Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017
Exécuté par LAHOU (administrateur) sur LAHOU-PC (12-11-2017 15:51:54)
Exécuté depuis C:\Users\LAHOU\Desktop
Profils chargés: LAHOU (Profils disponibles: LAHOU & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.674 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(HashLogic) C:\Program Files\ChamberSign\HashLogic\bin\idoCacheSrv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HashLogic) C:\Program Files (x86)\ChamberSign\HashLogic\bin\TokenManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-05-08] (Realtek Semiconductor)
HKLM\...\Run: [TokenManager] => C:\Program Files (x86)\ChamberSign\HashLogic\bin\TokenManager.exe [1261056 2016-05-19] (HashLogic)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Run: [uTorrent] => C:\Users\LAHOU\AppData\Roaming\uTorrent\uTorrent.exe [1999040 2017-10-22] (BitTorrent Inc.)
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-08-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Policies\Explorer: [NoFavoritesMenu] 1
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241
Tcpip\..\Interfaces\{2FB0F181-967B-46E7-A01B-9FBAE28566D1}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{6cb3a5d4-e568-42ab-a308-375be1eab05d}: [DhcpNameServer] 212.27.40.240 212.27.40.241
Tcpip\..\Interfaces\{79a4b999-c84e-405a-8145-1c83b8d30009}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{e26cc909-cd3c-412f-aecc-979fb58e52d8}: [DhcpNameServer] 212.27.40.240 212.27.40.241
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.fr/
URLSearchHook: HKU\S-1-5-21-3617780264-3162171523-3638993082-1000 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3617780264-3162171523-3638993082-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-08-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll => Pas de fichier
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2016-02-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2016-02-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3617780264-3162171523-3638993082-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: ke7ofeoj.default-1475560371820-1510207374083
FF ProfilePath: C:\Users\LAHOU\AppData\Roaming\Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083 [2017-11-12]
FF Homepage: Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083 -> hxxps://www.google.fr
FF Extension: (Enhancer for YouTube™) - C:\Users\LAHOU\AppData\Roaming\Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-11-09]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\LAHOU\AppData\Roaming\Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-09]
FF Extension: (uBlock Origin) - C:\Users\LAHOU\AppData\Roaming\Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083\Extensions\uBlock0@raymondhill.net.xpi [2017-11-09]
FF Extension: (Adblock Plus) - C:\Users\LAHOU\AppData\Roaming\Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-10-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-07-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2016-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-08-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-08-23] (Microsoft Corporation)
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.youtube.com/watch?v=qvR_jaFZKHU"
CHR Profile: C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]
CHR Extension: (Docs) - C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12]
CHR Extension: (Adblock Plus) - C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-11-12]
CHR Extension: (Google Docs hors connexion) - C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-12]
CHR Extension: (AdBlock) - C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-12]
CHR Extension: (Chrome Media Router) - C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-12]
CHR HKLM\...\Chrome\Extension: [pfcgjlglddicjopgimohdcbmabacamll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Fichier non signé]
R2 idoCacheSrv; C:\Program Files\ChamberSign\HashLogic\bin\idoCacheSrv.exe [258560 2016-05-20] (HashLogic) [Fichier non signé]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [55800 2015-06-02] ()
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-07-16] (The OpenVPN Project)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-05-08] (Advanced Micro Devices)
S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2017-07-18] (Disc Soft Ltd)
R3 GemCCID; C:\WINDOWS\system32\DRIVERS\GemCCID.sys [139632 2015-07-10] (Gemalto)
S3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2016-11-02] (The OpenVPN Project)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-01] (REALiX(tm))
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2015-10-23] ()
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [41576 2016-02-19] (EldoS Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-05-08] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-05-08] (Synaptics Incorporated)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U4 idsvc; pas de ImagePath
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-12 15:51 - 2017-11-12 15:52 - 000019804 ____C C:\Users\LAHOU\Desktop\FRST.txt
2017-11-12 15:51 - 2017-11-12 15:51 - 002392576 ____C (Farbar) C:\Users\LAHOU\Desktop\FRST64.exe
2017-11-12 15:40 - 2017-11-12 15:40 - 000000000 ____D C:\WINDOWS\Panther
2017-11-12 12:13 - 2017-11-12 12:13 - 000003426 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2017-11-12 12:13 - 2017-11-12 12:13 - 000000000 ____D C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2017-11-12 12:13 - 2017-11-12 12:13 - 000000000 ____D C:\Users\LAHOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-11-12 12:13 - 2017-11-12 12:13 - 000000000 ____D C:\sh4ldr
2017-11-12 12:13 - 2017-11-12 12:13 - 000000000 ____D C:\Program Files (x86)\Enigma Software Group
2017-11-12 08:17 - 2017-11-12 08:17 - 000000633 ____C C:\Users\LAHOU\Desktop\SearchReg.txt
2017-11-12 07:41 - 2017-11-12 15:51 - 000000000 ____D C:\FRST
2017-11-11 14:48 - 2017-11-11 14:48 - 000001425 ____C C:\Users\LAHOU\Desktop\ZHPCleaner.txt
2017-11-11 12:40 - 2017-11-11 14:22 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-11 12:40 - 2017-11-11 12:40 - 000001920 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-11 12:40 - 2017-11-11 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-11 12:40 - 2017-11-11 12:40 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-11 12:40 - 2016-12-14 12:55 - 000077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-11 12:11 - 2017-11-11 12:11 - 000000000 ___HD C:\$SysReset
2017-11-11 09:41 - 2017-11-11 09:41 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-11 09:41 - 2017-11-11 09:41 - 000002336 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-11 09:40 - 2017-11-12 07:04 - 000003586 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-11 09:40 - 2017-11-12 07:04 - 000003462 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-11 09:40 - 2017-11-11 09:41 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-10 07:38 - 2017-11-10 07:38 - 000000546 ____C C:\Users\LAHOU\Desktop\JRT.txt
2017-11-09 08:16 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2017-11-09 07:02 - 2017-11-09 07:02 - 000000000 ___DC C:\Users\LAHOU\Desktop\Anciennes données de Firefox
2017-11-09 06:54 - 2017-11-12 15:08 - 000000000 ___DC C:\Users\LAHOU\AppData\LocalLow\Mozilla
2017-11-09 06:54 - 2017-11-09 06:54 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-09 06:54 - 2017-11-09 06:54 - 000000999 ____C C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-09 06:54 - 2017-11-09 06:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-09 06:54 - 2017-11-09 06:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-08 15:40 - 2017-11-08 15:40 - 000001816 ____C C:\Users\Public\Desktop\iTunes.lnk
2017-11-08 15:40 - 2017-11-08 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-08 15:40 - 2017-11-08 15:40 - 000000000 ____D C:\Program Files\iTunes
2017-11-08 15:40 - 2017-11-08 15:40 - 000000000 ____D C:\Program Files\iPod
2017-11-08 15:39 - 2017-11-08 15:39 - 000002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-11-08 15:39 - 2017-11-08 15:39 - 000000000 ____D C:\Program Files\Bonjour
2017-11-08 15:39 - 2017-11-08 15:39 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-11-08 15:39 - 2017-11-08 15:39 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-11-07 14:20 - 2017-11-07 14:20 - 000016106 ____C C:\Users\LAHOU\Desktop\ReleveDeCompte.pdf
2017-11-07 14:09 - 2017-11-07 14:09 - 000097237 ____C C:\Users\LAHOU\Downloads\ICF_ENV001_DNOIZBEQ (1).PDF
2017-11-07 12:45 - 2017-11-07 12:45 - 000001750 __RSH C:\ProgramData\ntuser.pol
2017-11-07 09:53 - 2017-11-07 14:21 - 000000000 ____D C:\Users\LAHOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-11-07 09:50 - 2017-11-07 10:14 - 092838480 ____C C:\Users\LAHOU\Downloads\Autodata 3.45.rar
2017-11-07 09:37 - 2017-11-07 09:37 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3617780264-3162171523-3638993082-1000
2017-11-07 09:36 - 2017-11-07 09:37 - 000002449 _____ C:\Users\LAHOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 09:31 - 2017-11-07 09:31 - 000001464 ____C C:\Users\LAHOU\Desktop\Autodata 3.45.lnk
2017-11-07 09:31 - 2017-11-07 09:31 - 000000000 ___DC C:\Users\LAHOU\Documents\Downloaded Installations
2017-11-07 09:31 - 2017-11-07 09:31 - 000000000 ____D C:\ProgramData\SafeNet Sentinel
2017-11-07 09:31 - 2009-09-17 07:05 - 000145448 _____ (SafeNet, Inc.) C:\WINDOWS\system32\Drivers\sentinel64.sys
2017-11-05 16:38 - 2017-11-05 16:38 - 001292943 ____C C:\Users\LAHOU\Downloads\تفسير سورة الفاتحة الإمام العثيمين.pdf
2017-11-05 16:17 - 2017-11-05 16:17 - 000097237 ____C C:\Users\LAHOU\Downloads\ICF_ENV001_DNOIZBEQ.PDF
2017-11-04 20:33 - 2017-11-04 20:33 - 000212237 ____C C:\Users\LAHOU\Downloads\1-8-16v-2005.pdf
2017-11-02 16:51 - 2017-11-02 16:52 - 000000000 ___DC C:\Users\LAHOU\Desktop\scan
2017-11-02 16:27 - 2017-11-02 17:03 - 000000000 ___DC C:\Users\LAHOU\Desktop\Nouveau dossier
2017-10-28 10:34 - 2017-10-28 10:34 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-10-28 10:34 - 2017-10-28 10:34 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-10-28 10:34 - 2017-10-28 10:34 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-10-28 10:11 - 2017-10-28 10:11 - 000002093 ____C C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2017-10-27 07:51 - 2017-10-27 07:51 - 004093872 ____C C:\Users\LAHOU\Desktop\FARID.pdf
2017-10-27 06:46 - 2017-10-27 06:46 - 000247072 ____C C:\Users\LAHOU\Downloads\cerfa_13750-05 (2).pdf
2017-10-25 12:12 - 2017-10-25 12:12 - 005448517 ____C C:\Users\LAHOU\Downloads\carte grise allemande.pdf
2017-10-24 08:46 - 2017-10-24 08:46 - 000247072 ____C C:\Users\LAHOU\Downloads\cerfa_13750-05 (1).pdf
2017-10-24 08:16 - 2017-10-24 08:16 - 001070766 ____C C:\Users\LAHOU\Desktop\IMG_0416.pdf
2017-10-23 16:16 - 2017-10-23 16:16 - 000329522 ____C C:\Users\LAHOU\Downloads\101757264-106001934125.pdf
2017-10-23 15:59 - 2017-10-23 15:59 - 001696715 ____C C:\Users\LAHOU\Desktop\kbis.pdf
2017-10-22 09:47 - 2017-10-22 09:47 - 000041849 ____C C:\Users\LAHOU\Downloads\facture-resiliation-20170727_louali-atmani-el-houssain-lydia (1).pdf
2017-10-22 09:14 - 2017-10-22 09:14 - 000247072 ____C C:\Users\LAHOU\Downloads\cerfa_13750-05.pdf
2017-10-22 07:59 - 2017-10-28 10:09 - 000000000 ___DC C:\Users\LAHOU\Desktop\Adobe Acrobat
2017-10-19 11:46 - 2017-10-19 11:46 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-10-19 11:46 - 2017-10-19 11:46 - 000001108 ____C C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-10-19 11:46 - 2017-10-19 11:46 - 000000000 ____D C:\Users\LAHOU\AppData\Roaming\TeamViewer
2017-10-19 11:45 - 2017-10-19 11:46 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-10-19 11:41 - 2017-10-19 11:41 - 015756368 ____C (TeamViewer GmbH) C:\Users\LAHOU\Desktop\TeamViewer_Setup-12.0.83369.exe
2017-10-19 11:29 - 2017-10-19 11:29 - 001816776 ____C C:\Users\LAHOU\Desktop\anydesk_3-6-2_fr_431427.exe
2017-10-19 08:02 - 2017-10-19 08:02 - 000000000 _____ C:\WINDOWS\SysWOW64\config.nt
2017-10-18 07:00 - 2017-10-13 01:21 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-18 07:00 - 2017-10-13 01:21 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-12 15:47 - 2017-08-01 13:33 - 003056200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-12 15:47 - 2017-03-20 06:10 - 001417804 _____ C:\WINDOWS\system32\perfh00C.dat
2017-11-12 15:47 - 2017-03-20 06:10 - 000345088 _____ C:\WINDOWS\system32\perfc00C.dat
2017-11-12 15:40 - 2017-08-01 13:39 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-11-12 15:40 - 2017-03-18 12:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-12 15:32 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-12 15:30 - 2016-09-28 17:18 - 000007889 _____ C:\WINDOWS\BRRBCOM.INI
2017-11-12 15:25 - 2017-08-01 13:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-12 12:33 - 2015-05-14 08:33 - 000000000 ___DC C:\Users\LAHOU\AppData\Roaming\uTorrent
2017-11-12 12:26 - 2017-08-09 16:22 - 000417632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-12 11:28 - 2017-08-01 13:39 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B58ECB6-A839-40F9-A22F-981029C1F74A}
2017-11-12 07:13 - 2015-05-15 15:27 - 000000000 ___DC C:\Users\LAHOU\AppData\Local\Google
2017-11-11 12:40 - 2015-05-14 12:28 - 000000000 ___DC C:\ProgramData\Malwarebytes
2017-11-11 12:34 - 2015-05-11 21:09 - 000000000 ___DC C:\Users\LAHOU\AppData\Local\Adobe
2017-11-11 09:20 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-11 09:20 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-09 08:52 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-09 08:52 - 2015-10-23 18:39 - 000000000 ___DC C:\Users\LAHOU\AppData\LocalLow\IObit
2017-11-09 07:10 - 2017-07-18 09:14 - 000000000 ____D C:\Program Files\DAEMON Tools Pro
2017-11-09 07:10 - 2017-07-16 15:13 - 000000000 ____D C:\ProgramData\Ashampoo
2017-11-09 07:10 - 2016-03-26 12:31 - 000000000 ____D C:\Program Files\CCleaner
2017-11-08 15:39 - 2015-06-30 11:49 - 000000000 ___DC C:\ProgramData\Apple
2017-11-08 15:39 - 2015-06-30 11:49 - 000000000 ___DC C:\Program Files\Common Files\Apple
2017-11-08 10:30 - 2017-08-01 13:34 - 000000000 ____D C:\Users\LAHOU
2017-11-08 08:18 - 2017-07-19 11:58 - 000001283 ____C C:\Users\LAHOU\Documents\hosts.txt
2017-11-07 12:45 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-07 12:45 - 2009-07-14 04:20 - 000000000 __HDC C:\WINDOWS\system32\GroupPolicy
2017-11-07 09:36 - 2016-02-09 07:44 - 000000000 ___RD C:\Users\LAHOU\OneDrive
2017-11-05 17:43 - 2016-06-01 10:02 - 000000000 ___DC C:\Users\LAHOU\Desktop\Cours Abou Hamaad Sulaiman Al-Hayiti
2017-10-29 12:26 - 2017-04-29 12:25 - 000000000 ___DC C:\Users\LAHOU\Desktop\syrine our ino niir
2017-10-28 10:11 - 2015-05-11 21:09 - 000000000 ___DC C:\ProgramData\Adobe
2017-10-24 08:45 - 2016-03-23 12:20 - 000000000 ___DC C:\Users\LAHOU\Desktop\AUTOSUDISCOUNT
2017-10-23 12:42 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-18 07:00 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-13 16:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
==================== Fichiers à la racine de certains dossiers =======
2017-08-01 13:33 - 2017-08-01 13:33 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-20 18:48 - 2016-01-20 18:48 - 000000263 ____C () C:\ProgramData\fontcacheev1.dat
Fichiers à déplacer ou supprimer:
====================
C:\ProgramData\fontcacheev1.dat
Certains fichiers dans TEMP:
====================
2017-10-26 09:07 - 2017-10-26 09:07 - 000488960 _____ () C:\Users\LAHOU\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-11-09 14:20
==================== Fin de FRST.txt ============================
Exécuté par LAHOU (administrateur) sur LAHOU-PC (12-11-2017 15:51:54)
Exécuté depuis C:\Users\LAHOU\Desktop
Profils chargés: LAHOU (Profils disponibles: LAHOU & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.674 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(HashLogic) C:\Program Files\ChamberSign\HashLogic\bin\idoCacheSrv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HashLogic) C:\Program Files (x86)\ChamberSign\HashLogic\bin\TokenManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-05-08] (Realtek Semiconductor)
HKLM\...\Run: [TokenManager] => C:\Program Files (x86)\ChamberSign\HashLogic\bin\TokenManager.exe [1261056 2016-05-19] (HashLogic)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Run: [uTorrent] => C:\Users\LAHOU\AppData\Roaming\uTorrent\uTorrent.exe [1999040 2017-10-22] (BitTorrent Inc.)
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-08-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Policies\Explorer: [NoFavoritesMenu] 1
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241
Tcpip\..\Interfaces\{2FB0F181-967B-46E7-A01B-9FBAE28566D1}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{6cb3a5d4-e568-42ab-a308-375be1eab05d}: [DhcpNameServer] 212.27.40.240 212.27.40.241
Tcpip\..\Interfaces\{79a4b999-c84e-405a-8145-1c83b8d30009}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{e26cc909-cd3c-412f-aecc-979fb58e52d8}: [DhcpNameServer] 212.27.40.240 212.27.40.241
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3617780264-3162171523-3638993082-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.fr/
URLSearchHook: HKU\S-1-5-21-3617780264-3162171523-3638993082-1000 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3617780264-3162171523-3638993082-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-08-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll => Pas de fichier
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2016-02-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2016-02-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3617780264-3162171523-3638993082-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: ke7ofeoj.default-1475560371820-1510207374083
FF ProfilePath: C:\Users\LAHOU\AppData\Roaming\Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083 [2017-11-12]
FF Homepage: Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083 -> hxxps://www.google.fr
FF Extension: (Enhancer for YouTube™) - C:\Users\LAHOU\AppData\Roaming\Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-11-09]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\LAHOU\AppData\Roaming\Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-11-09]
FF Extension: (uBlock Origin) - C:\Users\LAHOU\AppData\Roaming\Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083\Extensions\uBlock0@raymondhill.net.xpi [2017-11-09]
FF Extension: (Adblock Plus) - C:\Users\LAHOU\AppData\Roaming\Mozilla\Firefox\Profiles\ke7ofeoj.default-1475560371820-1510207374083\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-10-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-07-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2016-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-08-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-08-23] (Microsoft Corporation)
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.youtube.com/watch?v=qvR_jaFZKHU"
CHR Profile: C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]
CHR Extension: (Docs) - C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12]
CHR Extension: (Adblock Plus) - C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-11-12]
CHR Extension: (Google Docs hors connexion) - C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-12]
CHR Extension: (AdBlock) - C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-12]
CHR Extension: (Chrome Media Router) - C:\Users\LAHOU\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-12]
CHR HKLM\...\Chrome\Extension: [pfcgjlglddicjopgimohdcbmabacamll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Fichier non signé]
R2 idoCacheSrv; C:\Program Files\ChamberSign\HashLogic\bin\idoCacheSrv.exe [258560 2016-05-20] (HashLogic) [Fichier non signé]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [55800 2015-06-02] ()
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-07-16] (The OpenVPN Project)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-05-08] (Advanced Micro Devices)
S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2017-07-18] (Disc Soft Ltd)
R3 GemCCID; C:\WINDOWS\system32\DRIVERS\GemCCID.sys [139632 2015-07-10] (Gemalto)
S3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2016-11-02] (The OpenVPN Project)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-02-01] (REALiX(tm))
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2015-10-23] ()
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [41576 2016-02-19] (EldoS Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-05-08] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-05-08] (Synaptics Incorporated)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U4 idsvc; pas de ImagePath
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-12 15:51 - 2017-11-12 15:52 - 000019804 ____C C:\Users\LAHOU\Desktop\FRST.txt
2017-11-12 15:51 - 2017-11-12 15:51 - 002392576 ____C (Farbar) C:\Users\LAHOU\Desktop\FRST64.exe
2017-11-12 15:40 - 2017-11-12 15:40 - 000000000 ____D C:\WINDOWS\Panther
2017-11-12 12:13 - 2017-11-12 12:13 - 000003426 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2017-11-12 12:13 - 2017-11-12 12:13 - 000000000 ____D C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2017-11-12 12:13 - 2017-11-12 12:13 - 000000000 ____D C:\Users\LAHOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-11-12 12:13 - 2017-11-12 12:13 - 000000000 ____D C:\sh4ldr
2017-11-12 12:13 - 2017-11-12 12:13 - 000000000 ____D C:\Program Files (x86)\Enigma Software Group
2017-11-12 08:17 - 2017-11-12 08:17 - 000000633 ____C C:\Users\LAHOU\Desktop\SearchReg.txt
2017-11-12 07:41 - 2017-11-12 15:51 - 000000000 ____D C:\FRST
2017-11-11 14:48 - 2017-11-11 14:48 - 000001425 ____C C:\Users\LAHOU\Desktop\ZHPCleaner.txt
2017-11-11 12:40 - 2017-11-11 14:22 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-11 12:40 - 2017-11-11 12:40 - 000001920 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-11 12:40 - 2017-11-11 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-11 12:40 - 2017-11-11 12:40 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-11 12:40 - 2016-12-14 12:55 - 000077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-11 12:11 - 2017-11-11 12:11 - 000000000 ___HD C:\$SysReset
2017-11-11 09:41 - 2017-11-11 09:41 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-11 09:41 - 2017-11-11 09:41 - 000002336 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-11 09:40 - 2017-11-12 07:04 - 000003586 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-11 09:40 - 2017-11-12 07:04 - 000003462 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-11 09:40 - 2017-11-11 09:41 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-10 07:38 - 2017-11-10 07:38 - 000000546 ____C C:\Users\LAHOU\Desktop\JRT.txt
2017-11-09 08:16 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2017-11-09 07:02 - 2017-11-09 07:02 - 000000000 ___DC C:\Users\LAHOU\Desktop\Anciennes données de Firefox
2017-11-09 06:54 - 2017-11-12 15:08 - 000000000 ___DC C:\Users\LAHOU\AppData\LocalLow\Mozilla
2017-11-09 06:54 - 2017-11-09 06:54 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-09 06:54 - 2017-11-09 06:54 - 000000999 ____C C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-09 06:54 - 2017-11-09 06:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-09 06:54 - 2017-11-09 06:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-08 15:40 - 2017-11-08 15:40 - 000001816 ____C C:\Users\Public\Desktop\iTunes.lnk
2017-11-08 15:40 - 2017-11-08 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-08 15:40 - 2017-11-08 15:40 - 000000000 ____D C:\Program Files\iTunes
2017-11-08 15:40 - 2017-11-08 15:40 - 000000000 ____D C:\Program Files\iPod
2017-11-08 15:39 - 2017-11-08 15:39 - 000002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-11-08 15:39 - 2017-11-08 15:39 - 000000000 ____D C:\Program Files\Bonjour
2017-11-08 15:39 - 2017-11-08 15:39 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-11-08 15:39 - 2017-11-08 15:39 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-11-07 14:20 - 2017-11-07 14:20 - 000016106 ____C C:\Users\LAHOU\Desktop\ReleveDeCompte.pdf
2017-11-07 14:09 - 2017-11-07 14:09 - 000097237 ____C C:\Users\LAHOU\Downloads\ICF_ENV001_DNOIZBEQ (1).PDF
2017-11-07 12:45 - 2017-11-07 12:45 - 000001750 __RSH C:\ProgramData\ntuser.pol
2017-11-07 09:53 - 2017-11-07 14:21 - 000000000 ____D C:\Users\LAHOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-11-07 09:50 - 2017-11-07 10:14 - 092838480 ____C C:\Users\LAHOU\Downloads\Autodata 3.45.rar
2017-11-07 09:37 - 2017-11-07 09:37 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3617780264-3162171523-3638993082-1000
2017-11-07 09:36 - 2017-11-07 09:37 - 000002449 _____ C:\Users\LAHOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 09:31 - 2017-11-07 09:31 - 000001464 ____C C:\Users\LAHOU\Desktop\Autodata 3.45.lnk
2017-11-07 09:31 - 2017-11-07 09:31 - 000000000 ___DC C:\Users\LAHOU\Documents\Downloaded Installations
2017-11-07 09:31 - 2017-11-07 09:31 - 000000000 ____D C:\ProgramData\SafeNet Sentinel
2017-11-07 09:31 - 2009-09-17 07:05 - 000145448 _____ (SafeNet, Inc.) C:\WINDOWS\system32\Drivers\sentinel64.sys
2017-11-05 16:38 - 2017-11-05 16:38 - 001292943 ____C C:\Users\LAHOU\Downloads\تفسير سورة الفاتحة الإمام العثيمين.pdf
2017-11-05 16:17 - 2017-11-05 16:17 - 000097237 ____C C:\Users\LAHOU\Downloads\ICF_ENV001_DNOIZBEQ.PDF
2017-11-04 20:33 - 2017-11-04 20:33 - 000212237 ____C C:\Users\LAHOU\Downloads\1-8-16v-2005.pdf
2017-11-02 16:51 - 2017-11-02 16:52 - 000000000 ___DC C:\Users\LAHOU\Desktop\scan
2017-11-02 16:27 - 2017-11-02 17:03 - 000000000 ___DC C:\Users\LAHOU\Desktop\Nouveau dossier
2017-10-28 10:34 - 2017-10-28 10:34 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-10-28 10:34 - 2017-10-28 10:34 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-10-28 10:34 - 2017-10-28 10:34 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-10-28 10:11 - 2017-10-28 10:11 - 000002093 ____C C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2017-10-27 07:51 - 2017-10-27 07:51 - 004093872 ____C C:\Users\LAHOU\Desktop\FARID.pdf
2017-10-27 06:46 - 2017-10-27 06:46 - 000247072 ____C C:\Users\LAHOU\Downloads\cerfa_13750-05 (2).pdf
2017-10-25 12:12 - 2017-10-25 12:12 - 005448517 ____C C:\Users\LAHOU\Downloads\carte grise allemande.pdf
2017-10-24 08:46 - 2017-10-24 08:46 - 000247072 ____C C:\Users\LAHOU\Downloads\cerfa_13750-05 (1).pdf
2017-10-24 08:16 - 2017-10-24 08:16 - 001070766 ____C C:\Users\LAHOU\Desktop\IMG_0416.pdf
2017-10-23 16:16 - 2017-10-23 16:16 - 000329522 ____C C:\Users\LAHOU\Downloads\101757264-106001934125.pdf
2017-10-23 15:59 - 2017-10-23 15:59 - 001696715 ____C C:\Users\LAHOU\Desktop\kbis.pdf
2017-10-22 09:47 - 2017-10-22 09:47 - 000041849 ____C C:\Users\LAHOU\Downloads\facture-resiliation-20170727_louali-atmani-el-houssain-lydia (1).pdf
2017-10-22 09:14 - 2017-10-22 09:14 - 000247072 ____C C:\Users\LAHOU\Downloads\cerfa_13750-05.pdf
2017-10-22 07:59 - 2017-10-28 10:09 - 000000000 ___DC C:\Users\LAHOU\Desktop\Adobe Acrobat
2017-10-19 11:46 - 2017-10-19 11:46 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-10-19 11:46 - 2017-10-19 11:46 - 000001108 ____C C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-10-19 11:46 - 2017-10-19 11:46 - 000000000 ____D C:\Users\LAHOU\AppData\Roaming\TeamViewer
2017-10-19 11:45 - 2017-10-19 11:46 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-10-19 11:41 - 2017-10-19 11:41 - 015756368 ____C (TeamViewer GmbH) C:\Users\LAHOU\Desktop\TeamViewer_Setup-12.0.83369.exe
2017-10-19 11:29 - 2017-10-19 11:29 - 001816776 ____C C:\Users\LAHOU\Desktop\anydesk_3-6-2_fr_431427.exe
2017-10-19 08:02 - 2017-10-19 08:02 - 000000000 _____ C:\WINDOWS\SysWOW64\config.nt
2017-10-18 07:00 - 2017-10-13 01:21 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-18 07:00 - 2017-10-13 01:21 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-11-12 15:47 - 2017-08-01 13:33 - 003056200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-12 15:47 - 2017-03-20 06:10 - 001417804 _____ C:\WINDOWS\system32\perfh00C.dat
2017-11-12 15:47 - 2017-03-20 06:10 - 000345088 _____ C:\WINDOWS\system32\perfc00C.dat
2017-11-12 15:40 - 2017-08-01 13:39 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-11-12 15:40 - 2017-03-18 12:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-12 15:32 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-12 15:30 - 2016-09-28 17:18 - 000007889 _____ C:\WINDOWS\BRRBCOM.INI
2017-11-12 15:25 - 2017-08-01 13:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-12 12:33 - 2015-05-14 08:33 - 000000000 ___DC C:\Users\LAHOU\AppData\Roaming\uTorrent
2017-11-12 12:26 - 2017-08-09 16:22 - 000417632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-12 11:28 - 2017-08-01 13:39 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B58ECB6-A839-40F9-A22F-981029C1F74A}
2017-11-12 07:13 - 2015-05-15 15:27 - 000000000 ___DC C:\Users\LAHOU\AppData\Local\Google
2017-11-11 12:40 - 2015-05-14 12:28 - 000000000 ___DC C:\ProgramData\Malwarebytes
2017-11-11 12:34 - 2015-05-11 21:09 - 000000000 ___DC C:\Users\LAHOU\AppData\Local\Adobe
2017-11-11 09:20 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-11 09:20 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-09 08:52 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-09 08:52 - 2015-10-23 18:39 - 000000000 ___DC C:\Users\LAHOU\AppData\LocalLow\IObit
2017-11-09 07:10 - 2017-07-18 09:14 - 000000000 ____D C:\Program Files\DAEMON Tools Pro
2017-11-09 07:10 - 2017-07-16 15:13 - 000000000 ____D C:\ProgramData\Ashampoo
2017-11-09 07:10 - 2016-03-26 12:31 - 000000000 ____D C:\Program Files\CCleaner
2017-11-08 15:39 - 2015-06-30 11:49 - 000000000 ___DC C:\ProgramData\Apple
2017-11-08 15:39 - 2015-06-30 11:49 - 000000000 ___DC C:\Program Files\Common Files\Apple
2017-11-08 10:30 - 2017-08-01 13:34 - 000000000 ____D C:\Users\LAHOU
2017-11-08 08:18 - 2017-07-19 11:58 - 000001283 ____C C:\Users\LAHOU\Documents\hosts.txt
2017-11-07 12:45 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-07 12:45 - 2009-07-14 04:20 - 000000000 __HDC C:\WINDOWS\system32\GroupPolicy
2017-11-07 09:36 - 2016-02-09 07:44 - 000000000 ___RD C:\Users\LAHOU\OneDrive
2017-11-05 17:43 - 2016-06-01 10:02 - 000000000 ___DC C:\Users\LAHOU\Desktop\Cours Abou Hamaad Sulaiman Al-Hayiti
2017-10-29 12:26 - 2017-04-29 12:25 - 000000000 ___DC C:\Users\LAHOU\Desktop\syrine our ino niir
2017-10-28 10:11 - 2015-05-11 21:09 - 000000000 ___DC C:\ProgramData\Adobe
2017-10-24 08:45 - 2016-03-23 12:20 - 000000000 ___DC C:\Users\LAHOU\Desktop\AUTOSUDISCOUNT
2017-10-23 12:42 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-18 07:00 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-13 16:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
==================== Fichiers à la racine de certains dossiers =======
2017-08-01 13:33 - 2017-08-01 13:33 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-20 18:48 - 2016-01-20 18:48 - 000000263 ____C () C:\ProgramData\fontcacheev1.dat
Fichiers à déplacer ou supprimer:
====================
C:\ProgramData\fontcacheev1.dat
Certains fichiers dans TEMP:
====================
2017-10-26 09:07 - 2017-10-26 09:07 - 000488960 _____ () C:\Users\LAHOU\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-11-09 14:20
==================== Fin de FRST.txt ============================