 22:16 - 000008683 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_ZIXI_AFFILIATE_ID_brandingimage_destination.png
2013-11-20 04:46 - 2016-01-12 01:21 - 000000335 _____ () C:\Users\mohamed\AppData\Roaming\pc-capture-log.txt
2013-07-19 10:39 - 2014-01-19 04:04 - 000000112 _____ () C:\Users\mohamed\AppData\Roaming\Préfs JP2K CS6
2013-06-19 12:28 - 2017-10-30 21:27 - 000000132 _____ () C:\Users\mohamed\AppData\Roaming\Préférences Adobe PNG Format CC
2014-12-05 02:12 - 2014-12-05 02:12 - 000000024 ___SH () C:\Users\mohamed\AppData\Roaming\System5908ConfigCollection.dat
2017-10-14 18:05 - 2017-10-14 18:07 - 000006144 ___SH () C:\Users\mohamed\AppData\Roaming\Thumbs.db
2013-07-27 09:43 - 2014-01-02 03:40 - 000000125 _____ () C:\Users\mohamed\AppData\Roaming\WB.CFG
2013-08-15 02:02 - 2013-08-15 02:02 - 000000005 _____ () C:\Users\mohamed\AppData\Roaming\WBPU-FF.DAT
2013-12-31 03:40 - 2014-01-02 03:40 - 000000005 _____ () C:\Users\mohamed\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-17 01:40 - 2014-01-02 03:40 - 000000005 _____ () C:\Users\mohamed\AppData\Roaming\WBPU-TTL.DAT
2012-02-27 10:27 - 2012-04-07 01:23 - 000017472 ____T (Un4seen Developments) C:\Users\mohamed\AppData\Roaming\Microsoft\1eaadjc.dll
2012-02-27 10:27 - 2012-04-07 01:23 - 000018724 ____T () C:\Users\mohamed\AppData\Roaming\Microsoft\bass.dll
2012-02-27 10:27 - 2012-04-07 01:23 - 001758720 ____T () C:\Users\mohamed\AppData\Roaming\Microsoft\engine_vx.dll
2012-03-10 02:02 - 2012-04-07 01:23 - 000016448 ____T (Un4seen Developments) C:\Users\mohamed\AppData\Roaming\Microsoft\kfgresk.dll
2012-02-28 04:45 - 2012-04-07 01:23 - 000012352 ____T (Un4seen Developments) C:\Users\mohamed\AppData\Roaming\Microsoft\peaadje.dll
2012-02-27 10:27 - 2012-04-07 01:23 - 000029784 ____T ((: JOBnik! :) [Arthur Aminov, ISRAEL]) C:\Users\mohamed\AppData\Roaming\Microsoft\qwadjb.dll
2012-02-27 10:27 - 2012-04-07 01:23 - 000017472 ____T (Un4seen Developments) C:\Users\mohamed\AppData\Roaming\Microsoft\rsaadjd.dll
2012-02-27 10:27 - 2012-04-07 01:23 - 000099896 ____T (Un4seen Developments) C:\Users\mohamed\AppData\Roaming\Microsoft\~DFK29021c0f.tmp
2015-02-17 17:57 - 2016-09-25 17:52 - 000001456 _____ () C:\Users\mohamed\AppData\Local\Adobe Enregistrer pour le Web 13.0 Prefs
2016-11-11 20:52 - 2016-11-11 21:44 - 000000600 _____ () C:\Users\mohamed\AppData\Local\PUTTY.RND
2015-04-07 21:56 - 2016-08-02 20:34 - 000007606 _____ () C:\Users\mohamed\AppData\Local\resmon.resmoncfg
2017-10-24 13:27 - 2017-10-24 13:27 - 000000000 _____ () C:\Users\mohamed\AppData\Local\{4DCE6791-BD20-48C1-A42B-F6235985B425}
Certains fichiers dans TEMP:
====================
2014-01-02 12:47 - 2014-01-02 12:48 - 024097311 _____ () C:\Users\medy\AppData\Local\Temp\vlc-2.1.2-win32.exe
2017-10-15 23:26 - 2017-07-17 12:21 - 000819768 _____ (BlueStack Systems, Inc.) C:\Users\mohamed\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2017-10-15 23:26 - 2017-07-17 12:20 - 000421400 _____ (CodeTitans) C:\Users\mohamed\AppData\Local\Temp\JSON.dll
2017-02-21 17:18 - 2016-03-17 12:48 - 000805376 _____ () C:\Users\mohamed\AppData\Local\Temp\uninstall_NeoResto.exe
2017-09-27 23:51 - 2017-09-27 23:52 - 030950664 _____ () C:\Users\mohamed\AppData\Local\Temp\vlc-2.2.6-win32.exe
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-09-13 18:33
==================== Fin de FRST.txt ============================
Exécuté par mohamed (administrateur) sur MOHAMED-PC (20-11-2017 15:48:42)
Exécuté depuis C:\Users\mohamed\Desktop
Profils chargés: mohamed (Profils disponibles: mohamed & medy)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
( ) C:\Windows\System32\lxcycoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\SQL.NEOSERVER\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [253344 2017-11-17] (AVAST Software)
HKLM\...\Run: [LXCYCATS] => rundll32 \3\LXCYtime.dll,RunDLLEntry******************************************************************************************************************************************************************** (l'élément de données a 59 caractères en plus).
HKLM\...\Run: [lxcymon.exe] => C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe [291496 2009-05-01] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1433766655-27953579-1754407475-1000\...\Run: [MsgCenterExe] => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe" -osboot
HKU\S-1-5-21-1433766655-27953579-1754407475-1000\...\MountPoints2: {0ca74c3c-4683-11e1-a68f-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-23] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\.DEFAULT\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1433766655-27953579-1754407475-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Hosts: Fichier hosts non détecté dans le dossier par défaut
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{0B2E35F2-7B5F-442E-8D8C-60B4D750396E}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{31EB6124-3292-4B97-B614-6695C8424ACE}: [NameServer] 192.168.137.1
Internet Explorer:
==================
HKU\S-1-5-21-1433766655-27953579-1754407475-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2017-11-17] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-11-17] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-30] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Pas de fichier
Toolbar: HKU\S-1-5-21-1433766655-27953579-1754407475-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
DPF: HKLM-x32 {3A226D85-574D-4272-B73C-DBCAECF709B3} hxxp://www.consoclicker.com/TNSClickrb.CAB
DPF: HKLM-x32 {70A5EBDC-3EA6-464A-9FF7-084BC150C417} hxxp://www.consoclicker.com/TNSClickra.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Pas de fichier
FireFox:
========
FF ProfilePath: C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default [2017-10-14]
FF Keyword.URL: Mozilla\Firefox\Profiles\81vkwl6m.default -> hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: Mozilla\Firefox\Profiles\81vkwl6m.default -> ftp", "proxy.prolixeserver.com"
FF Extension: (Firebug) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\firebug@software.joehewitt.com.xpi [2017-10-02] [Lagacy]
FF Extension: (Tampermonkey) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\firefox@tampermonkey.net.xpi [2017-10-02]
FF Extension: (Hide Favicons) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\hidefavicons@maarten.xpi [2016-05-05] [Lagacy]
FF Extension: (IPFlood) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\ipfuck@p4ul.info.xpi [2016-10-23] [Lagacy]
FF Extension: (X-Forwarded-For Header) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\jid1-vasLCl9ZsexfAQ@jetpack.xpi [2016-05-05] [Lagacy]
FF Extension: (leethax.net extension) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\leethax@leethax.net.xpi [2014-03-30] [Lagacy] [non signé]
FF Extension: (Avast SafePrice) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\sp@avast.com.xpi [2017-09-08]
FF Extension: (UnPlug) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\unplug@compunach.xpi [2016-02-17] [Lagacy]
FF Extension: (Avast Online Security) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\wrc@avast.com.xpi [2017-09-08]
FF Extension: (NoScript) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-10-02] [Lagacy]
FF Extension: (Video DownloadHelper) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-10-13] [Lagacy]
FF Extension: (Adblock Plus) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-02] [Lagacy]
FF Extension: (Greasemonkey) - C:\Users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\81vkwl6m.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-10-13] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [discountfinder@moneymillionaire.com] - C:\ProgramData\Promo-détective\FFExtension20141025162549
FF Extension: (Qassa+ extension) - C:\ProgramData\Promo-détective\FFExtension20141025162549 [2014-10-27] [Lagacy] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-02] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @MoneyMillionaire/npdf -> C:\ProgramData\Promo-détective\FFExtension20141025162549\plugins\npdf.dll [2012-11-15] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default [2017-11-20]
CHR Extension: (Chrome Media Router) - C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] -
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe [7549928 2017-11-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [281416 2017-11-17] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )
R2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [537520 2006-11-29] ( )
R2 MSSQL$NEOSERVER; c:\Program Files (x86)\Microsoft SQL Server\SQL.NEOSERVER\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 MySQL; C:\Clyo\mysql\bin\mysqld-nt.exe [4149248 2006-05-26] () [Fichier non signé]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [307488 2012-08-16] ()
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-17] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-17] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-17] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-17] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [105128 2017-10-13] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-17] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-17] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-09-29] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-17] (AVAST Software)
S2 DLPortIO; C:\Windows\SysWow64\Drivers\DLPortIO.sys [3584 1999-01-10] () [Fichier non signé]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET_AMD64.SYS [615440 2009-09-11] (TechniSat Digital, S.A.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2014-11-05] (The OpenVPN Project) [Fichier non signé]
R3 TSVAD_PCM; C:\Windows\System32\drivers\tsvadpcm.sys [33552 2012-08-22] (Windows (R) Win 7 DDK provider)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-03-26] (Oracle Corporation)
R3 wna3100m; C:\Windows\System32\DRIVERS\wna3100m.sys [1094760 2011-12-30] (NETGEAR Corporation )
S3 CV2K1; system32\DRIVERS\cv2k1.sys [X]
S3 Ipfw; system32\DRIVERS\ipfw.sys [X]
S3 IpfwMP; system32\DRIVERS\ipfw.sys [X]
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
S0 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 mvvideodemo; system32\DRIVERS\mvvideodemo.sys [X]
S3 Ndisrd; system32\DRIVERS\ndisrd.sys [X]
S2 WCMVCAM; system32\DRIVERS\wcmvcam64.sys [X]
S3 WPRO_41_2001; system32\drivers\WPRO_41_2001.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-20 15:48 - 2017-11-20 15:49 - 000017132 _____ C:\Users\mohamed\Desktop\FRST.txt
2017-11-20 15:48 - 2017-11-20 15:48 - 002391552 _____ (Farbar) C:\Users\mohamed\Desktop\FRST64.exe
2017-11-20 15:48 - 2017-11-20 15:48 - 000000000 ____D C:\FRST
2017-11-19 20:39 - 2017-11-19 20:39 - 000004130 _____ C:\Users\mohamed\Desktop\AdwCleaner[C0].txt
2017-11-19 20:38 - 2017-11-19 20:38 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-19 20:13 - 2017-11-19 20:23 - 000085255 _____ C:\Users\mohamed\Desktop\ZHPCleaner.txt
2017-11-19 19:33 - 2017-11-19 19:33 - 008261584 _____ (Malwarebytes) C:\Users\mohamed\Desktop\adwcleaner_7.0.4.0.exe
2017-11-19 19:29 - 2017-11-19 19:32 - 008261584 _____ C:\Users\mohamed\Downloads\adwcleaner_7.0.4.0.exe
2017-11-19 19:28 - 2017-11-19 19:28 - 002973056 _____ C:\Users\mohamed\Desktop\ZHPCleaner.exe
2017-11-19 19:28 - 2017-11-19 19:28 - 000000834 _____ C:\Users\mohamed\Desktop\ZHPCleaner.lnk
2017-11-19 17:34 - 2017-11-19 17:34 - 000202884 _____ C:\Users\mohamed\Downloads\ZHPDiag.txt
2017-11-19 17:33 - 2017-11-19 20:54 - 000196631 _____ C:\Users\mohamed\Desktop\ZHPDiag.txt
2017-11-19 17:22 - 2017-11-19 20:57 - 000000000 ____D C:\Users\mohamed\AppData\Roaming\ZHP
2017-11-19 17:22 - 2017-11-19 20:46 - 000000000 ____D C:\Users\mohamed\AppData\Local\ZHP
2017-11-19 17:22 - 2017-11-19 17:22 - 000000824 _____ C:\Users\mohamed\Desktop\ZHPDiag.lnk
2017-11-19 17:19 - 2017-11-19 17:21 - 002928512 _____ C:\Users\mohamed\Downloads\ZHPDiag3.exe
2017-11-17 15:18 - 2017-11-17 15:18 - 000275312 _____ C:\Windows\Minidump\111717-36519-01.dmp
2017-11-17 01:54 - 2017-11-17 01:53 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-17 01:54 - 2017-11-17 01:53 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-16 20:27 - 2017-11-16 20:29 - 017064297 _____ C:\Users\mohamed\Downloads\estimations_ss11_11.psd
2017-11-15 14:24 - 2017-11-15 14:24 - 000275312 _____ C:\Windows\Minidump\111517-30061-01.dmp
2017-11-09 20:02 - 2017-11-09 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-09 20:02 - 2017-11-09 20:02 - 000000000 ____D C:\Program Files\iPod
2017-11-09 20:01 - 2017-11-09 20:02 - 000000000 ____D C:\Program Files\iTunes
2017-11-09 19:27 - 2017-11-09 19:27 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-11-09 19:09 - 2017-11-09 19:22 - 261135176 _____ (Apple Inc.) C:\Users\mohamed\Downloads\iTunes64Setup (1).exe
2017-11-09 00:51 - 2017-11-09 00:51 - 000108347 _____ C:\Users\mohamed\Downloads\facture_freemobile_20170802 (1).pdf
2017-11-09 00:51 - 2017-11-09 00:51 - 000074638 _____ C:\Users\mohamed\Downloads\facture_freemobile_20171002.pdf
2017-11-09 00:46 - 2017-11-09 00:46 - 000108347 _____ C:\Users\mohamed\Downloads\facture_freemobile_20170802.pdf
2017-11-04 14:50 - 2017-11-04 14:50 - 000275312 _____ C:\Windows\Minidump\110417-30232-01.dmp
2017-11-02 19:43 - 2017-11-02 19:43 - 000166411 _____ C:\Users\mohamed\Downloads\8R30784393500.pdf
2017-11-02 15:35 - 2017-11-02 15:35 - 000275312 _____ C:\Windows\Minidump\110217-28969-01.dmp
2017-11-01 21:22 - 2017-11-01 22:31 - 019677450 _____ C:\Users\mohamed\Downloads\estimations2017-s9-Récupéré.psd
2017-11-01 20:40 - 2017-11-01 20:40 - 000001068 _____ C:\Users\mohamed\Desktop\Adobe Photoshop CC (64 Bit).lnk
2017-11-01 18:16 - 2017-11-01 18:16 - 000002832 _____ C:\Users\mohamed\Downloads\freebox.luac
2017-11-01 18:12 - 2017-11-01 18:12 - 000001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-11-01 18:12 - 2017-11-01 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-10-31 14:45 - 2017-11-01 20:46 - 019673193 _____ C:\Users\mohamed\Downloads\estimations2017-s9.psd
2017-10-29 22:27 - 2017-10-29 22:28 - 000029622 _____ C:\Users\mohamed\Downloads\0054612388-multi.pdf
2017-10-29 17:18 - 2017-10-29 17:18 - 000099561 _____ C:\Users\mohamed\Downloads\impot christ.pdf
2017-10-29 17:17 - 2017-10-29 17:17 - 000099561 _____ C:\Users\mohamed\Downloads\IR-Avis-1ASDIR-2016-17591678304988.pdf
2017-10-29 00:58 - 2017-10-29 00:58 - 000395359 _____ C:\Users\mohamed\Downloads\PAR_ENV001_EBCBRA2V.PDF
2017-10-28 22:05 - 2017-10-28 22:05 - 000099804 _____ C:\Users\mohamed\Downloads\impot armelle.pdf
2017-10-28 21:59 - 2017-10-28 21:59 - 000099522 _____ C:\Users\mohamed\Downloads\IMPOT MEDY.pdf
2017-10-28 20:48 - 2017-10-28 20:48 - 000196809 _____ C:\Users\mohamed\Downloads\Unidialog_4999862 (1).pdf
2017-10-27 12:27 - 2017-10-27 12:27 - 000166422 _____ C:\Users\mohamed\Downloads\8R30785714779.pdf
2017-10-25 14:02 - 2017-10-25 14:06 - 017707734 _____ C:\Users\mohamed\Downloads\estimations2017-s8.psd
2017-10-24 17:45 - 2017-10-24 17:45 - 026177452 _____ C:\Users\mohamed\Downloads\candidats decoupés2.psd
2017-10-24 13:27 - 2017-10-24 13:27 - 000000000 _____ C:\Users\mohamed\AppData\Local\{4DCE6791-BD20-48C1-A42B-F6235985B425}
2017-10-22 22:29 - 2017-10-22 22:29 - 000046638 _____ C:\Users\mohamed\Downloads\publisher-invoice-201709.pdf
2017-10-22 16:23 - 2017-10-22 16:23 - 000087460 _____ C:\Users\mohamed\Downloads\ticket (6).pdf
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-20 15:44 - 2014-12-04 20:12 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-11-20 15:40 - 2017-04-04 09:16 - 000004174 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-20 15:39 - 2017-04-05 09:30 - 000000913 _____ C:\Windows\Tasks\EPSON WF-2760 Series Update {E8D0290A-3980-4FFB-91BF-9BD01C943F47}.job
2017-11-20 15:39 - 2009-07-14 05:45 - 000024944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-20 15:39 - 2009-07-14 05:45 - 000024944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-19 20:35 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-19 20:33 - 2014-11-15 02:34 - 000000000 ____D C:\AdwCleaner
2017-11-19 19:25 - 2017-09-28 14:04 - 000000000 ____D C:\Users\mohamed\AppData\Roaming\vlc
2017-11-19 17:03 - 2016-01-29 02:32 - 000017920 ___SH C:\Users\mohamed\Thumbs.db
2017-11-19 16:23 - 2013-11-20 02:39 - 000890880 ___SH C:\Users\mohamed\Documents\Thumbs.db
2017-11-17 16:20 - 2014-02-22 02:29 - 000000000 ____D C:\Users\mohamed\Downloads\inter
2017-11-17 15:18 - 2017-07-18 18:50 - 939986292 _____ C:\Windows\MEMORY.DMP
2017-11-17 15:18 - 2013-02-02 15:23 - 000000000 ____D C:\Windows\Minidump
2017-11-17 01:55 - 2012-01-24 13:19 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-17 01:53 - 2014-09-29 00:36 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-17 01:53 - 2014-09-29 00:36 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-17 01:53 - 2014-09-29 00:30 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-17 01:53 - 2014-09-29 00:30 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-17 01:53 - 2012-04-28 17:29 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-17 01:53 - 2012-01-24 13:19 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151088011998404
2017-11-17 01:53 - 2012-01-24 13:19 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-17 01:52 - 2017-04-04 09:15 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-11-17 01:52 - 2017-04-04 09:15 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-11-17 01:52 - 2017-04-04 09:15 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-11-17 01:52 - 2017-04-04 09:15 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-11-17 01:52 - 2012-01-24 13:32 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-09 20:04 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-09 19:27 - 2012-07-29 23:56 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-11-09 18:31 - 2015-07-13 00:56 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-11-01 18:28 - 2009-07-14 16:24 - 006151084 _____ C:\Windows\system32\perfh00C.dat
2017-11-01 18:28 - 2009-07-14 16:24 - 001923524 _____ C:\Windows\system32\perfc00C.dat
2017-11-01 18:28 - 2009-07-14 06:13 - 000006484 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-01 18:12 - 2012-01-29 00:05 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2017-10-30 21:27 - 2013-06-19 12:28 - 000000132 _____ C:\Users\mohamed\AppData\Roaming\Préférences Adobe PNG Format CC
2017-10-30 16:11 - 2017-10-16 11:55 - 001946676 _____ C:\Users\mohamed\Downloads\candidat stop.psd
2017-10-30 16:01 - 2017-10-16 11:02 - 013343217 _____ C:\Users\mohamed\Downloads\cotedepopularite_ss11_v2.psd
2017-10-29 17:11 - 2012-01-30 17:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-28 20:42 - 2012-01-28 23:44 - 000000000 ____D C:\Users\mohamed\Desktop\Op sky
2017-10-23 12:30 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
==================== Fichiers à la racine de certains dossiers =======
2013-07-31 23:26 - 2013-06-22 23:37 - 001376768 _____ (cURL, http://curl.haxx.se/) C:\Users\mohamed\curl.exe
2013-12-09 20:22 - 2013-12-09 20:22 - 000113224 _____ () C:\Users\mohamed\g2ax_customer_downloadhelper_win32_x86.exe
2013-12-09 20:20 - 2013-12-09 20:20 - 000113224 _____ () C:\Users\mohamed\g2ax_expert_downloadhelper_win32_x86.exe
2013-08-19 06:21 - 2012-11-01 04:31 - 137580544 _____ () C:\Users\mohamed\redsn0w.exe
2010-01-29 05:04 - 2010-01-29 05:04 - 000230400 _____ () C:\Program Files (x86)\libmp3lame.dll
2006-03-05 11:11 - 2006-03-05 11:11 - 000027868 _____ () C:\Program Files (x86)\streamingserver.xml
2012-08-06 04:03 - 2010-01-26 10:11 - 000444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2014-03-30 02:21 - 2014-03-30 02:21 - 000002528 _____ () C:\Users\mohamed\AppData\Roaming\$_hpcst$.hpc
2014-06-17 01:59 - 2014-06-17 02:02 - 000000008 _____ () C:\Users\mohamed\AppData\Roaming\drivers
2017-02-17 23:47 - 2017-02-17 23:47 - 000000101 _____ () C:\Users\mohamed\AppData\Roaming\net.telestream.wirecast.app_user_guid.xml
2013-05-29 15:25 - 2017-10-13 18:14 - 000219605 _____ () C:\Users\mohamed\AppData\Roaming\net.telestream.wirecast.xml
2013-05-29 21:45 - 2014-09-25 18:06 - 000014120 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_destination.png
2013-05-29 21:45 - 2014-09-25 18:06 - 000005028 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_main.png
2013-05-29 21:46 - 2014-09-25 18:06 - 000014543 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2013-05-29 21:46 - 2014-09-25 18:06 - 000014186 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2017-08-05 23:10 - 2017-08-05 23:10 - 000002943 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_AFL9807076205_brandingimage_destination.png
2013-05-29 21:46 - 2017-06-17 22:12 - 000004755 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2016-05-01 19:14 - 2017-06-17 22:12 - 000004935 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png
2013-05-29 21:46 - 2017-08-05 23:10 - 000006012 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_DACAST_AFFILIATE_ID_brandingimage_destination.png
2017-02-17 23:47 - 2017-06-17 22:12 - 000003931 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_DAILYMOTION_AFFILIATE_ID_brandingimage_destination.png
2017-05-25 19:58 - 2017-10-13 17:50 - 000007923 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_ESE_NETWORKS_AFFILIATE_ID_brandingimage_destination.png
2013-05-29 21:46 - 2014-09-25 18:06 - 000004149 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFIALITE_ID_brandingimage_destination.png
2016-05-06 20:02 - 2016-05-06 20:02 - 000003213 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFILIATE_ID_brandingimage_destination.png
2017-02-17 23:47 - 2017-06-17 22:16 - 000005919 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_LIGHTCAST_AFFILIATE_ID_brandingimage_destination.png
2014-02-12 08:43 - 2014-09-25 18:06 - 000004356 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2015-10-22 19:27 - 000004356 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFILIATE_ID_brandingimage_destination.png
2013-05-29 21:46 - 2014-09-25 18:06 - 000003439 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_destination.png
2013-05-29 21:46 - 2014-09-25 18:06 - 000003825 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_main.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000002779 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000003134 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_main.png
2014-02-12 08:43 - 2014-09-25 18:06 - 000005621 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2015-10-22 19:27 - 000005621 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFILIATE_ID_brandingimage_destination.png
2013-11-21 23:17 - 2013-11-21 23:17 - 000005621 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2017-02-17 23:47 - 2017-06-17 22:16 - 000016357 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_ONSTREAM_AFFILIATE_ID_brandingimage_destination.png
2017-06-17 21:37 - 2017-06-17 22:16 - 000002642 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_SERMON.NET_AFFILIATE_ID_brandingimage_destination.png
2014-03-30 00:26 - 2014-09-25 18:06 - 000001451 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_SHOWCASTER_AFFILIATE_ID_brandingimage_destination.png
2014-03-01 12:41 - 2014-09-25 18:06 - 000010088 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_destination.png
2014-03-01 12:41 - 2014-09-25 18:06 - 000004482 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_main.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000010088 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000004482 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_main.png
2013-05-29 21:46 - 2017-06-17 22:16 - 000007122 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2017-02-17 23:47 - 2017-06-17 22:16 - 000008261 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMSHARK_AFFILIATE_ID_brandingimage_destination.png
2014-02-12 08:43 - 2014-09-25 18:06 - 000010619 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000010619 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFILIATE_ID_brandingimage_destination.png
2013-11-21 23:17 - 2013-11-21 23:17 - 000010619 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2014-12-17 01:36 - 2017-06-17 22:16 - 000005241 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAM_SPOT_AFFILIATE_ID_brandingimage_destination.png
2014-01-11 18:53 - 2014-09-25 18:06 - 000016966 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000031884 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFILIATE_ID_brandingimage_destination.png
2013-06-09 15:09 - 2014-09-25 18:06 - 000008986 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000008986 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFILIATE_ID_brandingimage_destination.png
2016-06-05 07:03 - 2017-06-17 22:16 - 000003213 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_THE_CUBE_AFFILIATE_ID_brandingimage_destination.png
2017-02-17 23:48 - 2017-06-17 22:16 - 000022670 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_TILTEDGLOBE_AFFILIATE_ID_brandingimage_destination.png
2014-02-12 08:43 - 2014-09-25 18:06 - 000003302 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFIALITE_ID_brandingimage_destination.png
2015-10-22 19:27 - 2017-06-17 22:16 - 000003302 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFILIATE_ID_brandingimage_destination.png
2014-01-10 09:57 - 2014-01-10 09:57 - 000003302 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2017-02-17 23:48 - 2017-06-17 22:16 - 000008949 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_destination.png
2017-02-17 23:48 - 2017-06-17 22:16 - 000008949 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_main.png
2017-06-17 21:37 - 2017-06-17 22:16 - 000005813 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_WORSHIP_STREAM_ID_brandingimage_destination.png
2014-05-12 23:54 - 2017-06-17 22:16 - 000008683 _____ () C:\Users\mohamed\AppData\Roaming\net_telestream_wirecast_partner_NO_ZIXI_AFFILIATE_ID_brandingimage_destination.png
2013-11-20 04:46 - 2016-01-12 01:21 - 000000335 _____ () C:\Users\mohamed\AppData\Roaming\pc-capture-log.txt
2013-07-19 10:39 - 2014-01-19 04:04 - 000000112 _____ () C:\Users\mohamed\AppData\Roaming\Préfs JP2K CS6
2013-06-19 12:28 - 2017-10-30 21:27 - 000000132 _____ () C:\Users\mohamed\AppData\Roaming\Préférences Adobe PNG Format CC
2014-12-05 02:12 - 2014-12-05 02:12 - 000000024 ___SH () C:\Users\mohamed\AppData\Roaming\System5908ConfigCollection.dat
2017-10-14 18:05 - 2017-10-14 18:07 - 000006144 ___SH () C:\Users\mohamed\AppData\Roaming\Thumbs.db
2013-07-27 09:43 - 2014-01-02 03:40 - 000000125 _____ () C:\Users\mohamed\AppData\Roaming\WB.CFG
2013-08-15 02:02 - 2013-08-15 02:02 - 000000005 _____ () C:\Users\mohamed\AppData\Roaming\WBPU-FF.DAT
2013-12-31 03:40 - 2014-01-02 03:40 - 000000005 _____ () C:\Users\mohamed\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-17 01:40 - 2014-01-02 03:40 - 000000005 _____ () C:\Users\mohamed\AppData\Roaming\WBPU-TTL.DAT
2012-02-27 10:27 - 2012-04-07 01:23 - 000017472 ____T (Un4seen Developments) C:\Users\mohamed\AppData\Roaming\Microsoft\1eaadjc.dll
2012-02-27 10:27 - 2012-04-07 01:23 - 000018724 ____T () C:\Users\mohamed\AppData\Roaming\Microsoft\bass.dll
2012-02-27 10:27 - 2012-04-07 01:23 - 001758720 ____T () C:\Users\mohamed\AppData\Roaming\Microsoft\engine_vx.dll
2012-03-10 02:02 - 2012-04-07 01:23 - 000016448 ____T (Un4seen Developments) C:\Users\mohamed\AppData\Roaming\Microsoft\kfgresk.dll
2012-02-28 04:45 - 2012-04-07 01:23 - 000012352 ____T (Un4seen Developments) C:\Users\mohamed\AppData\Roaming\Microsoft\peaadje.dll
2012-02-27 10:27 - 2012-04-07 01:23 - 000029784 ____T ((: JOBnik! :) [Arthur Aminov, ISRAEL]) C:\Users\mohamed\AppData\Roaming\Microsoft\qwadjb.dll
2012-02-27 10:27 - 2012-04-07 01:23 - 000017472 ____T (Un4seen Developments) C:\Users\mohamed\AppData\Roaming\Microsoft\rsaadjd.dll
2012-02-27 10:27 - 2012-04-07 01:23 - 000099896 ____T (Un4seen Developments) C:\Users\mohamed\AppData\Roaming\Microsoft\~DFK29021c0f.tmp
2015-02-17 17:57 - 2016-09-25 17:52 - 000001456 _____ () C:\Users\mohamed\AppData\Local\Adobe Enregistrer pour le Web 13.0 Prefs
2016-11-11 20:52 - 2016-11-11 21:44 - 000000600 _____ () C:\Users\mohamed\AppData\Local\PUTTY.RND
2015-04-07 21:56 - 2016-08-02 20:34 - 000007606 _____ () C:\Users\mohamed\AppData\Local\resmon.resmoncfg
2017-10-24 13:27 - 2017-10-24 13:27 - 000000000 _____ () C:\Users\mohamed\AppData\Local\{4DCE6791-BD20-48C1-A42B-F6235985B425}
Certains fichiers dans TEMP:
====================
2014-01-02 12:47 - 2014-01-02 12:48 - 024097311 _____ () C:\Users\medy\AppData\Local\Temp\vlc-2.1.2-win32.exe
2017-10-15 23:26 - 2017-07-17 12:21 - 000819768 _____ (BlueStack Systems, Inc.) C:\Users\mohamed\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2017-10-15 23:26 - 2017-07-17 12:20 - 000421400 _____ (CodeTitans) C:\Users\mohamed\AppData\Local\Temp\JSON.dll
2017-02-21 17:18 - 2016-03-17 12:48 - 000805376 _____ () C:\Users\mohamed\AppData\Local\Temp\uninstall_NeoResto.exe
2017-09-27 23:51 - 2017-09-27 23:52 - 030950664 _____ () C:\Users\mohamed\AppData\Local\Temp\vlc-2.2.6-win32.exe
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-09-13 18:33
==================== Fin de FRST.txt ============================