Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2017 Exécuté par Diaby (administrateur) sur DIABY-PC (05-12-2017 16:02:20) Exécuté depuis C:\Users\Diaby\Desktop Profils chargés: Diaby (Profils disponibles: Diaby & 123 & Administrateur) Platform: Microsoft Windows 7 Professionnel Service Pack 1 (X86) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Intel) C:\Program Files\Intel Driver and Support Assistant\DSAService.exe () C:\Program Files\NordVPN\nordvpn-service.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (ESET) C:\Program Files\ESET\ESET Security\egui.exe (Elecbyte) C:\Users\Diaby\Desktop\mugen\mugen.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [16553472 2017-10-07] (Realtek Semiconductor) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [300440 2017-12-04] (ESET) HKU\S-1-5-21-377985148-792701347-3327087119-1001\...\Run: [Dashlane] => C:\Users\Diaby\AppData\Roaming\Dashlane\Dashlane.exe [437200 2017-11-08] (Dashlane, Inc.) HKU\S-1-5-21-377985148-792701347-3327087119-1001\...\Run: [DashlanePlugin] => C:\Users\Diaby\AppData\Roaming\Dashlane\DashlanePlugin.exe [481232 2017-11-08] (Dashlane, Inc.) HKU\S-1-5-21-377985148-792701347-3327087119-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [15669896 2017-10-26] (NordVPN) HKU\S-1-5-21-377985148-792701347-3327087119-1001\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-377985148-792701347-3327087119-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{1E4C86FB-419F-455B-A6AE-03C7459DB4F6}: [DhcpNameServer] 78.46.223.24 162.242.211.137 Tcpip\..\Interfaces\{C9FA069C-0B47-4BBA-825B-47D487D5A075}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{C9FA069C-0B47-4BBA-825B-47D487D5A075}: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{CF0EADD1-4233-4C77-BE3C-B3722AFDBAA7}: [NameServer] 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-377985148-792701347-3327087119-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-377985148-792701347-3327087119-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler: livecall - Pas de valeur CLSID - FireFox: ======== FF DefaultProfile: d5euczvv.default FF DefaultProfile: mamou851@hotmail.com FF ProfilePath: C:\Users\Diaby\AppData\Roaming\Mozilla\Firefox\Profiles\d5euczvv.default [2017-12-05] FF Homepage: Mozilla\Firefox\Profiles\d5euczvv.default -> hxxps://www.qwant.com/?client=ext-firefox-hp FF Extension: (Dashlane) - C:\Users\Diaby\AppData\Roaming\Mozilla\Firefox\Profiles\d5euczvv.default\Extensions\jetpack-extension@dashlane.com.xpi [2017-10-19] FF Extension: (Nom:) - C:\Users\Diaby\AppData\Roaming\Mozilla\Firefox\Profiles\d5euczvv.default\Extensions\qwantcomforfirefox@jetpack.xpi [2017-11-22] FF Extension: (uBlock Origin) - C:\Users\Diaby\AppData\Roaming\Mozilla\Firefox\Profiles\d5euczvv.default\Extensions\uBlock0@raymondhill.net.xpi [2017-11-29] FF Extension: (NoScript) - C:\Users\Diaby\AppData\Roaming\Mozilla\Firefox\Profiles\d5euczvv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-12-05] FF Extension: (Disable Media WMF NV12 format) - C:\Users\Diaby\AppData\Roaming\Mozilla\Firefox\Profiles\d5euczvv.default\features\{25522ffb-f2be-49aa-a435-5898c2c60778}\disable-media-wmf-nv12@mozilla.org.xpi [2017-12-02] [Lagacy] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext => non trouvé(e) FF HKU\S-1-5-21-377985148-792701347-3327087119-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox => non trouvé(e) FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-14] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2017-04-04] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin HKU\S-1-5-21-377985148-792701347-3327087119-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Diaby\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [Pas de fichier] Chrome: ======= CHR Profile: C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default [2017-12-04] CHR Extension: (Slides) - C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-14] CHR Extension: (Docs) - C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-14] CHR Extension: (Google Drive) - C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-14] CHR Extension: (YouTube) - C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-14] CHR Extension: (uBlock Origin) - C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-02] CHR Extension: (Sheets) - C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-14] CHR Extension: (Google Docs hors connexion) - C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-15] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-14] CHR Extension: (Gmail) - C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-14] CHR Extension: (Chrome Media Router) - C:\Users\Diaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [1291784 2017-10-20] () R2 DSAService; C:\Program Files\Intel Driver and Support Assistant\DSAService.exe [22816 2017-09-18] (Intel) S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [383016 2017-06-09] (EasyAntiCheat Ltd) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1539048 2017-12-04] (ESET) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes) R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [416904 2017-10-26] () S3 npggsvc; C:\Windows\system32\GameMon.des [5691912 2016-05-18] (INCA Internet Co., Ltd.) S4 Ntp2NetSvc; C:\Program Files\notepad2\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Fichier non signé] S4 Ntp2UpSvc; C:\Program Files\Common Files\ntp2UpSvc\notepad2.exe [2340864 2017-07-13] (Don HO don.h@free.fr) [Fichier non signé] S3 PSEXESVC; C:\Windows\PSEXESVC.exe [189792 2017-10-09] (Sysinternals) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [279552 2017-10-07] (Realtek Semiconductor) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 ServiceDevMgmt; "C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe" [X] ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2016-10-11] (The OpenVPN Project) R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2017-10-07] (Samsung Electronics Co., Ltd.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [114552 2017-12-04] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [90640 2017-12-04] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141480 2017-12-04] (ESET) R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [42816 2017-12-04] (ESET) R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [71856 2017-12-04] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53184 2017-12-04] (ESET) R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [90136 2017-12-04] (ESET) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [27968 2017-05-22] (LogMeIn, Inc.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-05-26] (REALiX(tm)) S3 ksapi; C:\Windows\system32\drivers\ksapi.sys [81768 2017-07-07] (Kingsoft Corporation) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-12-03] (Malwarebytes) S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2004-12-30] (INCA Internet Co., Ltd.) [Fichier non signé] R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project) R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [65872 2017-03-29] (The OpenVPN Project) S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [113432 2017-04-18] (Oracle Corporation) S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2009-07-24] (RealVNC Ltd.) [Fichier non signé] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-12-05 16:02 - 2017-12-05 16:05 - 000012043 _____ C:\Users\Diaby\Desktop\FRST.txt 2017-12-05 16:01 - 2017-12-05 16:02 - 000000000 ____D C:\FRST 2017-12-05 15:56 - 2017-12-05 15:56 - 002941824 _____ C:\Users\Diaby\ZHPDiag3.exe 2017-12-04 18:44 - 2017-12-04 18:44 - 000014404 _____ C:\Users\Diaby\Downloads\d.zip 2017-12-04 18:41 - 2017-12-04 18:41 - 000051627 _____ C:\Users\Diaby\Downloads\d.html 2017-12-04 18:41 - 2017-12-04 18:41 - 000051376 _____ C:\Users\Diaby\Desktop\imgres (1).html 2017-12-04 18:37 - 2017-12-04 18:37 - 000051524 _____ C:\Users\Diaby\Downloads\imgres.html 2017-12-03 18:19 - 2017-12-03 18:27 - 050814288 _____ C:\Users\Diaby\Downloads\a-kyo.zip 2017-12-03 18:18 - 2017-12-03 18:21 - 023098119 _____ C:\Users\Diaby\Downloads\Kyo-KOF.rar 2017-12-03 17:57 - 2017-12-03 17:57 - 001819712 _____ C:\Users\Diaby\Downloads\Silvery_kyo.rar 2017-12-03 17:53 - 2017-12-03 17:53 - 009436506 _____ C:\Users\Diaby\Downloads\Kyo_wing.rar 2017-12-03 17:52 - 2017-12-03 17:53 - 014990472 _____ C:\Users\Diaby\Downloads\Incredible Power Kyo.rar 2017-12-03 17:46 - 2017-12-03 17:52 - 037082575 _____ C:\Users\Diaby\Downloads\Orochi Kyo WF.zip 2017-12-03 15:07 - 2017-12-03 15:20 - 000000000 ____D C:\AdwCleaner 2017-12-03 15:03 - 2017-12-03 15:04 - 008187336 _____ (Malwarebytes) C:\Users\Diaby\Desktop\adwcleaner_7.0.5.0.exe 2017-12-03 14:59 - 2017-12-03 14:59 - 000007507 _____ C:\Users\Diaby\Desktop\Malwarebytes.txt 2017-12-03 13:52 - 2017-12-03 13:53 - 001752064 _____ (Farbar) C:\Users\Diaby\Desktop\FRST.exe 2017-12-03 12:27 - 2017-12-03 13:58 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-12-03 12:11 - 2017-12-03 12:11 - 000001871 _____ C:\Users\Public\Desktop\NordVPN.lnk 2017-12-03 12:10 - 2017-12-03 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN 2017-12-03 12:10 - 2017-12-03 12:10 - 000000000 ____D C:\Program Files\NordVPN 2017-12-03 10:29 - 2017-12-03 10:29 - 000001947 _____ C:\Users\Public\Desktop\ESET Protection des transactions bancaires.lnk 2017-12-03 10:16 - 2017-12-03 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2017-12-03 10:16 - 2017-12-03 10:16 - 000000000 ____D C:\ProgramData\ESET 2017-12-03 10:16 - 2017-12-03 10:16 - 000000000 ____D C:\Program Files\ESET 2017-12-03 09:45 - 2017-12-03 09:46 - 004254840 _____ (ESET) C:\Users\Diaby\Downloads\eset_smart_security_premium_live_installer(3).exe 2017-12-02 18:31 - 2017-12-02 18:31 - 000000000 ____D C:\Users\Diaby\Desktop\Saiki-KOF WOJ 2017-12-02 18:30 - 2017-12-02 18:30 - 000000000 ____D C:\Users\Diaby\Desktop\OrochiKyoSP 2017-12-02 11:06 - 2017-12-04 19:38 - 000000000 ____D C:\Users\Diaby\Desktop\DBZ Sagas 2017-12-02 09:47 - 2017-12-02 09:47 - 000000000 ____D C:\Users\Diaby\Desktop\Dark Kyo 2017-12-02 09:00 - 2017-12-05 15:58 - 000000000 ____D C:\Users\Diaby\Desktop\mugen 2017-12-01 15:09 - 2017-12-01 15:09 - 000000000 ____D C:\Users\Administrateur.Diaby-PC.000\AppData\Local\ESET 2017-11-29 20:25 - 2017-09-22 13:07 - 103388821 _____ C:\Users\Diaby\Desktop\RF016.REZ 2017-11-29 20:21 - 2017-11-22 15:50 - 074506276 _____ C:\RF005.REZ 2017-11-24 21:07 - 2017-11-24 21:07 - 000000000 ____D C:\Users\Diaby\AppData\Local\ESET 2017-11-24 18:04 - 2017-08-24 04:11 - 021609085 _____ C:\RF002.REZ 2017-11-23 18:55 - 2017-11-22 15:56 - 020858685 _____ C:\RB001.REZ 2017-11-23 12:40 - 2017-11-25 12:40 - 000000000 ____D C:\CFLog 2017-11-23 11:56 - 2017-11-23 11:56 - 000000000 ____D C:\Windows\system32\EventProviders 2017-11-22 18:28 - 2017-12-05 15:57 - 000000625 _____ C:\Users\Diaby\Desktop\ZHPDiag.lnk 2017-11-22 18:22 - 2017-11-22 18:24 - 002929536 _____ C:\Users\Diaby\Downloads\ZHPDiag3.exe 2017-11-22 18:00 - 2017-11-22 18:01 - 002900480 _____ C:\Users\Diaby\Downloads\zhpdiag_v2017.10.9.179.exe 2017-11-22 17:03 - 2016-07-26 05:41 - 210386456 _____ C:\RF016.REZ 2017-11-22 15:39 - 2017-11-22 15:39 - 000001988 _____ C:\Users\Diaby\Desktop\CrossFire.lnk 2017-11-22 15:39 - 2017-11-22 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games 2017-11-22 15:15 - 2017-11-22 15:15 - 000000000 ____D C:\Program Files\Z8Games 2017-11-20 20:02 - 2017-12-02 11:39 - 000000000 ____D C:\Users\Diaby\Desktop\Nouveau dossier 2017-11-19 17:16 - 2017-11-19 17:16 - 000000000 ____D C:\Users\Diaby\AppData\Local\VirtualStore 2017-11-19 14:08 - 2017-11-19 15:17 - 000000000 ____D C:\CrossFire Installer 2017-11-17 11:47 - 2017-11-17 11:47 - 000000000 __SHD C:\found.003 2017-11-15 14:32 - 2017-11-15 14:32 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-15 12:36 - 2017-10-18 07:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-11-15 12:36 - 2017-10-18 02:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2017-11-15 12:36 - 2017-10-18 02:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2017-11-15 12:36 - 2017-10-18 02:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2017-11-15 12:36 - 2017-10-18 02:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2017-11-15 12:36 - 2017-10-18 02:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2017-11-15 12:36 - 2017-10-18 02:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2017-11-15 12:36 - 2017-10-18 02:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2017-11-15 12:36 - 2017-10-16 23:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-11-15 12:36 - 2017-10-16 23:25 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-11-15 12:36 - 2017-10-16 22:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll 2017-11-15 12:36 - 2017-10-14 08:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-11-15 12:36 - 2017-10-14 07:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-11-15 12:36 - 2017-10-14 07:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-11-15 12:36 - 2017-10-14 07:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-11-15 12:36 - 2017-10-14 07:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-11-15 12:36 - 2017-10-14 07:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-11-15 12:36 - 2017-10-14 07:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-11-15 12:36 - 2017-10-14 07:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-11-15 12:36 - 2017-10-14 07:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-11-15 12:36 - 2017-10-14 07:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-11-15 12:36 - 2017-10-14 07:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-11-15 12:36 - 2017-10-14 07:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-11-15 12:36 - 2017-10-14 07:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-11-15 12:36 - 2017-10-14 07:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-11-15 12:36 - 2017-10-14 07:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-11-15 12:36 - 2017-10-14 07:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-11-15 12:36 - 2017-10-14 07:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-11-15 12:36 - 2017-10-14 07:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-11-15 12:36 - 2017-10-14 07:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-11-15 12:36 - 2017-10-14 07:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-11-15 12:36 - 2017-10-14 07:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-11-15 12:36 - 2017-10-14 07:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-11-15 12:36 - 2017-10-14 07:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-11-15 12:36 - 2017-10-14 07:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-11-15 12:36 - 2017-10-14 07:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-11-15 12:36 - 2017-10-12 01:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-11-15 12:36 - 2017-10-12 01:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2017-11-15 12:36 - 2017-10-12 01:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-11-15 12:36 - 2017-10-12 01:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-11-15 12:36 - 2017-10-12 01:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2017-11-15 12:36 - 2017-10-12 01:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2017-11-15 12:36 - 2017-10-12 01:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-11-15 12:36 - 2017-10-12 01:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2017-11-15 12:36 - 2017-10-12 01:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys 2017-11-15 12:36 - 2017-09-07 14:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-11-15 12:36 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-11-15 12:35 - 2017-10-14 08:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-11-15 12:35 - 2017-10-14 08:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-11-15 12:35 - 2017-10-14 07:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-11-15 12:35 - 2017-10-14 07:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-11-15 12:35 - 2017-10-14 07:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-11-15 12:35 - 2017-10-14 07:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-11-15 12:35 - 2017-10-14 07:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-11-15 12:35 - 2017-10-14 07:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-11-15 12:35 - 2017-10-14 07:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-11-15 12:35 - 2017-10-14 07:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-11-15 12:35 - 2017-10-12 01:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2017-11-15 12:35 - 2017-10-12 01:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2017-11-15 12:35 - 2017-10-12 01:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2017-11-15 12:35 - 2017-10-12 01:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2017-11-15 12:35 - 2017-10-12 01:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2017-11-15 12:35 - 2017-10-12 01:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-11-15 12:35 - 2017-10-12 01:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2017-11-15 12:35 - 2017-10-12 01:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2017-11-15 12:35 - 2017-10-12 01:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-11-15 12:35 - 2017-10-12 01:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2017-11-15 12:35 - 2017-10-12 01:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2017-11-15 12:35 - 2017-10-12 01:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2017-11-15 12:35 - 2017-10-12 01:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2017-11-15 12:35 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2017-11-15 12:35 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2017-11-15 12:35 - 2017-10-12 01:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-11-14 16:39 - 2017-11-15 14:32 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-12-05 15:58 - 2017-07-30 16:37 - 000000000 ____D C:\Users\Diaby\AppData\Roaming\ZHP 2017-12-05 15:56 - 2016-05-25 17:26 - 000000000 ____D C:\Users\Diaby 2017-12-05 15:50 - 2016-11-23 13:25 - 000000000 ____D C:\Users\Diaby\AppData\LocalLow\Mozilla 2017-12-05 15:27 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-04 20:11 - 2009-07-14 05:34 - 000041248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-12-04 20:11 - 2009-07-14 05:34 - 000041248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-12-04 19:36 - 2017-02-05 20:16 - 000000000 ____D C:\Users\Diaby\AppData\Local\CrashDumps 2017-12-04 18:21 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf 2017-12-04 18:17 - 2017-11-02 09:02 - 000114552 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys 2017-12-04 18:17 - 2017-10-09 16:49 - 000141480 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys 2017-12-04 18:17 - 2017-09-25 14:15 - 000053184 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys 2017-12-04 18:17 - 2017-09-19 09:05 - 000090640 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys 2017-12-04 18:17 - 2017-09-19 09:05 - 000090136 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys 2017-12-04 18:17 - 2017-09-19 09:05 - 000071856 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys 2017-12-04 18:17 - 2017-09-19 09:05 - 000042816 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys 2017-12-03 12:41 - 2017-10-29 12:25 - 000000000 ____D C:\Program Files\PeerBlock 2017-12-03 12:12 - 2017-11-02 19:15 - 000000000 ____D C:\Users\Diaby\AppData\Local\NordVPN 2017-12-03 11:47 - 2017-11-02 19:06 - 000000000 ____D C:\Users\Diaby\AppData\Roaming\NordVPN 2017-12-03 09:30 - 2016-06-05 18:26 - 000000000 ____D C:\ProgramData\Package Cache 2017-12-01 21:22 - 2017-07-13 09:40 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-12-01 21:22 - 2016-11-23 13:25 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-12-01 15:08 - 2009-07-14 05:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-11-29 19:21 - 2017-10-10 17:33 - 000000000 ____D C:\Program Files\Intel Driver and Support Assistant 2017-11-25 20:59 - 2017-10-15 13:30 - 000000000 ____D C:\Users\Diaby\AppData\Local\ElevatedDiagnostics 2017-11-25 09:33 - 2017-07-07 14:01 - 000000000 ____D C:\Users\Diaby\Documents\Cross Fire 2017-11-25 09:33 - 2017-07-07 07:20 - 000000000 ____D C:\Users\Administrateur.Diaby-PC.000 2017-11-25 09:33 - 2016-12-22 18:32 - 000000000 ____D C:\Users\123 2017-11-25 09:32 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\registration 2017-11-22 20:22 - 2017-10-26 13:49 - 000000000 ____D C:\Program Files\Microsoft SQL Server 2017-11-22 18:35 - 2017-07-30 16:37 - 000000000 ____D C:\Users\Diaby\AppData\Local\ZHP 2017-11-19 15:37 - 2017-03-16 11:48 - 000000000 ____D C:\ProgramData\Solid State Networks 2017-11-19 12:54 - 2016-06-22 09:46 - 000007628 _____ C:\Users\Diaby\AppData\Local\Resmon.ResmonCfg 2017-11-17 19:05 - 2017-09-21 17:13 - 000000376 _____ C:\Windows\Tasks\update-sys.job 2017-11-17 15:45 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache 2017-11-17 13:13 - 2017-09-16 17:38 - 000316328 _____ C:\Windows\system32\FNTCACHE.DAT 2017-11-15 12:35 - 2016-06-15 12:21 - 000000000 ____D C:\Users\Diaby\AppData\Roaming\Mozilla 2017-11-15 07:24 - 2016-07-23 09:37 - 000000000 ____D C:\Users\Diaby\AppData\Roaming\Dashlane 2017-11-14 16:40 - 2016-05-25 18:28 - 000000000 ____D C:\Users\Diaby\AppData\Local\Google 2017-11-14 16:38 - 2016-05-25 18:28 - 000000000 ____D C:\Program Files\Google 2017-11-10 18:14 - 2017-08-25 09:43 - 000000000 ____D C:\Users\Diaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane ==================== Fichiers à la racine de certains dossiers ======= 2017-12-05 15:56 - 2017-12-05 15:56 - 002941824 _____ () C:\Users\Diaby\ZHPDiag3.exe 2017-02-24 17:23 - 2017-07-31 16:48 - 000192716 _____ () C:\Program Files\metadata 2015-02-15 00:58 - 2015-03-12 00:20 - 000000165 _____ () C:\Program Files\Mods-ITST.ini 2015-02-15 00:58 - 2015-03-12 00:19 - 000000165 _____ () C:\Program Files\Mods.ini 2016-12-20 14:05 - 2016-12-20 14:05 - 002314121 _____ () C:\Program Files\nPwImRe.psd 2015-02-15 00:58 - 2014-06-04 03:36 - 000000038 _____ () C:\Program Files\Run_ITST_Mod.bat 2015-02-15 00:58 - 2015-01-31 09:02 - 000000031 _____ () C:\Program Files\Run_TE_Vanilla.bat 2015-02-15 00:58 - 2015-03-12 01:02 - 000000379 _____ () C:\Program Files\UnpackSound.bat 2016-05-29 07:04 - 2016-05-29 07:04 - 000000000 _____ () C:\Users\Diaby\AppData\Roaming\1.bin 2017-02-11 15:28 - 2017-10-09 18:51 - 000001157 _____ () C:\Users\Diaby\AppData\Roaming\droid4xinstaller.log 2016-08-03 08:44 - 2017-02-07 20:05 - 000000003 _____ () C:\Users\Diaby\AppData\Roaming\Maintenance.log 2017-03-11 20:43 - 2017-04-14 12:05 - 000000002 _____ () C:\Users\Diaby\AppData\Roaming\Maintenance3.log 2017-10-24 19:22 - 2017-09-05 01:16 - 016384000 _____ () C:\Users\Diaby\AppData\Roaming\Sandra.mdb 2017-02-19 11:26 - 2017-03-03 18:08 - 000532842 _____ () C:\Users\Diaby\AppData\Roaming\spritesa 2017-02-10 09:43 - 2017-02-10 09:45 - 000033193 _____ () C:\Users\Diaby\AppData\Roaming\UserTile.png 2016-09-28 11:09 - 2017-05-13 07:52 - 000000301 _____ () C:\Users\Diaby\AppData\Roaming\WB.CFG 2016-05-28 19:05 - 2017-05-08 15:02 - 000005632 _____ () C:\Users\Diaby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-07-08 17:21 - 2017-07-09 07:51 - 000000600 _____ () C:\Users\Diaby\AppData\Local\PUTTY.RND 2016-06-22 09:46 - 2017-11-19 12:54 - 000007628 _____ () C:\Users\Diaby\AppData\Local\Resmon.ResmonCfg 2016-09-02 15:25 - 2014-10-14 00:55 - 000061786 _____ () C:\Users\Diaby\AppData\Local\Tempcapturada5.png 2016-09-02 15:25 - 2007-06-13 20:37 - 000000111 _____ () C:\Users\Diaby\AppData\Local\Tempgrey.png 2016-09-02 15:25 - 2011-12-06 21:01 - 000012869 _____ () C:\Users\Diaby\AppData\Local\TempMBoxSkin.png 2016-09-02 15:25 - 2014-09-29 13:52 - 000161372 _____ () C:\Users\Diaby\AppData\Local\Tempv2.png 2016-09-14 18:15 - 2016-09-14 18:15 - 000000003 _____ () C:\Users\Diaby\AppData\Local\updater.log 2016-09-14 18:15 - 2017-09-21 17:13 - 000000413 _____ () C:\Users\Diaby\AppData\Local\UserProducts.xml Certains fichiers dans TEMP: ==================== 2017-11-18 10:35 - 2017-12-03 19:12 - 000000000 _____ () C:\Users\Diaby\AppData\Local\temp\19480092594194a127310869d618ccd6.dll 2011-03-30 11:40 - 2011-03-30 11:40 - 000095576 _____ (Microsoft Corporation) C:\Users\Diaby\AppData\Local\temp\DSETUP.dll 2011-03-30 11:40 - 2011-03-30 11:40 - 001566040 _____ () C:\Users\Diaby\AppData\Local\temp\dsetup32.dll 2011-03-30 11:40 - 2011-03-30 11:40 - 000517976 _____ () C:\Users\Diaby\AppData\Local\temp\DXSETUP.exe ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-11-30 18:11 ==================== Fin de FRST.txt ============================