Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 03-05-2017 01
Exécuté par ahmed_k (administrateur) sur AHMED-KHELIF (04-05-2017 11:13:29)
Exécuté depuis C:\Users\ahmed_k\Downloads
Profils chargés: ahmed_k (Profils disponibles: admin & ahmed_k)
Platform: Microsoft Windows 7 Professionnel (X86) Langue: Français (France)
Internet Explorer Version 8 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\ProgramData\DataCardService\HWDeviceService.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\Mobiconnect\AssistantServices.exe
() C:\Program Files\ver0Safer-Surf\Safer-Surf.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\Mobiconnect\CancelAutoPlay_byt.exe
() C:\Program Files\Mobiconnect\UIExec.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Gemalto N.V.) C:\Users\ahmed_k\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Visicom Media Inc.) C:\Program Files\ManyCam\ManyCam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNABCSWK.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Mozilla Corporation) C:\Users\ahmed_k\AppData\Local\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\ahmed_k\AppData\Local\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [USB Antivirus] => C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1675356 2012-12-11] (IDT, Inc.)
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-01-11] (CANON INC.)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe*************************************************************************************
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296520 2014-07-23] (RealNetworks, Inc.)
HKLM\...\Run: [CancelAutoPlay_byt] => C:\Program Files\Mobiconnect\CancelAutoPlay_byt.exe [431432 2012-12-03] ()
HKLM\...\Run: [UIExec] => C:\Program Files\Mobiconnect\UIExec.exe [157000 2012-12-03] ()
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [522552 2015-12-10] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [231736 2015-12-10] (Citrix Systems, Inc.)
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\ahmed_k\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\Run: [ManyCam] => C:\Program Files\ManyCam\ManyCam.exe [8801384 2014-06-02] (Visicom Media Inc.)
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\Run: [Mobile Partner] => C:\Program Files\e WiFi\e WiFi
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\Run: [tsiVideo] => rundll32.exe C:\Users\ahmed_k\AppData\Local\Temp\mdi164.dll,quardin <===== ATTENTION
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\MountPoints2: {d026e4b7-25ab-11e3-b37f-806e6f6e6963} - E:\DriverPackSolution.exe
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2007-02-12] (Autodesk, Inc.)
Startup: C:\Users\ahmed_k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2013-09-25]
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-07-23]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{6908B2B0-F834-4E47-A8A7-0294347E151F}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{79167765-CD7E-4F91-BC23-76F2ED7868A6}: [NameServer] 192.169.0.1,192.169.0.8
Tcpip\..\Interfaces\{79167765-CD7E-4F91-BC23-76F2ED7868A6}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{82D05F2F-F53F-4BF0-996D-28335E406D73}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{8A921C00-BA14-409A-A0AF-84A386607A48}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{E0A15B4B-FE62-4456-92C1-C2CB5C405C21}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.DamasGate.com.com/vb
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.googel.com/
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-06-10] (RealDownloader)
BHO: Safer-Surf -> {A034AA96-B055-2865-6C6E-4EF77A5A6439} -> C:\Program Files\ver0Safer-Surf\183.dll [2014-11-14] ()
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
FireFox:
========
FF DefaultProfile: k5ismqpc.default
FF ProfilePath: C:\Users\ahmed_k\AppData\Roaming\Mozilla\Firefox\Profiles\k5ismqpc.default [2017-05-04]
FF Extension: (Shield Recipe Client) - C:\Users\ahmed_k\AppData\Roaming\Mozilla\Firefox\Profiles\k5ismqpc.default\features\{b2d00628-5f68-416a-a359-df6dc0a115de}\shield-recipe-client@mozilla.org.xpi [2017-05-04]
FF HKLM\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-23] [non signé]
FF HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\Firefox\Extensions: [{E88C493E-56EE-9D17-3D58-1D9A8026ECB6}] - C:\Program Files\ver0Safer-Surf\183.xpi
FF Extension: (Safer-Surf) - C:\Program Files\ver0Safer-Surf\183.xpi [2014-11-14] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-05-02] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)
FF Plugin: @real.com/nppl3260;version=17.0.11.0 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-07-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-07-23] (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-3351754458-3666674723-2593995200-1490: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ahmed_k\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-13] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - C:\Users\ahmed_k\AppData\Local\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default [2017-05-04]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-26]
CHR Extension: (RealPlayer Downloader) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-23]
CHR Extension: (FromDocToPDF) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-02]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-02]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-05-28] (Intel Corporation)
S2 ggbugreport; C:\Program Files\SearchesToYesbnd\bugreport.exe [1592888 2016-03-17] () [Fichier non signé]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-10-28] ()
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509408 2015-07-22] (Lenovo)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2014-01-30] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-23] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [Fichier non signé]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [307282 2012-12-11] (IDT, Inc.) [Fichier non signé]
R2 UI Assistant Service; C:\Program Files\Mobiconnect\AssistantServices.exe [275784 2012-12-03] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 Winsere; C:\Program Files\SearchesToYesbnd\Winsere.exe [316984 2016-03-23] () [Fichier non signé]
S3 ShareItSvc; "C:\Program Files\Lenovo\SHAREit\Shareit.Service.exe" [X]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [41392 2013-03-25] (Ralink Corporation)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101504 2013-11-30] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70784 2013-11-30] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-11-30] (Huawei Technologies Co., Ltd.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [538608 2013-06-15] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26608 2013-06-15] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [40944 2014-05-13] (Visicom Media Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-08-29] (MBB Incorporated)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [29936 2014-05-13] (Visicom Media Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [884528 2013-03-09] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826784 2012-11-20] ()
R3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [41936 2012-12-11] (SafeNet, Inc.)
R3 vusbbus; C:\Windows\System32\DRIVERS\vusbbus.sys [171520 2008-04-06] (Chingachguk & Denger2k) [Fichier non signé]
R2 webinstrT; C:\Windows\system32\Drivers\webinstrT.sys [56992 2014-11-14] (Corsica)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-05-04 11:13 - 2017-05-04 11:13 - 00019702 _____ C:\Users\ahmed_k\Downloads\FRST.txt
2017-05-04 11:11 - 2017-05-04 11:13 - 00000000 ____D C:\FRST
2017-05-04 11:11 - 2017-05-04 11:11 - 01769472 _____ (Farbar) C:\Users\ahmed_k\Downloads\FRST.exe
2017-05-04 11:02 - 2017-05-04 11:02 - 00148640 _____ C:\Windows\Minidump\050417-20061-01.dmp
2017-05-04 10:55 - 2017-05-04 10:55 - 00000000 ____H C:\ProgramData\cm-lock
2017-05-01 19:32 - 2017-05-01 19:32 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\Macromedia
2017-05-01 19:28 - 2017-05-01 19:28 - 00000000 ____D C:\Windows\system32\appmgmt
2017-05-01 19:25 - 2017-05-01 19:25 - 00606120 _____ (Visicom Media inc.) C:\Users\ahmed_k\Downloads\ManyCamWebInstaller(1).exe
2017-05-01 19:23 - 2017-05-01 19:23 - 00606120 _____ (Visicom Media inc.) C:\Users\ahmed_k\Downloads\ManyCamWebInstaller.exe
2017-05-01 19:08 - 2017-05-04 11:04 - 00000000 ____D C:\Users\ahmed_k\AppData\LocalLow\Mozilla
2017-05-01 19:07 - 2017-05-02 11:44 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\Mozilla
2017-05-01 19:07 - 2017-05-01 19:08 - 00000000 ____D C:\Users\ahmed_k\AppData\Roaming\Mozilla
2017-05-01 19:07 - 2017-05-01 19:07 - 00001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-01 19:07 - 2017-05-01 19:07 - 00001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-01 19:07 - 2017-05-01 19:07 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\Mozilla Firefox
2017-05-01 19:07 - 2017-05-01 19:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-27 15:31 - 2017-04-27 15:31 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-27 15:31 - 2017-04-27 15:31 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-14 12:59 - 2017-04-14 12:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2017-04-14 12:57 - 2014-11-14 10:14 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrT.sys
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-05-04 11:10 - 2009-07-14 05:34 - 00017280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-04 11:10 - 2009-07-14 05:34 - 00017280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-04 11:06 - 2014-11-14 10:14 - 00000392 _____ C:\Windows\Tasks\Safer-Surf Update.job
2017-05-04 11:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2017-05-04 11:02 - 2015-10-21 10:30 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-05-04 11:02 - 2014-02-21 11:28 - 385138501 _____ C:\Windows\MEMORY.DMP
2017-05-04 11:02 - 2014-02-21 11:28 - 00000000 ____D C:\Windows\Minidump
2017-05-04 11:02 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-02 11:46 - 2013-10-11 12:18 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-05-02 11:46 - 2013-10-11 12:18 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-02 11:46 - 2013-09-25 10:53 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-01 19:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-05-01 19:23 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-01 19:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-05-01 17:19 - 2014-11-14 10:42 - 00002140 _____ C:\Windows\patsearch.bin
2017-04-27 15:30 - 2013-10-24 21:31 - 00000000 ____D C:\Program Files\Google
2017-04-27 14:58 - 2013-10-11 20:07 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\Deployment
2017-04-14 12:49 - 2016-03-20 11:45 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2017-04-14 12:45 - 2013-09-25 10:39 - 00000000 ____D C:\Users\ahmed_k
2017-04-14 12:44 - 2013-09-25 09:37 - 00000000 ____D C:\Users\admin
2017-04-14 12:43 - 2015-12-26 08:06 - 00000000 ____D C:\Users\ahmed_k\AppData\Roaming\ICAClient
2017-04-14 12:43 - 2014-08-20 19:01 - 00000000 ____D C:\Program Files\Mobiconnect
2017-04-14 12:43 - 2014-01-27 14:14 - 00000000 ____D C:\Windows\system32\My Vaults
2017-04-14 12:43 - 2009-07-14 08:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-04-14 12:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2017-04-14 12:42 - 2014-01-06 07:33 - 00000000 ____D C:\ProgramData\Real
2017-04-14 11:32 - 2013-12-29 21:32 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\ElevatedDiagnostics
2017-04-09 13:58 - 2013-09-25 09:37 - 01560756 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-09 13:58 - 2009-11-30 06:46 - 00707612 _____ C:\Windows\system32\perfh00C.dat
2017-04-09 13:58 - 2009-11-30 06:46 - 00133424 _____ C:\Windows\system32\perfc00C.dat
==================== Fichiers à la racine de certains dossiers =======
2013-10-24 21:31 - 2013-10-24 22:08 - 4188160 _____ () C:\Program Files\GUT423E.tmp
2014-01-27 14:15 - 2014-01-27 14:20 - 0000640 _____ () C:\Users\ahmed_k\AppData\Roaming\.backup.dm
2014-01-30 20:25 - 2014-01-30 20:25 - 0138056 _____ () C:\Users\ahmed_k\AppData\Roaming\PnkBstrK.sys
2013-09-25 11:07 - 2013-09-25 11:07 - 0000095 _____ () C:\Users\ahmed_k\AppData\Local\fusioncache.dat
2017-05-04 10:55 - 2017-05-04 10:55 - 0000000 ____H () C:\ProgramData\cm-lock
Certains fichiers dans TEMP:
====================
2006-10-28 11:58 - 2006-10-28 11:58 - 0145184 ____R (Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\ose00000.exe
2014-11-14 10:14 - 2014-11-14 10:14 - 0400384 _____ () C:\Users\ahmed_k\AppData\Local\Temp\3C005378-799E-78BE-725E-EB6BDFF7BD3A.exe
2014-11-14 10:14 - 2014-11-14 10:14 - 0088064 _____ () C:\Users\ahmed_k\AppData\Local\Temp\48032A7E-31A5-FD75-C67D-F057251F5CCD.dll
2014-11-14 10:14 - 2014-11-14 10:14 - 0220160 _____ () C:\Users\ahmed_k\AppData\Local\Temp\48032A7E-31A5-FD75-C67D-F057251F5CCD.exe
2013-09-25 10:55 - 2007-02-12 12:07 - 0150632 _____ (Autodesk, Inc.) C:\Users\ahmed_k\AppData\Local\Temp\AcDeltree.exe
2015-10-21 10:28 - 2015-10-21 10:28 - 0208896 _____ (Sony DADC Austria AG) C:\Users\ahmed_k\AppData\Local\Temp\drm_dyndata_7410004.dll
2014-01-10 22:25 - 2014-01-10 22:25 - 0698144 _____ () C:\Users\ahmed_k\AppData\Local\Temp\ICReinstall_installer_adobe-flash-player_English.exe
2016-03-20 11:49 - 2016-03-20 11:49 - 1030073 _____ ( ) C:\Users\ahmed_k\AppData\Local\Temp\ICReinstall_keygen-step-2.exe
2014-01-06 07:34 - 2016-02-15 15:09 - 0147712 _____ (RealNetworks, Inc.) C:\Users\ahmed_k\AppData\Local\Temp\lowproc.exe
2016-03-20 11:43 - 2016-03-20 11:44 - 1456128 _____ () C:\Users\ahmed_k\AppData\Local\Temp\mdi064.dll
2016-03-20 11:47 - 2016-03-20 11:48 - 1456128 _____ () C:\Users\ahmed_k\AppData\Local\Temp\mdi164.dll
2016-03-20 11:48 - 2016-03-20 11:49 - 1456128 _____ () C:\Users\ahmed_k\AppData\Local\Temp\mdi264.dll
2010-08-05 22:37 - 2010-08-05 22:37 - 0189712 ____R (Electronic Arts) C:\Users\ahmed_k\AppData\Local\Temp\Medal of Honor_uninst.exe
2016-08-16 08:48 - 2016-08-16 08:48 - 0488960 _____ () C:\Users\ahmed_k\AppData\Local\Temp\sqlite3.exe
2014-01-06 07:34 - 2016-02-15 15:09 - 0096496 _____ (RealNetworks, Inc.) C:\Users\ahmed_k\AppData\Local\Temp\stubhelper.dll
2007-02-28 00:08 - 2007-02-28 00:08 - 0456416 ____R (Macrovision Corporation) C:\Users\ahmed_k\AppData\Local\Temp\_is3D1F.exe
2007-02-28 00:08 - 2007-02-28 00:08 - 0456416 ____R (Macrovision Corporation) C:\Users\ahmed_k\AppData\Local\Temp\_is4826.exe
2007-02-28 00:08 - 2007-02-28 00:08 - 0456416 ____R (Macrovision Corporation) C:\Users\ahmed_k\AppData\Local\Temp\_is79C4.exe
2014-08-09 19:35 - 2007-02-28 00:08 - 0456416 _____ (Macrovision Corporation) C:\Users\ahmed_k\AppData\Local\Temp\_isACC2.exe
2014-08-09 19:53 - 2007-02-28 00:08 - 0456416 _____ (Macrovision Corporation) C:\Users\ahmed_k\AppData\Local\Temp\_isAEB6.exe
2013-10-24 21:53 - 2013-10-24 22:08 - 0000000 _____ () C:\Users\ahmed_k\AppData\Local\Temp\{20DE08E4-66F1-473A-AE41-9FADF4830C8D}-30.0.1599.101_chrome_installer.exe
2014-12-18 20:27 - 2014-12-18 21:08 - 0000000 _____ () C:\Users\ahmed_k\AppData\Local\Temp\{AFBAA924-E6CE-4F62-9786-652FB9AE8C4A}-39.0.2171.95_chrome_installer.exe
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-04-13 17:34
==================== Fin de FRST.txt ============================
Exécuté par ahmed_k (administrateur) sur AHMED-KHELIF (04-05-2017 11:13:29)
Exécuté depuis C:\Users\ahmed_k\Downloads
Profils chargés: ahmed_k (Profils disponibles: admin & ahmed_k)
Platform: Microsoft Windows 7 Professionnel (X86) Langue: Français (France)
Internet Explorer Version 8 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\ProgramData\DataCardService\HWDeviceService.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\Mobiconnect\AssistantServices.exe
() C:\Program Files\ver0Safer-Surf\Safer-Surf.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\Mobiconnect\CancelAutoPlay_byt.exe
() C:\Program Files\Mobiconnect\UIExec.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Gemalto N.V.) C:\Users\ahmed_k\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Visicom Media Inc.) C:\Program Files\ManyCam\ManyCam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNABCSWK.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Mozilla Corporation) C:\Users\ahmed_k\AppData\Local\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\ahmed_k\AppData\Local\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [USB Antivirus] => C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1675356 2012-12-11] (IDT, Inc.)
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-01-11] (CANON INC.)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe*************************************************************************************
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296520 2014-07-23] (RealNetworks, Inc.)
HKLM\...\Run: [CancelAutoPlay_byt] => C:\Program Files\Mobiconnect\CancelAutoPlay_byt.exe [431432 2012-12-03] ()
HKLM\...\Run: [UIExec] => C:\Program Files\Mobiconnect\UIExec.exe [157000 2012-12-03] ()
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [522552 2015-12-10] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [231736 2015-12-10] (Citrix Systems, Inc.)
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\ahmed_k\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\Run: [ManyCam] => C:\Program Files\ManyCam\ManyCam.exe [8801384 2014-06-02] (Visicom Media Inc.)
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\Run: [Mobile Partner] => C:\Program Files\e WiFi\e WiFi
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\Run: [tsiVideo] => rundll32.exe C:\Users\ahmed_k\AppData\Local\Temp\mdi164.dll,quardin <===== ATTENTION
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\MountPoints2: {d026e4b7-25ab-11e3-b37f-806e6f6e6963} - E:\DriverPackSolution.exe
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2007-02-12] (Autodesk, Inc.)
Startup: C:\Users\ahmed_k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2013-09-25]
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-07-23]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{6908B2B0-F834-4E47-A8A7-0294347E151F}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{79167765-CD7E-4F91-BC23-76F2ED7868A6}: [NameServer] 192.169.0.1,192.169.0.8
Tcpip\..\Interfaces\{79167765-CD7E-4F91-BC23-76F2ED7868A6}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{82D05F2F-F53F-4BF0-996D-28335E406D73}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{8A921C00-BA14-409A-A0AF-84A386607A48}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{E0A15B4B-FE62-4456-92C1-C2CB5C405C21}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.DamasGate.com.com/vb
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.googel.com/
HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-06-10] (RealDownloader)
BHO: Safer-Surf -> {A034AA96-B055-2865-6C6E-4EF77A5A6439} -> C:\Program Files\ver0Safer-Surf\183.dll [2014-11-14] ()
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
FireFox:
========
FF DefaultProfile: k5ismqpc.default
FF ProfilePath: C:\Users\ahmed_k\AppData\Roaming\Mozilla\Firefox\Profiles\k5ismqpc.default [2017-05-04]
FF Extension: (Shield Recipe Client) - C:\Users\ahmed_k\AppData\Roaming\Mozilla\Firefox\Profiles\k5ismqpc.default\features\{b2d00628-5f68-416a-a359-df6dc0a115de}\shield-recipe-client@mozilla.org.xpi [2017-05-04]
FF HKLM\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-23] [non signé]
FF HKU\S-1-5-21-3351754458-3666674723-2593995200-1490\...\Firefox\Extensions: [{E88C493E-56EE-9D17-3D58-1D9A8026ECB6}] - C:\Program Files\ver0Safer-Surf\183.xpi
FF Extension: (Safer-Surf) - C:\Program Files\ver0Safer-Surf\183.xpi [2014-11-14] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-05-02] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)
FF Plugin: @real.com/nppl3260;version=17.0.11.0 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-07-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-07-23] (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-3351754458-3666674723-2593995200-1490: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ahmed_k\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-13] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - C:\Users\ahmed_k\AppData\Local\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default [2017-05-04]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-26]
CHR Extension: (RealPlayer Downloader) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-23]
CHR Extension: (FromDocToPDF) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-02]
CHR Extension: (Pas de nom) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\ahmed_k\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-02]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-05-28] (Intel Corporation)
S2 ggbugreport; C:\Program Files\SearchesToYesbnd\bugreport.exe [1592888 2016-03-17] () [Fichier non signé]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-10-28] ()
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509408 2015-07-22] (Lenovo)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2014-01-30] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-23] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [Fichier non signé]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [307282 2012-12-11] (IDT, Inc.) [Fichier non signé]
R2 UI Assistant Service; C:\Program Files\Mobiconnect\AssistantServices.exe [275784 2012-12-03] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 Winsere; C:\Program Files\SearchesToYesbnd\Winsere.exe [316984 2016-03-23] () [Fichier non signé]
S3 ShareItSvc; "C:\Program Files\Lenovo\SHAREit\Shareit.Service.exe" [X]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [41392 2013-03-25] (Ralink Corporation)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101504 2013-11-30] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70784 2013-11-30] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-11-30] (Huawei Technologies Co., Ltd.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [538608 2013-06-15] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26608 2013-06-15] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [40944 2014-05-13] (Visicom Media Inc.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-08-29] (MBB Incorporated)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [29936 2014-05-13] (Visicom Media Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [884528 2013-03-09] (Ralink Technology, Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826784 2012-11-20] ()
R3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [41936 2012-12-11] (SafeNet, Inc.)
R3 vusbbus; C:\Windows\System32\DRIVERS\vusbbus.sys [171520 2008-04-06] (Chingachguk & Denger2k) [Fichier non signé]
R2 webinstrT; C:\Windows\system32\Drivers\webinstrT.sys [56992 2014-11-14] (Corsica)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-05-04 11:13 - 2017-05-04 11:13 - 00019702 _____ C:\Users\ahmed_k\Downloads\FRST.txt
2017-05-04 11:11 - 2017-05-04 11:13 - 00000000 ____D C:\FRST
2017-05-04 11:11 - 2017-05-04 11:11 - 01769472 _____ (Farbar) C:\Users\ahmed_k\Downloads\FRST.exe
2017-05-04 11:02 - 2017-05-04 11:02 - 00148640 _____ C:\Windows\Minidump\050417-20061-01.dmp
2017-05-04 10:55 - 2017-05-04 10:55 - 00000000 ____H C:\ProgramData\cm-lock
2017-05-01 19:32 - 2017-05-01 19:32 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\Macromedia
2017-05-01 19:28 - 2017-05-01 19:28 - 00000000 ____D C:\Windows\system32\appmgmt
2017-05-01 19:25 - 2017-05-01 19:25 - 00606120 _____ (Visicom Media inc.) C:\Users\ahmed_k\Downloads\ManyCamWebInstaller(1).exe
2017-05-01 19:23 - 2017-05-01 19:23 - 00606120 _____ (Visicom Media inc.) C:\Users\ahmed_k\Downloads\ManyCamWebInstaller.exe
2017-05-01 19:08 - 2017-05-04 11:04 - 00000000 ____D C:\Users\ahmed_k\AppData\LocalLow\Mozilla
2017-05-01 19:07 - 2017-05-02 11:44 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\Mozilla
2017-05-01 19:07 - 2017-05-01 19:08 - 00000000 ____D C:\Users\ahmed_k\AppData\Roaming\Mozilla
2017-05-01 19:07 - 2017-05-01 19:07 - 00001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-01 19:07 - 2017-05-01 19:07 - 00001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-01 19:07 - 2017-05-01 19:07 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\Mozilla Firefox
2017-05-01 19:07 - 2017-05-01 19:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-27 15:31 - 2017-04-27 15:31 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-27 15:31 - 2017-04-27 15:31 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-14 12:59 - 2017-04-14 12:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2017-04-14 12:57 - 2014-11-14 10:14 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrT.sys
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-05-04 11:10 - 2009-07-14 05:34 - 00017280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-04 11:10 - 2009-07-14 05:34 - 00017280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-04 11:06 - 2014-11-14 10:14 - 00000392 _____ C:\Windows\Tasks\Safer-Surf Update.job
2017-05-04 11:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2017-05-04 11:02 - 2015-10-21 10:30 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-05-04 11:02 - 2014-02-21 11:28 - 385138501 _____ C:\Windows\MEMORY.DMP
2017-05-04 11:02 - 2014-02-21 11:28 - 00000000 ____D C:\Windows\Minidump
2017-05-04 11:02 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-02 11:46 - 2013-10-11 12:18 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-05-02 11:46 - 2013-10-11 12:18 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-02 11:46 - 2013-09-25 10:53 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-01 19:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-05-01 19:23 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-01 19:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-05-01 17:19 - 2014-11-14 10:42 - 00002140 _____ C:\Windows\patsearch.bin
2017-04-27 15:30 - 2013-10-24 21:31 - 00000000 ____D C:\Program Files\Google
2017-04-27 14:58 - 2013-10-11 20:07 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\Deployment
2017-04-14 12:49 - 2016-03-20 11:45 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2017-04-14 12:45 - 2013-09-25 10:39 - 00000000 ____D C:\Users\ahmed_k
2017-04-14 12:44 - 2013-09-25 09:37 - 00000000 ____D C:\Users\admin
2017-04-14 12:43 - 2015-12-26 08:06 - 00000000 ____D C:\Users\ahmed_k\AppData\Roaming\ICAClient
2017-04-14 12:43 - 2014-08-20 19:01 - 00000000 ____D C:\Program Files\Mobiconnect
2017-04-14 12:43 - 2014-01-27 14:14 - 00000000 ____D C:\Windows\system32\My Vaults
2017-04-14 12:43 - 2009-07-14 08:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-04-14 12:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2017-04-14 12:42 - 2014-01-06 07:33 - 00000000 ____D C:\ProgramData\Real
2017-04-14 11:32 - 2013-12-29 21:32 - 00000000 ____D C:\Users\ahmed_k\AppData\Local\ElevatedDiagnostics
2017-04-09 13:58 - 2013-09-25 09:37 - 01560756 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-09 13:58 - 2009-11-30 06:46 - 00707612 _____ C:\Windows\system32\perfh00C.dat
2017-04-09 13:58 - 2009-11-30 06:46 - 00133424 _____ C:\Windows\system32\perfc00C.dat
==================== Fichiers à la racine de certains dossiers =======
2013-10-24 21:31 - 2013-10-24 22:08 - 4188160 _____ () C:\Program Files\GUT423E.tmp
2014-01-27 14:15 - 2014-01-27 14:20 - 0000640 _____ () C:\Users\ahmed_k\AppData\Roaming\.backup.dm
2014-01-30 20:25 - 2014-01-30 20:25 - 0138056 _____ () C:\Users\ahmed_k\AppData\Roaming\PnkBstrK.sys
2013-09-25 11:07 - 2013-09-25 11:07 - 0000095 _____ () C:\Users\ahmed_k\AppData\Local\fusioncache.dat
2017-05-04 10:55 - 2017-05-04 10:55 - 0000000 ____H () C:\ProgramData\cm-lock
Certains fichiers dans TEMP:
====================
2006-10-28 11:58 - 2006-10-28 11:58 - 0145184 ____R (Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\ose00000.exe
2014-11-14 10:14 - 2014-11-14 10:14 - 0400384 _____ () C:\Users\ahmed_k\AppData\Local\Temp\3C005378-799E-78BE-725E-EB6BDFF7BD3A.exe
2014-11-14 10:14 - 2014-11-14 10:14 - 0088064 _____ () C:\Users\ahmed_k\AppData\Local\Temp\48032A7E-31A5-FD75-C67D-F057251F5CCD.dll
2014-11-14 10:14 - 2014-11-14 10:14 - 0220160 _____ () C:\Users\ahmed_k\AppData\Local\Temp\48032A7E-31A5-FD75-C67D-F057251F5CCD.exe
2013-09-25 10:55 - 2007-02-12 12:07 - 0150632 _____ (Autodesk, Inc.) C:\Users\ahmed_k\AppData\Local\Temp\AcDeltree.exe
2015-10-21 10:28 - 2015-10-21 10:28 - 0208896 _____ (Sony DADC Austria AG) C:\Users\ahmed_k\AppData\Local\Temp\drm_dyndata_7410004.dll
2014-01-10 22:25 - 2014-01-10 22:25 - 0698144 _____ () C:\Users\ahmed_k\AppData\Local\Temp\ICReinstall_installer_adobe-flash-player_English.exe
2016-03-20 11:49 - 2016-03-20 11:49 - 1030073 _____ ( ) C:\Users\ahmed_k\AppData\Local\Temp\ICReinstall_keygen-step-2.exe
2014-01-06 07:34 - 2016-02-15 15:09 - 0147712 _____ (RealNetworks, Inc.) C:\Users\ahmed_k\AppData\Local\Temp\lowproc.exe
2016-03-20 11:43 - 2016-03-20 11:44 - 1456128 _____ () C:\Users\ahmed_k\AppData\Local\Temp\mdi064.dll
2016-03-20 11:47 - 2016-03-20 11:48 - 1456128 _____ () C:\Users\ahmed_k\AppData\Local\Temp\mdi164.dll
2016-03-20 11:48 - 2016-03-20 11:49 - 1456128 _____ () C:\Users\ahmed_k\AppData\Local\Temp\mdi264.dll
2010-08-05 22:37 - 2010-08-05 22:37 - 0189712 ____R (Electronic Arts) C:\Users\ahmed_k\AppData\Local\Temp\Medal of Honor_uninst.exe
2016-08-16 08:48 - 2016-08-16 08:48 - 0488960 _____ () C:\Users\ahmed_k\AppData\Local\Temp\sqlite3.exe
2014-01-06 07:34 - 2016-02-15 15:09 - 0096496 _____ (RealNetworks, Inc.) C:\Users\ahmed_k\AppData\Local\Temp\stubhelper.dll
2007-02-28 00:08 - 2007-02-28 00:08 - 0456416 ____R (Macrovision Corporation) C:\Users\ahmed_k\AppData\Local\Temp\_is3D1F.exe
2007-02-28 00:08 - 2007-02-28 00:08 - 0456416 ____R (Macrovision Corporation) C:\Users\ahmed_k\AppData\Local\Temp\_is4826.exe
2007-02-28 00:08 - 2007-02-28 00:08 - 0456416 ____R (Macrovision Corporation) C:\Users\ahmed_k\AppData\Local\Temp\_is79C4.exe
2014-08-09 19:35 - 2007-02-28 00:08 - 0456416 _____ (Macrovision Corporation) C:\Users\ahmed_k\AppData\Local\Temp\_isACC2.exe
2014-08-09 19:53 - 2007-02-28 00:08 - 0456416 _____ (Macrovision Corporation) C:\Users\ahmed_k\AppData\Local\Temp\_isAEB6.exe
2013-10-24 21:53 - 2013-10-24 22:08 - 0000000 _____ () C:\Users\ahmed_k\AppData\Local\Temp\{20DE08E4-66F1-473A-AE41-9FADF4830C8D}-30.0.1599.101_chrome_installer.exe
2014-12-18 20:27 - 2014-12-18 21:08 - 0000000 _____ () C:\Users\ahmed_k\AppData\Local\Temp\{AFBAA924-E6CE-4F62-9786-652FB9AE8C4A}-39.0.2171.95_chrome_installer.exe
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-04-13 17:34
==================== Fin de FRST.txt ============================