Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Exécuté par Hichem (administrateur) sur HICHEM-PC (31-03-2016 19:40:51) Exécuté depuis C:\Users\Hichem\Downloads\Programs Profils chargés: Hichem (Profils disponibles: Hichem & Invité) Platform: Windows 7 Ultimate Service Pack 1 (X64) Langue: Français (France) Internet Explorer Version 9 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe () C:\ProgramData\Airtostrong\Airtostrong.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe () C:\xampp\xampp-control.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Users\Hichem\AppData\Local\Scotcane.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Flexera Software LLC) C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe (Flexera Software LLC) C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe (Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ESRI) C:\Program Files (x86)\ArcGIS\License10.2\bin\ARCGIS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe () C:\xampp\mysql\bin\mysqld.exe (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe (Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2015-01-04] (Qualcomm®Atheros®) HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3933392 2016-02-11] (Tonec Inc.) HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\...\Run: [IDM trial reset] => C:\Program Files (x86)\Internet Download Manager\IDMan Trial Reset by Chamsoo.exe [1178624 2015-07-22] () HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\...\MountPoints2: {13c5264d-7109-11e5-992a-806e6f6e6963} - E:\wubi.exe HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\...\MountPoints2: {c962ea40-d338-11e5-913f-9cad9759a28e} - F:\autorun.exe HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) AppInit_DLLs: C:\ProgramData\Airtostrong\Toughphase.dll => C:\ProgramData\Airtostrong\Toughphase.dll [363520 2016-03-16] () AppInit_DLLs-x32: C:\ProgramData\Airtostrong\TipNix.dll => C:\ProgramData\Airtostrong\TipNix.dll [257536 2016-03-16] () ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) Startup: C:\Users\Hichem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xampp-control - Raccourci.lnk [2016-02-22] ShortcutTarget: xampp-control - Raccourci.lnk -> C:\xampp\xampp-control.exe () ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{DFB7ADA1-1799-4BE5-AA79-8B992A619D40}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU8wLEY3iXPVNXRaoopM9TuuAp3uTgXKzpQvn4BF_dVZutR1biVnFFgjqOOHibDAdsOsGk9TfhFFcsTPavx75skIILAOxxlhQiMzzVWQvZZvanJWTOblE8SVe7FS0e-r1UAKOReGm1xcdWrDUUBJ_UXkLcHiv_NE,&q={searchTerms} HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU8wLEY3iXPVNXRaoopM9TuuAp3uTgXKzpQvn4BF_dVZutR1biVnFFgjqOOHibDAdsOfXqc9pw4-TwIubu70hSvztCcpugdUL8qYeC7RQ_3GX0mBNdcR51u_FMTrdoMXB_egfMKdnegMLRwDhnwh3M-7uyYCKIZ0, HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU8wLEY3iXPVNXRaoopM9TuuAp3uTgXKzpQvn4BF_dVZutR1biVnFFgjqOOHibDAdsOsGk9TfhFFcsTPavx75skIILAOxxlhQiMzzVWQvZZvanJWTOblE8SVe7FS0e-r1UAKOReGm1xcdWrDUUBJ_UXkLcHiv_NE,&q={searchTerms} HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU8wLEY3iXPVNXRaoopM9TuuAp3uTgXKzpQvn4BF_dVZutR1biVnFFgjqOOHibDAdsOsGk9TfhFFcsTPavx75skIILAOxxlhQiMzzVWQvZZvanJWTOblE8SVe7FS0e-r1UAKOReGm1xcdWrDUUBJ_UXkLcHiv_NE,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU8wLEY3iXPVNXRaoopM9TuuAp3uTgXKzpQvn4BF_dVZutR1biVnFFgjqOOHibDAdsOsGk9TfhFFcsTPavx75skIILAOxxlhQiMzzVWQvZZvanJWTOblE8SVe7FS0e-r1UAKOReGm1xcdWrDUUBJ_UXkLcHiv_NE,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2806210034-2992568506-4107741175-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU8wLEY3iXPVNXRaoopM9TuuAp3uTgXKzpQvn4BF_dVZutR1biVnFFgjqOOHibDAdsOsGk9TfhFFcsTPavx75skIILAOxxlhQiMzzVWQvZZvanJWTOblE8SVe7FS0e-r1UAKOReGm1xcdWrDUUBJ_UXkLcHiv_NE,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2806210034-2992568506-4107741175-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU8wLEY3iXPVNXRaoopM9TuuAp3uTgXKzpQvn4BF_dVZutR1biVnFFgjqOOHibDAdsOsGk9TfhFFcsTPavx75skIILAOxxlhQiMzzVWQvZZvanJWTOblE8SVe7FS0e-r1UAKOReGm1xcdWrDUUBJ_UXkLcHiv_NE,&q={searchTerms} BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2009-04-21] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Hichem\AppData\Roaming\Mozilla\Firefox\Profiles\vmk4b1w2.default FF NewTab: C:\ProgramData\Airtostrongs\ff.NT FF DefaultSearchEngine: findit FF Homepage: C:\ProgramData\Airtostrongs\ff.HP FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll [2015-10-10] () FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Pas de fichier] FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Pas de fichier] FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-04-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF SearchPlugin: C:\Users\Hichem\AppData\Roaming\Mozilla\Firefox\Profiles\vmk4b1w2.default\searchplugins\findit.xml [2016-03-31] FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27] FF Extension: Proxy Switcher - C:\Users\Hichem\AppData\Roaming\Mozilla\Firefox\Profiles\vmk4b1w2.default\Extensions\jid0-hjBdm7jJii7llLkqacvGnd3gHge@jetpack.xpi [2016-03-23] FF HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hichem\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Hichem\AppData\Roaming\IDM\idmmzcc5 [2016-03-31] [non signé] FF HKU\S-1-5-21-2806210034-2992568506-4107741175-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi Chrome: ======= CHR HomePage: Profile 1 -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU8wLEY3iXPVNXRaoopM9TuuAp3uTgXKzpQvn4BF_dVZutR1biVnFFgjqOOHibDAdsOsdYvlK6g-RfhPiRCNAoh7uSSZWPDT9b_zFzAvOipb7Lq4913n3bU6kqDo67p-v0ompVhBxbN85RaIkdLUu6vVRhAir80g, CHR StartupUrls: Profile 1 -> "hxxp://istart.webssearches.com/?type=hp&ts=1413757697&from=pjr&uid=TOSHIBAXMK5061GSY_51IBT8SKTXX51IBT8SKT","hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=12_pr__alt__ddc_dsssyc_bd_com","hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr__alt__ddc_dsssyc_bd_com","hxxp://q.search-simple.com/?affID=pr_02e41b5f-867c-4901-b54d-38b417884956" CHR DefaultSearchURL: Profile 1 -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU8wLEY3iXPVNXRaoopM9TuuAp3uTgXKzpQvn4BF_dVZutR1biVnFFgjqOOHibDAdsOsRVNz2hp2WmsU9SC3zLPva-83bTfm6hHCQIlxupnagUCGZxI7lNGIgnQsIRA4wymekhur6vF1pwrXB2dLOEWmNNUaFjpM,&q={searchTerms} CHR DefaultSearchKeyword: Profile 1 -> feed.sonic-search.com CHR DefaultSuggestURL: Profile 1 -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms} CHR Profile: C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-11] CHR Extension: (h264ify) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2016-03-08] CHR Extension: (Traducteur pour toutes les langues) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk [2015-10-11] CHR Extension: (Google Drive) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27] CHR Extension: (YouTube) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11] CHR Extension: (Adblock Plus) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-10] CHR Extension: (IDM Integration Module Extension) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnlojoclkbpmfhakhaagjpjfifbaoadf [2015-10-31] CHR Extension: (Recherche Google) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-10-11] CHR Extension: (Maze de lumière) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdbolegdomdkabhnmgapboiaophhiec [2016-01-03] CHR Extension: (Google Sheets) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-11] CHR Extension: (Google Docs hors connexion) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (AdBlock) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-10] CHR Extension: (Instant Translate: Translator and Dictionary) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2016-03-08] CHR Extension: (Emoji Input by EmojiStuff.com) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2015-11-28] CHR Extension: (AdRemover for Google Chrome™) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2016-03-08] CHR Extension: (MailTrack for Gmail) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2016-03-10] CHR Extension: (IDM Integration Module) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-03-12] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-11] CHR Extension: (Gmail) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-11] CHR Profile: C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-11] CHR Extension: (h264ify) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aleakchihdccplidncghkekgioiakgal [2016-03-11] CHR Extension: (Traducteur pour toutes les langues) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk [2016-03-11] CHR Extension: (Google Docs) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-11] CHR Extension: (Google Drive) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11] CHR Extension: (YouTube) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11] CHR Extension: (Adblock Plus) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-11] CHR Extension: (Recherche Google) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-11] CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2016-03-11] CHR Extension: (Talk and Comment - Notes vocales) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\djnhkfljnimcpelfndpcjcgngmefaobl [2016-03-30] CHR Extension: (Maze de lumière) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcdbolegdomdkabhnmgapboiaophhiec [2016-03-14] CHR Extension: (Google Sheets) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-11] CHR Extension: (AdBlock) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-20] CHR Extension: (Instant Translate: Translator and Dictionary) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2016-03-31] CHR Extension: (Emoji Input by EmojiStuff.com) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2016-03-22] CHR Extension: (goMovix) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jiogeidobnphbnjmnlcjpopgfghcnebf [2016-03-11] CHR Extension: (AdRemover for Google Chrome™) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2016-03-24] CHR Extension: (IDM Integration Module) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-03-11] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-11] CHR Extension: (Subtitles For YouTube) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oanhbddbfkjaphdibnebkklpplclomal [2016-03-24] CHR Extension: (Gmail) - C:\Users\Hichem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-11] CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [Fichier non signé] R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [529408 2016-03-16] () [Fichier non signé] R2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe [1452408 2013-11-13] (Flexera Software LLC) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323200 2015-01-04] (Windows (R) Win 7 DDK provider) [Fichier non signé] R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [414720 2015-03-14] (BlueStack Systems, Inc.) [Fichier non signé] R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-10] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-03-10] (BlueStack Systems, Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-10-08] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Fichier non signé] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation) R2 prmauct; C:\Users\Hichem\AppData\Local\Scotcane.exe [28160 2016-03-11] () [Fichier non signé] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145624 2015-03-10] (BlueStack Systems) R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2015-01-04] (Qualcomm Atheros) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-06-23] (Intel Corporation) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation) U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-27] (Realsil Semiconductor Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-03-31 19:39 - 2016-03-31 19:40 - 00000000 ____D C:\FRST 2016-03-31 18:55 - 2016-03-31 19:25 - 19781274 _____ C:\Users\Hichem\Downloads\BeautifulQueenslandTracieLouise.themepack 2016-03-31 18:55 - 2016-03-31 19:15 - 07884764 _____ C:\Users\Hichem\Downloads\AuroraBorealis.themepack 2016-03-31 18:53 - 2016-03-31 19:13 - 10652531 _____ C:\Users\Hichem\Downloads\MomentsCaptured_RishAgarwal.themepack 2016-03-31 18:52 - 2016-03-31 19:11 - 06342103 _____ C:\Users\Hichem\Downloads\FireMarcSchroeder.themepack 2016-03-31 18:35 - 2016-03-31 18:51 - 09287153 _____ C:\Users\Hichem\Downloads\Roses.themepack 2016-03-31 18:35 - 2016-03-31 18:50 - 14505226 _____ C:\Users\Hichem\Downloads\RelicsOfTheSea.themepack 2016-03-31 18:34 - 2016-03-31 19:03 - 08050514 _____ C:\Users\Hichem\Downloads\TheMilkyWay.themepack 2016-03-31 18:30 - 2016-03-31 19:18 - 25780408 _____ C:\Users\Hichem\Downloads\CommunityShowcaseAqua3.themepack 2016-03-31 13:13 - 2016-03-31 13:13 - 00000000 ___RD C:\Users\Hichem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-03-30 21:07 - 2016-03-30 21:09 - 00000000 ____D C:\Users\Hichem\Downloads\Terminator.Genisys.2015.BRRip.XViD-ETRG 2016-03-30 21:03 - 2016-03-30 21:03 - 00057595 _____ C:\Users\Hichem\Downloads\11582_Terminator.Genisys.2015.BRRip.XViDETRG.torrent 2016-03-30 21:03 - 2016-03-30 21:03 - 00057595 _____ C:\Users\Hichem\Downloads\11582_Terminator.Genisys.2015.BRRip.XViDETRG (1).torrent 2016-03-30 19:24 - 2016-03-30 19:26 - 03532922 _____ C:\Users\Hichem\Downloads\jetpack.3.9.4.zip 2016-03-30 19:22 - 2016-03-30 19:22 - 00053014 _____ C:\Users\Hichem\Downloads\theme-check.20151211.1.zip 2016-03-30 18:25 - 2016-03-30 18:25 - 00012876 _____ C:\Users\Hichem\Downloads\Liste infos WordPress.xlsx 2016-03-29 14:41 - 2016-03-29 14:42 - 00987728 _____ (Google Inc.) C:\Users\Hichem\Downloads\ChromeSetup.exe 2016-03-29 02:39 - 2016-03-29 02:40 - 01005568 _____ (Microsoft Corporation) C:\Users\Hichem\Downloads\dotNetFx45_Full_setup.exe 2016-03-29 02:37 - 2016-03-29 02:37 - 00728455 _____ C:\Users\Hichem\Downloads\kmdf-1.11-Win-6.1-x86.msu 2016-03-29 00:29 - 2016-03-29 00:29 - 00003276 _____ C:\Windows\System32\Tasks\psv_Lamhome 2016-03-28 16:53 - 2016-03-28 16:53 - 00003286 _____ C:\Windows\System32\Tasks\psv_Opeaptough 2016-03-28 16:53 - 2016-03-28 16:53 - 00003278 _____ C:\Windows\System32\Tasks\psv_Freshtip 2016-03-28 16:52 - 2016-03-28 16:52 - 00003280 _____ C:\Windows\System32\Tasks\psv_Voltjob 2016-03-27 19:04 - 2016-03-27 19:20 - 00000000 ____D C:\Users\Hichem\Downloads\La Formation - Concevez votre site web avec PHP et MySQL 2016-03-27 19:03 - 2016-03-27 19:03 - 00028174 _____ C:\Users\Hichem\Downloads\La Formation - Concevez votre site web avec PHP et MySQL.torrent 2016-03-26 23:08 - 2013-12-10 00:27 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll 2016-03-26 23:07 - 2016-03-26 23:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2016-03-26 23:06 - 2013-12-10 00:27 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll 2016-03-26 23:06 - 2013-12-10 00:27 - 00100312 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys 2016-03-26 21:45 - 2016-03-26 23:05 - 58728303 _____ C:\Users\Hichem\Downloads\MEI_Win7_8_8.1_9.5.24.1790_1.5M.zip 2016-03-26 18:01 - 2016-03-26 18:01 - 00003272 _____ C:\Windows\System32\Tasks\psv_Black-Lax 2016-03-26 12:29 - 2016-03-26 12:29 - 00003282 _____ C:\Windows\System32\Tasks\psv_Donity 2016-03-25 21:34 - 2016-03-25 21:34 - 00003284 _____ C:\Windows\System32\Tasks\psv_U-cof 2016-03-25 18:23 - 2016-03-25 18:23 - 00038680 _____ C:\Users\Hichem\Downloads\تسيير الموارد البشرية.rar 2016-03-25 17:15 - 2016-03-31 18:20 - 01212416 _____ C:\Users\Hichem\Desktop\تسيير الموارد البشرية.accdb 2016-03-25 02:16 - 2016-03-25 02:19 - 1051688960 _____ C:\Users\Hichem\Documents\UBUNTO 14.0.iso 2016-03-25 00:00 - 2016-03-25 01:38 - 00000000 ____D C:\Users\Hichem\VirtualBox VMs 2016-03-24 23:47 - 2016-03-26 00:55 - 00000000 ____D C:\Users\Hichem\.VirtualBox 2016-03-24 23:46 - 2016-03-24 23:46 - 00001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2016-03-24 23:46 - 2016-03-24 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2016-03-24 23:46 - 2016-03-24 23:46 - 00000000 ____D C:\Program Files\Oracle 2016-03-24 23:46 - 2012-12-19 14:48 - 00237992 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2016-03-24 23:46 - 2012-12-19 14:47 - 00120232 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2016-03-24 23:10 - 2016-03-24 23:11 - 00601940 _____ C:\Users\Hichem\Downloads\ns-3-tutorial.pdf 2016-03-24 22:21 - 2016-03-24 22:21 - 00003244 _____ C:\Windows\System32\Tasks\yeedownlxa 2016-03-24 18:41 - 2016-03-24 18:41 - 00098142 _____ C:\Users\Hichem\Downloads\M+22+Administration+de+reseau+sous+windows+server+2008.htm 2016-03-23 21:50 - 2016-03-23 21:58 - 13882908 _____ C:\Users\Hichem\Downloads\2016-03-23 data export.zip 2016-03-23 21:49 - 2016-03-23 21:49 - 00110788 _____ C:\Users\Hichem\Downloads\course_files_export.zip 2016-03-23 21:49 - 2016-03-23 21:49 - 00007522 _____ C:\Users\Hichem\Downloads\sso.htm 2016-03-23 21:35 - 2016-03-23 21:35 - 00104452 _____ C:\Users\Hichem\Downloads\webinar CyberSecurity.pdf 2016-03-23 16:15 - 2016-03-23 16:15 - 00003270 _____ C:\Windows\System32\Tasks\psv_S-trax 2016-03-20 00:03 - 2016-03-20 00:03 - 00003280 _____ C:\Windows\System32\Tasks\psv_PlusAir 2016-03-19 16:51 - 2016-03-19 16:51 - 00003290 _____ C:\Windows\System32\Tasks\psv_Zercom 2016-03-19 16:51 - 2016-03-19 16:51 - 00003286 _____ C:\Windows\System32\Tasks\psv_AnQuozap 2016-03-19 16:50 - 2016-03-19 16:50 - 00003286 _____ C:\Windows\System32\Tasks\psv_San-In 2016-03-16 16:50 - 2016-03-31 17:04 - 00002393 _____ C:\Windows\SysWOW64\findit.xml 2016-03-16 16:50 - 2016-03-31 17:04 - 00000000 ____D C:\ProgramData\Airtostrong 2016-03-16 16:50 - 2016-03-16 16:50 - 00000000 ____D C:\ProgramData\Airtostrongs 2016-03-16 16:46 - 2016-03-16 16:46 - 02794722 _____ () C:\Program Files\Common Files\esksy3vi.exe 2016-03-15 19:31 - 2016-03-15 19:31 - 00003282 _____ C:\Windows\System32\Tasks\psv_TranCore 2016-03-15 19:31 - 2016-03-15 19:31 - 00003278 _____ C:\Windows\System32\Tasks\psv_Tech-Touch 2016-03-15 19:30 - 2016-03-15 19:30 - 00003286 _____ C:\Windows\System32\Tasks\psv_Freshdom 2016-03-14 18:53 - 2016-03-14 18:53 - 00003296 _____ C:\Windows\System32\Tasks\psv_BamDonjob 2016-03-12 17:30 - 2016-03-31 13:14 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS 2016-03-12 15:50 - 2016-03-12 15:50 - 03170418 _____ () C:\Program Files\Common Files\0cden5fh.exe 2016-03-12 15:46 - 2016-03-12 15:46 - 00003388 _____ C:\Windows\System32\Tasks\1dpkq5r4 2016-03-12 15:46 - 2016-03-12 15:46 - 00000000 ____D C:\Program Files\Common Files\reegu3ih 2016-03-12 14:35 - 2016-03-12 17:26 - 00000000 ____D C:\Program Files (x86)\AdwCleaner 2016-03-12 14:26 - 2016-03-12 14:26 - 00000000 ____D C:\Program Files\Enigma Software Group 2016-03-12 14:22 - 2016-03-12 14:25 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Hichem\Downloads\sh-remover.exe 2016-03-12 14:07 - 2016-03-12 14:08 - 00001798 _____ C:\Users\Hichem\Desktop\chrome - Raccourci.lnk 2016-03-12 13:59 - 2016-03-12 14:00 - 00000000 ____D C:\Users\Hichem\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-03-12 13:12 - 2016-03-12 13:49 - 00000000 ____D C:\ProgramData\serfe 2016-03-11 18:34 - 2016-03-11 18:34 - 00023064 _____ C:\Users\Hichem\Downloads\config.bin 2016-03-11 18:31 - 2016-03-11 18:31 - 00000000 ____D C:\Users\Public\Thunder Network 2016-03-11 18:31 - 2016-03-11 18:31 - 00000000 ____D C:\ProgramData\Thunder Network 2016-03-11 18:21 - 2016-03-12 13:49 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\UPUpdata 2016-03-11 17:48 - 2016-03-11 17:49 - 00000000 ____D C:\Windows\pss 2016-03-11 17:28 - 2016-03-11 17:28 - 01132300 _____ C:\Users\Hichem\AppData\Roaming\Tempsunflex.tst 2016-03-11 17:28 - 2016-03-11 17:28 - 00000000 _____ C:\Users\Hichem\AppData\Roaming\agent.dat 2016-03-11 17:25 - 2016-03-11 18:03 - 00000000 ____D C:\Program Files\pclient 2016-03-11 17:22 - 2016-03-11 17:22 - 00126464 _____ C:\Users\Hichem\AppData\Roaming\lobby.dat 2016-03-11 17:22 - 2016-03-11 17:22 - 00072704 _____ C:\Users\Hichem\AppData\Roaming\Sunzap.tst 2016-03-11 17:22 - 2016-03-11 17:22 - 00054272 _____ C:\Users\Hichem\AppData\Roaming\ApplicationHosting.dat 2016-03-11 17:22 - 2016-03-11 17:22 - 00002880 _____ C:\Users\Hichem\AppData\Roaming\md.xml 2016-03-11 17:19 - 2016-03-11 17:19 - 00188573 _____ () C:\Users\Hichem\AppData\Roaming\Doneco.bin 2016-03-11 17:14 - 2016-03-11 17:14 - 00848437 _____ C:\Users\Hichem\AppData\Roaming\RonCof.bin 2016-03-11 17:03 - 2016-03-11 17:04 - 00017472 _____ C:\Users\Hichem\AppData\Roaming\InstallationConfiguration.xml 2016-03-11 17:03 - 2016-03-11 17:03 - 00127488 _____ C:\Users\Hichem\AppData\Roaming\Installer.dat 2016-03-11 17:02 - 2016-03-12 13:49 - 00000000 ____D C:\Program Files\Common Files\zwfvoivl 2016-03-11 16:45 - 2016-03-11 21:41 - 00000000 ____D C:\Users\Hichem\AppData\Local\app 2016-03-11 16:17 - 2016-03-11 16:17 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\gplyra 2016-03-11 16:01 - 2016-03-11 16:04 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-03-11 16:01 - 2016-03-11 15:54 - 00524849 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-03-11 16:00 - 2016-03-11 16:00 - 00041472 _____ C:\Users\Hichem\AppData\Local\Scotcane.dat 2016-03-11 16:00 - 2016-03-11 16:00 - 00028160 _____ C:\Users\Hichem\AppData\Local\Scotcane.exe 2016-03-11 16:00 - 2016-03-11 16:00 - 00000187 _____ C:\Users\Hichem\AppData\Local\Scotcane.exe.config 2016-03-10 16:53 - 2016-03-10 16:53 - 00007105 _____ C:\Users\Hichem\Downloads\craag.wordpress.2016-03-10.xml 2016-03-10 16:10 - 2016-03-10 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP 2016-03-10 16:06 - 2016-03-12 13:50 - 00000000 ____D C:\xampp 2016-03-10 14:09 - 2016-03-10 14:14 - 10110021 _____ C:\Users\Hichem\Downloads\Station régionale d'Oran.zip 2016-03-10 13:54 - 2016-03-10 13:54 - 00000318 _____ C:\Users\Hichem\Downloads\facture.xls 2016-03-07 21:03 - 2016-03-07 21:03 - 00000000 ____D C:\Users\Hichem\AppData\Local\Paint.NET 2016-03-04 14:44 - 2016-03-04 14:44 - 00001509 _____ C:\Users\Hichem\Downloads\PT-Assessment-Client-3860894.jnlp 2016-03-04 14:43 - 2016-03-04 14:43 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\IsolatedStorage 2016-03-04 14:43 - 2016-03-04 14:43 - 00000000 ____D C:\ProgramData\IsolatedStorage 2016-03-04 14:29 - 2016-03-04 14:29 - 00000000 ____D C:\Spacekace 2016-03-03 20:59 - 2016-03-03 21:01 - 00000000 ____D C:\Users\Hichem\Cisco Packet Tracer 6.3 2016-03-03 20:58 - 2016-03-03 20:58 - 00001233 _____ C:\Users\Hichem\Desktop\Cisco Packet Tracer.lnk 2016-03-03 20:58 - 2016-03-03 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer 2016-03-03 20:58 - 2016-03-03 20:58 - 00000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 6.3 2016-03-03 19:11 - 2016-03-03 19:11 - 00001507 _____ C:\Users\Hichem\Downloads\PT-Assessment-Client-3835338.jnlp 2016-03-03 19:01 - 2016-03-03 19:01 - 00001507 _____ C:\Users\Hichem\Downloads\PT-Assessment-Client-3835032.jnlp 2016-03-01 18:13 - 2016-02-29 22:22 - 00043772 _____ C:\Users\Hichem\Documents\Configuration.mc ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-03-31 18:55 - 2015-10-11 20:09 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-31 17:55 - 2015-10-11 20:09 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-31 17:09 - 2015-10-12 19:35 - 00000000 ____D C:\Users\Hichem\Downloads\Compressed 2016-03-31 17:05 - 2015-10-28 15:55 - 00000987 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-03-31 17:05 - 2015-10-11 20:44 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-31 17:05 - 2015-10-10 21:00 - 00000993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-31 17:05 - 2015-10-10 17:28 - 00001204 _____ C:\Users\Hichem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-31 13:19 - 2009-07-14 05:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-31 13:19 - 2009-07-14 05:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-31 13:16 - 2015-11-07 18:22 - 00000000 ____D C:\Program Files (x86)\Opera 2016-03-31 13:14 - 2015-11-01 18:43 - 00005064 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Hichem-PC-Hichem Hichem-PC 2016-03-31 13:13 - 2015-10-27 21:33 - 00000000 __SHD C:\Users\Hichem\IntelGraphicsProfiles 2016-03-31 13:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-31 02:28 - 2015-10-12 19:35 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\DMCache 2016-03-30 21:15 - 2015-10-10 21:08 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\uTorrent 2016-03-30 19:00 - 2015-10-10 21:08 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\Notepad++ 2016-03-30 18:37 - 2015-10-12 19:40 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\vlc 2016-03-30 18:02 - 2010-11-21 07:19 - 00738536 _____ C:\Windows\system32\perfh00C.dat 2016-03-30 18:02 - 2010-11-21 07:19 - 00149962 _____ C:\Windows\system32\perfc00C.dat 2016-03-30 18:02 - 2009-07-14 06:13 - 01671578 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-30 18:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-03-30 17:55 - 2009-07-14 06:08 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-03-29 13:30 - 2016-02-16 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-29 12:51 - 2015-10-11 19:26 - 00000000 ____D C:\Users\Hichem\Documents\Bluetooth Folder 2016-03-28 18:18 - 2015-10-12 19:15 - 00000000 ____D C:\Users\Hichem\AppData\Local\Adobe 2016-03-27 23:38 - 2015-10-25 20:00 - 00000233 _____ C:\Users\Hichem\Documents\site.txt 2016-03-26 23:08 - 2015-10-12 18:43 - 00000000 ____D C:\ProgramData\Intel 2016-03-26 23:08 - 2015-10-11 19:28 - 00000000 ____D C:\Program Files\Intel 2016-03-26 23:08 - 2015-10-11 19:18 - 00000000 ____D C:\Program Files (x86)\Intel 2016-03-25 19:59 - 2015-10-11 20:31 - 00000000 ____D C:\Users\Hichem\AppData\Local\CrashDumps 2016-03-25 00:00 - 2015-10-10 17:27 - 00000000 ____D C:\Users\Hichem 2016-03-23 22:29 - 2015-10-12 19:35 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\IDM 2016-03-14 19:20 - 2015-11-08 17:50 - 00000000 ____D C:\Users\Hichem\Documents\Logiciels 2016-03-12 14:41 - 2016-01-13 01:29 - 00000438 __RSH C:\ProgramData\ntuser.pol 2016-03-12 14:38 - 2016-01-01 14:45 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-03-12 14:38 - 2015-11-07 18:22 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-03-12 14:38 - 2015-11-07 18:22 - 00000986 _____ C:\Users\Public\Desktop\Opera.lnk 2016-03-12 14:38 - 2015-10-30 01:52 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome 2016-03-12 13:50 - 2016-02-22 15:20 - 00000000 ____D C:\Users\Hichem\AppData\Roaming\TeamViewer 2016-03-12 13:50 - 2016-02-16 20:15 - 00000000 ____D C:\ProgramData\FLEXnet 2016-03-12 13:50 - 2016-01-18 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVCutty 3 2016-03-12 13:50 - 2016-01-12 18:34 - 00000000 ____D C:\Users\Invité 2016-03-12 13:50 - 2015-12-13 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2016-03-12 13:50 - 2015-11-24 18:03 - 00000000 ____D C:\Program Files (x86)\WinPcap 2016-03-12 13:50 - 2015-10-12 19:20 - 00000000 ____D C:\Windows\AutoKMS 2016-03-12 13:50 - 2015-10-12 19:14 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2016-03-12 13:49 - 2016-01-18 09:31 - 00000000 ____D C:\Program Files (x86)\AVCutty 3 2016-03-12 13:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2016-03-12 13:48 - 2015-12-24 00:36 - 00000000 ____D C:\Users\Hichem\AppData\LocalLow\Google 2016-03-12 13:48 - 2015-10-25 20:09 - 00000000 ____D C:\Users\Hichem\AppData\Local\Mozilla 2016-03-12 13:16 - 2015-12-27 19:31 - 00000124 _____ C:\Users\Hichem\Documents\E-Mail.txt 2016-03-11 17:15 - 2016-02-10 16:56 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-03-10 12:42 - 2015-10-12 19:35 - 00000000 ____D C:\Users\Hichem\Downloads\Video 2016-03-10 12:35 - 2015-10-28 17:29 - 00000376 _____ C:\Users\Hichem\.packettracer 2016-03-03 18:33 - 2015-10-28 16:37 - 00000000 ____D C:\Users\Hichem\.oracle_jre_usage ==================== Fichiers à la racine de certains dossiers ======= 2016-03-12 15:50 - 2016-03-12 15:50 - 3170418 _____ () C:\Program Files\Common Files\0cden5fh.exe 2016-03-16 16:46 - 2016-03-16 16:46 - 2794722 _____ () C:\Program Files\Common Files\esksy3vi.exe 2016-03-11 17:28 - 2016-03-11 17:28 - 0000000 _____ () C:\Users\Hichem\AppData\Roaming\agent.dat 2016-03-11 17:22 - 2016-03-11 17:22 - 0054272 _____ () C:\Users\Hichem\AppData\Roaming\ApplicationHosting.dat 2016-03-11 17:19 - 2016-03-11 17:19 - 0188573 _____ () C:\Users\Hichem\AppData\Roaming\Doneco.bin 2016-03-11 17:03 - 2016-03-11 17:04 - 0017472 _____ () C:\Users\Hichem\AppData\Roaming\InstallationConfiguration.xml 2016-03-11 17:03 - 2016-03-11 17:03 - 0127488 _____ () C:\Users\Hichem\AppData\Roaming\Installer.dat 2016-03-11 17:22 - 2016-03-11 17:22 - 0126464 _____ () C:\Users\Hichem\AppData\Roaming\lobby.dat 2016-03-11 17:22 - 2016-03-11 17:22 - 0002880 _____ () C:\Users\Hichem\AppData\Roaming\md.xml 2016-03-11 17:14 - 2016-03-11 17:14 - 0848437 _____ () C:\Users\Hichem\AppData\Roaming\RonCof.bin 2016-03-11 17:22 - 2016-03-11 17:22 - 0072704 _____ () C:\Users\Hichem\AppData\Roaming\Sunzap.tst 2016-03-11 17:28 - 2016-03-11 17:28 - 1132300 _____ () C:\Users\Hichem\AppData\Roaming\Tempsunflex.tst 2015-11-08 17:26 - 2015-11-08 17:26 - 225111747 _____ () C:\Users\Hichem\AppData\Local\ACCCx3_3_0_151.zip.aamdownload 2015-11-08 17:26 - 2015-11-08 17:26 - 0002615 _____ () C:\Users\Hichem\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd 2016-01-18 09:34 - 2016-02-13 18:36 - 0004608 _____ () C:\Users\Hichem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-03-11 16:00 - 2016-03-11 16:00 - 0041472 _____ () C:\Users\Hichem\AppData\Local\Scotcane.dat 2016-03-11 16:00 - 2016-03-11 16:00 - 0028160 _____ () C:\Users\Hichem\AppData\Local\Scotcane.exe 2016-03-11 16:00 - 2016-03-11 16:00 - 0000187 _____ () C:\Users\Hichem\AppData\Local\Scotcane.exe.config 2015-10-11 19:24 - 2015-10-11 19:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Certains fichiers dans TEMP: ==================== C:\Users\Hichem\AppData\Local\Temp\uttFFC7.tmp.exe ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2016-03-29 17:35 ==================== Fin de FRST.txt ============================