Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016 Exécuté par SERVER (administrateur) sur SERVER (15-12-2016 19:46:05) Exécuté depuis C:\Users\SERVER\Desktop Profils chargés: SERVER (Profils disponibles: SERVER) Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France) Internet Explorer Version 9 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (AMD) C:\Windows\System32\atiesrxx.exe (Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti) C:\Program Files (x86)\handyCafe\Server\hndserver.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (PandoraTV) C:\KMPlayer\KMPlayer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: J - J:\AutoRun.exe HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {42384c86-b476-11e6-aa08-b8975a26dca4} - J:\Auto.exe HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {489342de-b219-11e6-a306-b8975a26dca4} - J:\autorun.exe HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {489342e2-b219-11e6-a306-b8975a26dca4} - J:\autorun.exe HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {530a6631-a041-11e6-a971-10feedce4ac2} - J:\Setup.exe HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {71de87cf-ace2-11e6-bd5f-b8975a26dca4} - J:\AutoRun.exe HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {8edca6ce-b79b-11e6-aaef-10feedce4ac2} - J:\AutoRun.exe HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {defd7e2d-9e7a-11e6-a17a-10feedce4ac2} - J:\AutoRun.exe HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {fbba8562-b271-11e6-810a-b8975a26dca4} - K:\Setup.exe ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Pas de fichier ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Pas de fichier ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Pas de fichier ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Pas de fichier ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Pas de fichier ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Pas de fichier ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: 127.0.0.1 activation-v2.geo.kaspersky.com Tcpip\..\Interfaces\{2A3148E4-23E2-4E16-AEBE-8C54A9084C26}: [NameServer] 208.67.222.123,208.67.220.123 Tcpip\..\Interfaces\{50DD600E-1A1F-4C39-958B-CB622D763825}: [DhcpNameServer] 192.168.137.129 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-11-30] (Internet Download Manager, Tonec Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-11-30] (Internet Download Manager, Tonec Inc.) FireFox: ======== FF DefaultProfile: w0jy8d21.default FF ProfilePath: C:\Users\SERVER\AppData\Roaming\Mozilla\Firefox\Profiles\w0jy8d21.default [2016-12-15] FF Homepage: Mozilla\Firefox\Profiles\w0jy8d21.default -> www.google.com FF Extension: (Visual Bookmarks) - C:\Users\SERVER\AppData\Roaming\Mozilla\Firefox\Profiles\w0jy8d21.default\Extensions\vb@yandex.ru.xpi [2016-11-09] FF Extension: (Pas de nom) - C:\Users\SERVER\AppData\Roaming\Mozilla\Firefox\Profiles\w0jy8d21.default\extensions\yasearch@yandex.ru.xpi [non trouvé(e)] FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16] FF HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\SERVER\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\SERVER\AppData\Roaming\IDM\idmmzcc5 [2016-12-15] [non signé] FF HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default [2016-12-15] CHR Extension: (Google Slides) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-28] CHR Extension: (Google Docs) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-28] CHR Extension: (Google Drive) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28] CHR Extension: (YouTube) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28] CHR Extension: (Adblock Plus) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-01] CHR Extension: (Google Sheets) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-28] CHR Extension: (Google Docs hors connexion) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-28] CHR Extension: (IDM Integration Module) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-09] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28] CHR Extension: (Gmail) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-28] CHR Extension: (Chrome Media Router) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-02] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-11-30] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-11-30] Opera: ======= OPR Extension: (IDM Integration Module) - C:\Users\SERVER\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-11] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [Fichier non signé] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2815520 2016-10-11] (ESET) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Fichier non signé] S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Fichier non signé] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [38024 2015-08-23] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-11-24] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-11-24] (Disc Soft Ltd) S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2016-11-01] (Disc Soft Ltd) S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2016-11-01] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [212096 2016-10-13] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET) R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [48768 2016-10-13] (ESET) R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [76416 2016-10-13] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59528 2016-10-13] (ESET) R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [91784 2016-10-13] (ESET) S3 GMLXD16Fltr; C:\Windows\System32\drivers\GMLXDFltr01.sys [19488 2016-05-27] (LXD Development, Inc.) R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros Co., Ltd.) S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider) R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-12-15 19:46 - 2016-12-15 19:46 - 00014296 _____ C:\Users\SERVER\Desktop\FRST.txt 2016-12-15 19:45 - 2016-12-15 19:46 - 00000000 ____D C:\FRST 2016-12-15 19:44 - 2016-12-15 19:44 - 02420224 _____ (Farbar) C:\Users\SERVER\Desktop\FRST64.exe 2016-12-15 19:43 - 2016-12-15 19:43 - 00010030 _____ C:\Users\SERVER\Desktop\rk_48C2.tmp.txt 2016-12-15 19:41 - 2016-12-15 19:41 - 00010030 _____ C:\Users\SERVER\Desktop\rk_861E.tmp.txt 2016-12-15 16:31 - 2016-12-15 16:31 - 00000000 ____D C:\Users\SERVER\AppData\Local\CrashDumps 2016-12-15 14:12 - 2016-12-15 14:12 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-12-15 14:09 - 2016-12-15 19:45 - 00000000 ____D C:\ProgramData\RogueKiller 2016-12-15 14:09 - 2016-12-15 14:09 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2016-12-15 14:09 - 2016-12-15 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2016-12-15 14:09 - 2016-12-15 14:09 - 00000000 ____D C:\Program Files\RogueKiller 2016-12-15 13:59 - 2016-12-15 14:43 - 00000000 ____D C:\Users\SERVER\Desktop\réparé pc 2016-12-15 04:51 - 2016-12-15 04:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2016-12-15 04:51 - 2016-12-15 04:51 - 00000000 ____D C:\ProgramData\ESET 2016-12-15 02:47 - 2016-12-15 02:47 - 00001032 _____ C:\Users\SERVER\Desktop\Your Unin-staller!.lnk 2016-12-15 02:47 - 2016-12-15 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7 2016-12-15 02:47 - 2016-12-15 02:47 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7 2016-12-15 02:11 - 2016-12-15 04:40 - 00000000 ____D C:\Program Files\Common Files\AV 2016-12-15 01:59 - 2016-12-15 04:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-12-15 01:44 - 2016-12-15 04:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2016-12-15 01:35 - 2016-12-15 01:35 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\URSoft 2016-12-15 01:01 - 2016-12-15 01:01 - 00000000 ____D C:\Users\SERVER\Desktop\Kaspersky 2016-12-14 22:37 - 2016-12-15 19:03 - 00000000 ____D C:\Users\SERVER\AppData\LocalLow\Mozilla 2016-12-14 22:36 - 2016-12-15 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-14 22:36 - 2016-12-14 22:36 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-12-14 22:36 - 2016-12-14 22:36 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-12-14 22:23 - 2016-12-14 22:34 - 44594784 _____ C:\Users\SERVER\Downloads\Firefox Setup 50.1.0.exe 2016-12-14 22:15 - 2016-12-14 22:15 - 00243552 _____ C:\Users\SERVER\Downloads\Firefox Setup Stub 50.1.0.exe 2016-12-14 20:25 - 2016-12-15 08:42 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2016-12-14 20:25 - 2016-12-15 08:42 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-12-14 20:25 - 2016-12-15 08:42 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2016-12-14 20:25 - 2016-12-15 08:41 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-14 20:25 - 2016-12-15 08:41 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-12-14 20:25 - 2016-12-14 20:25 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-14 20:25 - 2016-12-14 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-14 20:25 - 2016-12-14 20:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-14 20:25 - 2016-12-14 20:25 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-14 20:25 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2016-12-14 20:04 - 2016-12-14 20:04 - 01380712 _____ C:\Users\SERVER\Downloads\grand-theft-auto-vice-city [1].exe 2016-12-14 19:04 - 2016-12-14 20:20 - 00000000 ____D C:\AdwCleaner 2016-12-14 18:37 - 2016-12-14 22:05 - 00113811 _____ C:\Users\SERVER\Desktop\ZHPDiag.txt 2016-12-14 18:33 - 2016-12-14 22:03 - 00000819 _____ C:\Users\SERVER\Desktop\ZHPDiag.lnk 2016-12-14 18:32 - 2016-12-14 22:07 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\ZHP 2016-12-14 18:31 - 2016-12-14 18:31 - 02579968 _____ C:\Users\SERVER\Desktop\ZHPDiag3.exe 2016-12-12 23:33 - 2016-12-12 23:34 - 00000000 ____D C:\Users\SERVER\Desktop\Nouveau dossier (2) 2016-12-12 22:40 - 2016-12-12 22:40 - 00000606 _____ C:\Users\SERVER\Desktop\KMPlayer.lnk 2016-12-12 22:40 - 2016-12-12 22:40 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer 2016-12-12 22:39 - 2016-12-15 19:17 - 00000000 ____D C:\KMPlayer 2016-12-12 19:14 - 2016-12-12 19:14 - 00128457 _____ C:\Users\SERVER\Desktop\دروس.pdf 2016-12-12 15:02 - 2016-12-12 15:03 - 05529447 _____ C:\Users\SERVER\Desktop\كتاب زاد المستقنع.pdf 2016-12-12 15:00 - 2016-12-12 15:00 - 00000000 ____H C:\Users\SERVER\Documents\Default.rdp 2016-12-11 23:42 - 2016-12-12 06:18 - 00000000 ____D C:\Users\SERVER\Desktop\Vikings.S01.Season.1.Complete.1080p.WEB-DL.AC3.X264-MRSK[cttv] 2016-12-10 13:27 - 2016-12-10 13:28 - 00068888 _____ (Microsoft Corporation) C:\Users\SERVER\Downloads\xinput1_3.dll 2016-12-09 10:43 - 2016-12-09 10:44 - 11681628 _____ C:\Users\SERVER\Downloads\Candy Camera_v3.16_apkpure.com.apk 2016-12-09 06:00 - 2016-12-09 06:00 - 00000000 ____D C:\Temp 2016-12-09 03:39 - 2016-12-09 03:39 - 00000000 ____D C:\Program Files (x86)\handyCafe 2016-12-08 15:48 - 2016-12-08 15:48 - 00176342 _____ C:\Users\SERVER\Documents\hhhhh.xps 2016-12-08 03:15 - 2016-12-08 03:33 - 27317941 _____ C:\Users\SERVER\Downloads\WhatsApp Messenger_v2.16.352_apkpure.com (1).apk 2016-12-08 01:18 - 2016-12-08 01:47 - 27317941 _____ C:\Users\SERVER\Downloads\WhatsApp Messenger_v2.16.352_apkpure.com.apk 2016-12-06 11:37 - 2016-12-09 03:39 - 00001096 _____ C:\Users\Public\Desktop\handyCafe Server.lnk 2016-12-06 11:28 - 2016-12-06 11:28 - 00000000 __SHD C:\found.000 2016-12-06 00:28 - 2016-12-06 00:28 - 00006544 ____N C:\bootsqm.dat 2016-12-05 18:14 - 2016-12-05 18:17 - 00001906 _____ C:\Users\SERVER\Desktop\Opera.lnk 2016-12-05 18:14 - 2016-12-05 18:14 - 00000000 _RSHD C:\SERVER 2016-12-05 05:17 - 2016-12-08 01:28 - 00000000 ____D C:\Users\SERVER\Desktop\Nouveau dossier 2016-12-02 23:16 - 2016-12-02 23:16 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Zbshareware Lab 2016-12-02 20:46 - 2016-12-02 20:56 - 00003868 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1480707985 2016-12-02 20:46 - 2016-12-02 20:46 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-12-02 03:09 - 2016-12-02 03:09 - 00041316 _____ C:\Users\SERVER\Downloads\kis 2016 by akram kimou.rar 2016-12-02 01:55 - 2016-12-02 01:55 - 00000000 ____D C:\Program Files\ESET 2016-12-02 01:16 - 2016-12-02 01:16 - 00000000 ____D C:\Users\SERVER\AppData\Local\UCBrowser 2016-12-01 21:58 - 2016-12-01 21:58 - 00918383 _____ C:\Users\SERVER\Downloads\drive-download-20161201T205757Z.zip 2016-12-01 17:26 - 2016-12-01 17:26 - 09493086 _____ C:\Users\SERVER\Downloads\Google Earth_v8.0.4.2346_apkpure.com.apk 2016-11-30 16:21 - 2016-10-17 16:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2016-11-30 09:58 - 2016-11-30 09:58 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\ESET 2016-11-29 20:24 - 2016-11-29 20:24 - 00003330 _____ C:\Windows\System32\Tasks\{4381109E-2038-4075-BE12-2794FBC8B883} 2016-11-29 09:17 - 2016-08-29 01:08 - 04184488 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys 2016-11-29 02:16 - 2016-11-29 02:16 - 00000000 ____D C:\Screens 2016-11-29 02:08 - 2016-11-29 02:08 - 00000000 ____D C:\Windows\ALmzor-G 2016-11-27 18:14 - 2016-11-27 18:19 - 09282735 _____ C:\Users\SERVER\Downloads\لعبة المزرعة السعيدة للموبايل_v1.0.1_apkpure.com.apk 2016-11-26 23:20 - 2016-11-26 23:20 - 00000000 ____D C:\Users\SERVER\AppData\Local\SKIDROW 2016-11-26 23:05 - 2016-11-26 23:05 - 00001245 _____ C:\Users\SERVER\Desktop\charmap.lnk 2016-11-26 19:20 - 2016-11-26 19:20 - 00000833 _____ C:\Windows\system32\Drivers\etc\hosts.txt 2016-11-25 21:30 - 2016-12-06 11:11 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\EurekaLog 2016-11-25 15:52 - 2016-11-25 15:52 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-11-25 15:52 - 2016-11-25 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-11-25 15:51 - 2016-11-25 15:52 - 00000000 ____D C:\Program Files\iTunes 2016-11-25 15:51 - 2016-11-25 15:51 - 00000000 ____D C:\Program Files\iPod 2016-11-25 15:51 - 2016-11-25 15:51 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-11-25 15:49 - 2016-11-25 15:49 - 00000000 ____D C:\Program Files\Bonjour 2016-11-25 15:49 - 2016-11-25 15:49 - 00000000 ____D C:\Program Files (x86)\Bonjour 2016-11-25 15:49 - 2016-11-25 15:49 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-11-25 15:30 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2016-11-25 15:29 - 2016-11-25 15:51 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2016-11-25 15:25 - 2016-11-25 15:25 - 00000000 ____D C:\Windows\system32\appmgmt 2016-11-25 01:36 - 2016-11-25 01:48 - 00000000 ____D C:\ProgramData\Package Cache 2016-11-25 01:28 - 2016-11-25 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ripstone 2016-11-24 23:48 - 2016-11-24 23:52 - 01641656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-11-24 23:40 - 2016-11-24 23:40 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2016-11-24 23:38 - 2016-12-04 06:39 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\DAEMON Tools Lite 2016-11-24 23:38 - 2016-11-24 23:38 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2016-11-24 23:02 - 2016-11-24 23:38 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2016-11-24 22:50 - 2016-11-24 22:50 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-11-24 22:49 - 2016-11-24 22:49 - 00000000 ____D C:\Users\SERVER\AppData\Local\Bluestacks 2016-11-24 02:52 - 2016-11-25 21:32 - 00000000 ____D C:\Users\SERVER\Desktop\Pure.Chess.Grandmaster.Edition-SKIDROW 2016-11-24 02:51 - 2016-11-24 02:52 - 00018061 _____ C:\Users\SERVER\Downloads\Pure.Chess.Grandmaster.Edition-SKIDROW.torrent 2016-11-22 13:55 - 2016-12-15 18:28 - 01739264 ___SH C:\Users\SERVER\Desktop\Thumbs.db 2016-11-22 12:58 - 2016-11-22 12:56 - 02440546 ___SH C:\Users\SERVER\AppData\Local\CSIDL_X 2016-11-22 12:58 - 2016-11-22 12:56 - 02440546 ___SH C:\Users\SERVER\AppData\Local\CSIDL_ 2016-11-22 12:36 - 2016-11-22 12:36 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Eziriz 2016-11-22 12:35 - 2016-11-22 12:35 - 00000000 __HDC C:\ProgramData\{5D14B84F-03AF-49ED-AD37-667086D39ECE} 2016-11-22 12:35 - 2016-11-22 12:35 - 00000000 ____D C:\Users\SERVER\Documents\.NET Reactor SDK Test Apps 2016-11-22 12:35 - 2016-11-22 12:35 - 00000000 ____D C:\Program Files (x86)\Eziriz 2016-11-22 11:58 - 2016-11-22 11:58 - 00000000 ____D C:\1d5726ff0349f1ad700bc5d72a2f 2016-11-22 05:26 - 2016-11-22 05:26 - 00000000 ____D C:\Users\SERVER\Documents\CPY_SAVES 2016-11-22 02:47 - 2016-11-22 02:54 - 24965896 _____ C:\Users\SERVER\Downloads\Iboga Live Video Facebook_v1.7_apkpure.com.apk 2016-11-22 02:07 - 2016-08-10 10:07 - 00088248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140 (2).dll 2016-11-22 01:26 - 2016-11-25 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer 2016-11-21 18:30 - 2007-07-27 21:46 - 00000183 _____ C:\Users\SERVER\Desktop\delXP.bat 2016-11-19 20:31 - 2016-11-19 20:32 - 02802362 _____ C:\Users\SERVER\Downloads\DigDeep Image Recovery_v2.2_apkpure.com.apk 2016-11-18 20:12 - 2016-11-18 20:12 - 08299631 _____ C:\Users\SERVER\Downloads\Photo Pattern Lock Screen DIY_v1.4_apkpure.com.apk 2016-11-18 00:35 - 2016-11-18 00:35 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\ObviousIdea 2016-11-18 00:35 - 2016-11-18 00:35 - 00000000 ____D C:\Users\SERVER\AppData\Local\ObviousIdea 2016-11-17 15:06 - 2016-11-17 15:06 - 00957128 _____ (Microsoft Corporation) C:\Users\SERVER\Downloads\SaveAsPDFandXPS.exe 2016-11-17 15:00 - 2016-11-17 15:00 - 00000000 ____D C:\Program Files (x86)\MSECache 2016-11-15 18:46 - 2016-11-16 09:33 - 00014879 ____H C:\Users\SERVER\Desktop\~WRL0005.tmp 2016-11-15 14:39 - 2016-11-15 14:39 - 00342321 _____ C:\Users\SERVER\Downloads\Office of International Leaderships.pdf 2016-11-15 00:36 - 2016-11-18 04:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio 2016-11-15 00:36 - 2016-11-15 00:36 - 00000000 ____D C:\Users\SERVER\AppData\Local\CEF ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-12-15 19:11 - 2016-10-28 23:00 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-12-15 18:59 - 2016-10-28 23:27 - 00000000 ____D C:\Users\SERVER\Downloads\Video 2016-12-15 18:07 - 2010-11-21 07:19 - 00746916 _____ C:\Windows\system32\perfh00C.dat 2016-12-15 18:07 - 2010-11-21 07:19 - 00149440 _____ C:\Windows\system32\perfc00C.dat 2016-12-15 18:07 - 2009-07-14 06:13 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-15 18:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-12-15 13:58 - 2016-10-28 23:27 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\DMCache 2016-12-15 13:57 - 2016-10-28 23:27 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\IDM 2016-12-15 11:25 - 2016-10-29 01:51 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Skype 2016-12-15 10:17 - 2016-11-02 01:28 - 00000000 ____D C:\ProgramData\TEMP 2016-12-15 08:48 - 2009-07-14 05:45 - 00033712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-15 08:48 - 2009-07-14 05:45 - 00033712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-15 08:40 - 2016-10-28 22:59 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-12-15 08:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-15 04:02 - 2016-11-02 02:02 - 00000286 _____ C:\Windows\Tasks\DLL-Files FixerASKUSER.job 2016-12-15 04:00 - 2016-10-28 23:27 - 00000000 ____D C:\Users\SERVER\Downloads\Compressed 2016-12-14 20:54 - 2009-07-14 06:08 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-14 14:09 - 2016-10-28 23:30 - 00000000 ____D C:\Program Files (x86)\netcut 2016-12-14 03:23 - 2016-10-29 00:15 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\vlc 2016-12-13 15:26 - 2016-10-29 00:06 - 00000000 ____D C:\Users\SERVER\Desktop\Nouveau dossier (3) 2016-12-13 05:20 - 2016-10-30 13:55 - 00000000 ____D C:\Program Files (x86)\WinRAR 2016-12-12 20:00 - 2016-11-02 03:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-12-12 19:59 - 2016-11-07 04:06 - 00000000 ____D C:\Users\SERVER\AppData\Local\Ubisoft Game Launcher 2016-12-12 19:54 - 2016-10-30 13:55 - 00000000 ____D C:\Program Files (x86)\DriverPack Notifier 2016-12-12 19:18 - 2016-10-29 00:06 - 00000000 ____D C:\Users\SERVER\Desktop\fedouha 2016-12-11 11:04 - 2016-10-29 00:06 - 00000000 ____D C:\Users\SERVER\Desktop\بحوث 2016-12-10 06:54 - 2016-10-28 23:27 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2016-12-09 20:17 - 2016-10-28 23:01 - 00002153 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-09 20:17 - 2016-10-28 23:01 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-09 11:13 - 2016-11-08 12:09 - 00000000 ___RD C:\Users\SERVER\Documents\MEGA 2016-12-09 11:13 - 2016-11-08 12:06 - 00000000 ____D C:\Users\SERVER\AppData\Local\MEGAsync 2016-12-09 03:39 - 2016-10-28 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\handyCafe 2016-12-08 15:50 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2016-12-08 15:49 - 2016-10-29 00:07 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Adobe 2016-12-07 17:36 - 2016-10-28 23:00 - 00000000 ____D C:\Program Files (x86)\Opera 2016-12-07 04:56 - 2016-11-09 09:36 - 00000000 ____D C:\Windows\pss 2016-12-06 11:38 - 2016-10-28 23:52 - 00000000 ____D C:\ProgramData\handyCafe 2016-12-04 01:07 - 2016-10-29 11:47 - 00000000 ____D C:\Users\SERVER\AppData\Local\Ahead 2016-12-02 23:21 - 2016-10-29 00:06 - 00000000 ____D C:\Users\SERVER\Desktop\إمـــام 2016-12-02 20:46 - 2016-10-28 23:00 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Opera Software 2016-12-02 20:46 - 2016-10-28 23:00 - 00000000 ____D C:\Users\SERVER\AppData\Local\Opera Software 2016-11-30 11:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2016-11-30 09:51 - 2016-10-29 02:08 - 00000000 ____D C:\Users\SERVER\AppData\Local\ElevatedDiagnostics 2016-11-29 21:50 - 2016-10-28 21:42 - 00000000 ____D C:\Users\SERVER 2016-11-29 21:49 - 2016-10-28 23:32 - 00000000 ____D C:\Program Files\Recuva 2016-11-25 15:51 - 2016-10-28 23:30 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-11-25 15:49 - 2016-10-29 00:03 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-11-25 03:12 - 2016-11-08 12:23 - 00000000 ____D C:\Windows\Minidump 2016-11-25 02:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system 2016-11-25 00:35 - 2016-11-01 22:41 - 00000000 ____D C:\Users\SERVER\AppData\Local\Disc_Soft_Ltd 2016-11-24 18:32 - 2016-10-29 00:04 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Apple Computer 2016-11-24 12:57 - 2016-10-29 01:57 - 00000000 ____D C:\Program Files (x86)\Anvsoft 2016-11-22 14:10 - 2016-10-29 01:57 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Anvsoft 2016-11-22 05:26 - 2016-10-29 17:19 - 00000000 ____D C:\Users\SERVER\Documents\KONAMI 2016-11-22 05:26 - 2016-10-29 17:19 - 00000000 ____D C:\ProgramData\KONAMI 2016-11-22 02:32 - 2010-11-21 07:29 - 00000000 ___RD C:\Users\Public\Recorded TV ==================== Fichiers à la racine de certains dossiers ======= 2016-10-29 02:03 - 2016-10-29 02:03 - 0000056 _____ () C:\Users\SERVER\AppData\Roaming\coreavc.ini 2016-11-22 12:58 - 2016-11-22 12:56 - 2440546 ___SH () C:\Users\SERVER\AppData\Local\CSIDL_ 2016-11-22 12:58 - 2016-11-22 12:56 - 2440546 ___SH () C:\Users\SERVER\AppData\Local\CSIDL_X 2016-11-03 22:51 - 2016-11-03 22:51 - 0003584 _____ () C:\Users\SERVER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-11-10 19:17 - 2016-11-10 19:17 - 0000700 ___SH () C:\Users\SERVER\AppData\Local\systemFL7.dat 2016-11-09 20:02 - 2016-11-09 20:02 - 0004128 _____ () C:\ProgramData\bqeojehc.wbx 2016-10-29 01:57 - 2016-10-29 01:57 - 0004996 _____ () C:\ProgramData\mudtcpaz.vzs Certains fichiers dans TEMP: ==================== C:\Users\SERVER\AppData\Local\Temp\dllnt_dump.dll C:\Users\SERVER\AppData\Local\Temp\kernel32.dll C:\Users\SERVER\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2016-10-28 21:36 ==================== Fin de FRST.txt ============================