Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2017 Exécuté par Admin (administrateur) sur ADMIN-PC (14-02-2017 18:12:12) Exécuté depuis C:\Users\Admin\Desktop Profils chargés: Admin (Profils disponibles: Admin) Platform: Microsoft Windows 7 Professionnel Service Pack 1 (X86) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe () C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE (TeVii Technology Ltd.) C:\Windows\TeViiRC.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Cracked By Wh!5t eR) C:\Program Files\ESET\ESET Smart Security\egui.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Internet Mobile\OnlineUpdate\ouc.exe (CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe (Mediatek Inc.) C:\Program Files\MediatekWiFi\Common\RaRegistry.exe () C:\Program Files\MeditelInternet\MeditelInternet_Service.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe () C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (VMware, Inc.) F:\Program Files\vmware\vmware-tray.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Octoshape ApS) C:\Users\Admin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe () C:\ProgramData\Modem HDM EC156\OnlineUpdate\ouc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\ProgDVB Professional\ProgLauncher.exe () C:\Program Files\MeditelInternet\MeditelInternet_Launcher.exe (TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe (Mega Limited) C:\Users\Admin\AppData\Local\MEGAsync\MEGAsync.exe (Realtek) C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Internet Mobile+\AssistantServices.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (VMware, Inc.) C:\Windows\System32\vmnat.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (VMware, Inc.) F:\Program Files\vmware\vmware-authd.exe (VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM\...\Run: [TeViiRC] => C:\Windows\TeViiRC.exe [328328 2011-07-27] (TeVii Technology Ltd.) HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2270720 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2029640 2009-04-27] (Cracked By Wh!5t eR) HKLM\...\Run: [APSDaemon] => c:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [autodetect] => C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe [128864 2010-11-15] () HKLM\...\Run: [bintin] => C:\WINDOWS\system32\wscript.exe /e:VBScript.Encode D:\bin.doc HKLM\...\Run: [Hercules DJ Series] => C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [509224 2009-10-23] (Hercules®) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.) HKLM\...\Run: [vmware-tray.exe] => F:\Program Files\vmware\vmware-tray.exe [104088 2012-08-15] (VMware, Inc.) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3829328 2014-05-15] (Tonec Inc.) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Admin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [] => [X] HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-19] (Piriform Ltd) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [KiesPDLR.exe] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1021736 2016-01-08] (Samsung) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [uTorrent] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-03] (BitTorrent Inc.) HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Run: [ProgLauncher] => C:\ProgDVB Professional\ProgLauncher.exe [401608 2017-01-19] () HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: H - H:\LGCMInstaller.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: J - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: K - K:\LGAutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {1f79f0f3-a271-11e6-904e-0018bd5ada20} - K:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {21f95f4b-4f22-11e6-ad23-0018bd5ada20} - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {44225ddf-a31e-11e3-8638-002481143393} - K:\LGAutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {548ea047-7897-11e5-b073-002481143393} - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {548ea04b-7897-11e5-b073-002481143393} - H:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {548ea056-7897-11e5-b073-002481143393} - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {58e7c9bf-18e7-11e6-bf94-002481143393} - L:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {67ece96f-9b34-11e5-b7eb-0018bd5ada20} - J:\autorun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {77c221e7-9685-11e5-af18-0018bd5ada20} - J:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {8c08270a-8a08-11e5-8d92-002481143393} - H:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {92711e09-f821-11e5-8516-0018bd5ada20} - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {92711e2a-f821-11e5-8516-0018bd5ada20} - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {9285226d-f8e2-11e5-a42b-0018bd5ada20} - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {9e802dd4-617f-11e6-926c-0018bd5ada20} - K:\Autorun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {9e802ddb-617f-11e6-926c-0018bd5ada20} - L:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {a73a474e-f333-11e5-831d-0018bd5ada20} - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {a73a4751-f333-11e5-831d-0018bd5ada20} - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {b7fd786d-2583-11e6-a409-002481143393} - K:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {c41a5861-2416-11e6-b820-002481143393} - K:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {d6777996-5f05-11e6-b06d-0018bd5ada20} - K:\LGAutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {d7e4b736-f82c-11e5-9a7e-001e101f4e71} - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {debf7eb1-892f-11e5-aeac-002481143393} - J:\AutoRun.exe HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {e4648b38-0a04-11e6-a65c-002481143393} - J:\startme.exe HKU\S-1-5-18\...\Run: [] => 0 HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-18] (Microsoft Corporation) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] () ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-20] ShortcutTarget: MEGAsync.lnk -> C:\Users\Admin\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-01-17] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2016-01-17] ShortcutTarget: Launcher.lnk -> C:\Program Files\MeditelInternet\MeditelInternet_Launcher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2016-08-19] ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files\MediatekWiFi\Common\RaUI.exe (Mediatek Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2016-08-29] ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk [2016-01-17] ShortcutTarget: SnagIt 8.lnk -> C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation) GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices. Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{00755C6C-3BCA-4562-B869-A8244E454258}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{0DC1BE76-3BCB-4762-A000-5BFE49759E01}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1DCC9566-3648-4817-ABF0-3044D3C54E16}: [NameServer] 62.251.231.241 212.217.1.1 Tcpip\..\Interfaces\{3421FB88-7358-418A-AB7A-F91531411C8A}: [NameServer] 192.168.50.58 192.168.60.55 Tcpip\..\Interfaces\{4A9406F1-9252-44C8-89AC-3D2BC5493598}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{5B1883C5-B2D0-4D9A-AEDD-987C81DBEF08}: [NameServer] 192.168.50.58 192.168.60.55 Tcpip\..\Interfaces\{6309F24B-4A52-4B10-A458-A0F63681E56B}: [NameServer] 192.168.50.58 192.168.60.55 Tcpip\..\Interfaces\{74BA3C87-D990-4805-9B1A-26F74C3F68D4}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{ABDC32AE-CDA7-4AFA-85D0-20BB8CB89C34}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{AD8030F3-53BD-4117-9964-DCF0967D02B1}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{B8BB978C-B057-4D2F-ABD5-EB7719393809}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CE033F34-77B7-4968-A419-89C8568BF741}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EFAF6A0A-1795-42C0-ACFE-091342D6DF29}: [NameServer] 62.251.230.241 212.217.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1076428414-641238508-383798790-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp HKU\S-1-5-21-1076428414-641238508-383798790-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.wana.ma BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2014-04-02] (Internet Download Manager, Tonec Inc.) BHO: HelperObject Class -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2006-03-14] (TechSmith Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation) Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2006-03-14] (TechSmith Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bdcsbn63.default [2017-02-14] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\bdcsbn63.default -> Default FF Extension: (Bing Search) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bdcsbn63.default\Extensions\bingsearch.full@microsoft.com [2015-08-24] [non signé] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: (Eset Plugin) - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-02-10] [non signé] FF HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2015-04-30] [non signé] FF HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-04-18] (DivX, LLC) FF Plugin: @DVR/npmedia,version=33.2.0.4 -> C:\Program Files\webrec\WEB30\DVR32\33.2.0.4\npmedia.dll [Pas de fichier] FF Plugin: @DVR/npTimeGrid,version=33.2.0.4 -> C:\Program Files\webrec\WEB30\DVR32\33.2.0.4\npTimeGrid.dll [Pas de fichier] FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-07-03] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-07-03] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( ) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @zenointel.com/p2p -> C:\Program Files\IVSWeb\Bin\npzeno.dll [Pas de fichier] FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1076428414-641238508-383798790-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Admin\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS) FF Plugin HKU\S-1-5-21-1076428414-641238508-383798790-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [Pas de fichier] FF Plugin HKU\S-1-5-21-1076428414-641238508-383798790-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [Pas de fichier] FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-08-18] (Octoshape ApS) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-03-14] Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.co.ma/" CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-02-14] CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-17] CHR Extension: (Alexa Traffic Rank Checker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopiomnkiggljhnhfmcbfjkacfiomcfe [2016-09-23] CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-17] CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-17] CHR Extension: (Recherche Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-17] CHR Extension: (Adobe Acrobat) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30] CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-17] CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31] CHR Extension: (IDM Integration Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2016-05-24] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-17] CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-05-15] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG) S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [13824 2009-04-27] (ESET) [Fichier non signé] R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [731840 2009-04-27] (ESET) R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [137728 2015-11-20] (Google Inc.) [Fichier non signé] S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [137728 2015-11-20] (Google Inc.) [Fichier non signé] R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [17408 2007-11-21] () [Fichier non signé] R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 Internet Mobile. RunOuc; C:\Program Files\Internet Mobile\UpdateDog\ouc.exe [657504 2012-11-12] () R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2117960 2015-04-10] (CybelSoft) R2 MediatekRegistryWriter; C:\Program Files\MediatekWiFi\Common\RaRegistry.exe [405136 2014-12-04] (Mediatek Inc.) R2 MeditelInternet_Service; C:\Program Files\MeditelInternet\MeditelInternet_Service.exe [347120 2012-11-09] () S3 Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [58880 2009-02-26] (Microsoft Corporation) [Fichier non signé] S2 Modem HDM EC156. RunOuc; C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe [650240 2015-10-22] () [Fichier non signé] U2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation) S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [434688 2011-07-20] (Microsoft Corporation) [Fichier non signé] S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [138240 2006-10-26] (Microsoft Corporation) [Fichier non signé] S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [374112 2010-11-11] (Ralink Technology, Corp.) R2 RtlService; C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [Fichier non signé] S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software) S3 Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [564224 2014-02-08] (Valve Corporation) [Fichier non signé] S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6882816 2015-12-14] (TeamViewer GmbH) [Fichier non signé] R2 UI Assistant Service; C:\Program Files\Internet Mobile+\AssistantServices.exe [261456 2011-03-15] () R2 VMAuthdService; F:\Program Files\vmware\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [Fichier non signé] R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357016 2012-08-15] (VMware, Inc.) R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [719512 2012-08-01] (VMware, Inc.) R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [435864 2012-08-15] (VMware, Inc.) S2 VMwareHostd; F:\Program Files\vmware\vmware-hostd.exe [15680000 2012-08-15] () [Fichier non signé] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S4 Mobile Broadband HL Service; "C:\ProgramData\MobileBrServ\mbbservice.exe" [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [19968 2015-11-29] (Windows (R) Codename Longhorn DDK provider) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [25088 2015-05-12] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [30208 2015-05-12] (LG Electronics Inc.) S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [127488 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.) R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-05] (DemoForge, LLC) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [Fichier non signé] S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2016-01-31] (Sony Mobile Communications) R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-08-01] (VMware, Inc.) S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [124416 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.) S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [Fichier non signé] S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2015-11-29] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [66688 2015-11-29] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2015-11-29] (Huawei Technologies Co., Ltd.) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [105344 2015-11-29] (TCT International Mobile Ltd) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [126336 2016-03-10] (Malwarebytes) R3 MPEVirtual; C:\Windows\System32\DRIVERS\TeViiData.sys [17752 2010-06-07] (TeVii Technology, Ltd.) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1174880 2010-12-28] (Ralink Technology Corp.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation) S3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation ) R3 SAllBDA; C:\Windows\System32\Drivers\TeViiS2.sys [130184 2011-07-27] (TeVii Technology Ltd.) S3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_i386.sys [246000 2009-11-10] () S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [181912 2013-05-02] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181912 2013-05-02] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2014-11-17] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [22016 2014-11-21] (LG Electronics Inc.) S3 UsblgwmAtc; C:\Windows\System32\DRIVERS\lgwusbser02.sys [21248 2009-09-23] (LG Electronics Inc) S3 usblgwmbus; C:\Windows\System32\DRIVERS\lgwusbbus.sys [13696 2009-09-23] (LG Electronics Inc) S3 UsblgwmDiag; C:\Windows\System32\DRIVERS\lgwusbser01.sys [21248 2009-09-23] (LG Electronics Inc) S3 USBlgwmModem; C:\Windows\System32\DRIVERS\lgwusbmodem.sys [25216 2009-09-23] (LG Electronics Inc) S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2014-11-17] (LG Electronics Inc.) R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2012-08-15] (VMware, Inc.) R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2012-08-15] (VMware, Inc.) R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25752 2012-08-15] (VMware, Inc.) S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-08-01] (VMware, Inc.) R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [61848 2012-08-15] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [61296 2012-07-06] (VMware, Inc.) R2 vstor2-mntapi10-shared; C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys [22768 2011-07-12] (VMware, Inc.) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [119952 2016-07-15] (MBB) S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] U2 eamon; pas de ImagePath S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-02-14 18:12 - 2017-02-14 18:12 - 00034440 _____ C:\Users\Admin\Desktop\FRST.txt 2017-02-14 18:12 - 2017-02-14 18:12 - 00000000 ____D C:\FRST 2017-02-14 18:11 - 2017-02-14 18:11 - 01764352 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2017-02-14 17:25 - 2017-02-14 17:25 - 04194360 _____ C:\Users\Admin\Downloads\20161209__3120_GUI_D_3510_Wifi_Rock_V_USB.abs 2017-02-14 17:09 - 2017-02-14 17:09 - 00000000 ____H C:\ProgramData\cm-lock 2017-02-13 18:48 - 2017-02-13 18:52 - 00013069 _____ C:\Users\Admin\Desktop\ZHPCleaner.txt 2017-02-13 18:38 - 2017-02-13 18:38 - 00000830 _____ C:\Users\Admin\Desktop\ZHPCleaner.lnk 2017-02-13 18:32 - 2017-02-13 18:32 - 02702848 _____ C:\Users\Admin\Desktop\ZHPCleaner.exe 2017-02-13 18:01 - 2017-02-13 18:14 - 00000000 ____D C:\AdwCleaner 2017-02-13 18:00 - 2017-02-13 18:00 - 04015056 _____ C:\Users\Admin\Desktop\adwcleaner_6.043.exe 2017-02-13 17:48 - 2017-02-13 17:51 - 00002584 _____ C:\Users\Admin\Desktop\Rkill.txt 2017-02-13 17:47 - 2017-02-13 17:47 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.com 2017-02-13 17:29 - 2017-02-13 17:29 - 00227523 _____ C:\Users\Admin\Desktop\ZHPDiag.txt 2017-02-13 17:23 - 2017-02-13 17:23 - 02662400 _____ C:\Users\Admin\Downloads\ZHPDiag3.exe 2017-02-13 17:04 - 2017-02-14 17:09 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps 2017-02-12 17:09 - 2017-02-14 18:13 - 00000304 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job 2017-02-12 17:09 - 2017-02-14 18:13 - 00000304 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job 2017-02-12 17:08 - 2017-02-12 17:09 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-02-12 17:08 - 2017-02-12 17:09 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-02-12 17:08 - 2017-02-12 17:08 - 00553737 _____ C:\Users\Admin\Desktop\PassMark OSForensics Professional 33 Serial Key Full Version.zip 2017-02-12 16:18 - 2017-02-12 16:18 - 02118434 _____ C:\Users\Admin\Downloads\Dump Original echosonic HD 505.rar 2017-02-12 15:54 - 2017-02-12 15:54 - 00006405 _____ C:\Users\Admin\Downloads\tv_channels_test.m3u 2017-02-11 19:03 - 2017-02-11 19:03 - 00059158 _____ C:\Users\Admin\Downloads\tv_channels_aswddvcv.m3u 2017-02-11 15:35 - 2017-02-11 15:35 - 00000118 _____ C:\Users\Admin\Downloads\index.m3u8 2017-02-10 19:01 - 2017-02-10 19:01 - 02259345 _____ C:\Users\Admin\Desktop\FMCB Noobie_Package.rar 2017-02-09 13:11 - 2017-02-09 13:12 - 00000156 _____ C:\Users\Admin\Desktop\cccampinnacle.cfg 2017-02-09 13:03 - 2017-02-09 13:03 - 00000180 _____ C:\Users\Admin\Downloads\cccam.rar 2017-02-08 17:29 - 2017-02-08 17:29 - 00000174 _____ C:\Users\Admin\Downloads\CCcam.cfg 2017-02-08 12:27 - 2017-02-08 12:27 - 02902255 _____ C:\Users\Admin\Desktop\nu_012517.zip 2017-02-07 18:33 - 2017-02-07 18:33 - 03674144 _____ C:\Users\Admin\Downloads\ECHOLINK_TORNADO_FTA_MINI_TAILLE_161207.bin 2017-02-06 20:29 - 2017-02-13 20:11 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DMCache 2017-02-06 18:09 - 2017-02-06 18:09 - 00217738 _____ C:\Users\Admin\Downloads\tv_channels_hichamcccam4545.m3u 2017-02-06 12:09 - 2017-02-14 17:07 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\uTorrent 2017-02-02 15:46 - 2017-02-02 15:46 - 00001823 _____ C:\Users\Admin\Desktop\MPC-HC.lnk 2017-02-02 15:46 - 2017-02-02 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2017-02-02 15:46 - 2017-02-02 15:46 - 00000000 ____D C:\Program Files\MPC-HC 2017-01-29 14:12 - 2017-02-13 19:08 - 00000248 _____ C:\Users\Admin\Desktop\OLDtvlist_dHx7.txt 2017-01-29 14:12 - 2017-02-04 13:55 - 00000107 _____ C:\Users\Admin\Desktop\tvlist.txt 2017-01-29 14:11 - 2016-12-23 17:27 - 00219136 _____ (Ysf Zone) C:\Users\Admin\Desktop\TvList Maker.exe 2017-01-29 12:33 - 2017-01-29 12:33 - 00000728 _____ C:\Users\Admin\Desktop\flach recepteur.lnk 2017-01-28 20:24 - 2017-01-29 14:36 - 00000107 _____ C:\Users\Admin\Desktop\dddd.m3u 2017-01-28 20:23 - 2017-01-28 20:23 - 00000151 _____ C:\Users\Admin\Desktop\ddd.m3u8 2017-01-28 20:22 - 2017-01-28 20:22 - 00027213 _____ C:\Users\Admin\Desktop\TvList Maker_1.1beta2_23122016_Ysfzone.zip 2017-01-28 12:13 - 2017-01-28 12:13 - 00000700 _____ C:\Users\Public\Desktop\ProgDVB Professional 7.lnk 2017-01-28 12:13 - 2017-01-28 12:13 - 00000678 _____ C:\Users\Public\Desktop\ProgTV.lnk 2017-01-28 12:13 - 2017-01-28 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProgDVB Professional 2017-01-28 12:12 - 2017-01-28 12:14 - 00000000 ____D C:\ProgDVB Professional 2017-01-25 18:19 - 2017-01-25 18:19 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AnyDesk 2017-01-24 17:53 - 2017-02-05 19:21 - 00219311 _____ C:\Users\Admin\Desktop\tv_channels_hichamcccam4545 (1).m3u 2017-01-20 11:27 - 2017-01-20 11:27 - 00000000 ____D C:\Users\Admin\Desktop\emu 2017-01-19 18:56 - 2017-01-19 19:00 - 00000477 _____ C:\Users\Admin\Desktop\20 server gratuit.txt 2017-01-19 13:39 - 2017-01-19 13:48 - 00000757 _____ C:\Users\Admin\Desktop\document - Raccourci.lnk 2017-01-18 17:56 - 2017-01-18 17:56 - 00345262 _____ C:\Users\Admin\Desktop\plugin_wicard1.18_tricentr_sibir_xtracard_shura_biss_mezzo.rar 2017-01-18 17:56 - 2017-01-18 17:56 - 00017914 _____ C:\Users\Admin\Desktop\wicardd_ذ¼ذ°ذ½رƒذ°ذ».rar ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-02-14 18:09 - 2015-12-18 15:51 - 00001416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fc32h45r31o78m97e.lnk 2017-02-14 18:09 - 2015-12-18 15:51 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ff42i15r14e33f26o83x.lnk 2017-02-14 18:09 - 2014-10-14 14:01 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-14 18:09 - 2014-10-08 21:35 - 00001454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-14 18:09 - 2013-06-10 15:58 - 00001054 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-02-14 17:43 - 2013-12-18 02:14 - 00001078 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1076428414-641238508-383798790-1000UA.job 2017-02-14 17:22 - 2009-07-14 04:34 - 00028240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-14 17:22 - 2009-07-14 04:34 - 00028240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-14 17:14 - 2015-04-30 09:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype 2017-02-14 17:12 - 2015-05-02 23:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent 2017-02-14 17:09 - 2016-11-13 12:59 - 00000000 ____D C:\ProgramData\VMware 2017-02-14 17:06 - 2015-05-08 16:03 - 00000000 ____D C:\Program Files\Steam 2017-02-14 17:06 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-13 19:17 - 2013-12-17 23:11 - 00000600 _____ C:\Users\Admin\AppData\Roaming\winscp.rnd 2017-02-13 18:52 - 2015-08-09 00:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ZHP 2017-02-12 18:36 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf 2017-02-12 17:52 - 2016-09-26 09:27 - 00000000 ____D C:\ProgramData\VSO 2017-02-12 17:52 - 2015-04-30 09:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\IDM 2017-02-12 17:51 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\ModemLogs 2017-02-12 17:24 - 2013-12-18 16:31 - 00000000 ____D C:\Windows\Minidump 2017-02-12 17:03 - 2015-11-28 16:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc 2017-02-12 16:51 - 2016-11-13 13:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\VMware 2017-02-12 16:51 - 2016-11-13 13:09 - 00000000 ____D C:\Users\Admin\AppData\Local\VMware 2017-02-12 15:43 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\NDF 2017-02-12 12:14 - 2014-10-14 14:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-02-11 15:56 - 2016-12-01 10:53 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-02-11 15:56 - 2016-11-20 16:46 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla 2017-02-08 20:43 - 2013-12-18 02:14 - 00001026 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1076428414-641238508-383798790-1000Core.job 2017-02-08 11:04 - 2016-01-20 18:10 - 00000000 ____D C:\Users\Admin\AppData\Local\MEGAsync 2017-02-06 11:49 - 2015-08-11 17:30 - 00000000 ____D C:\Users\Admin\Tracing 2017-02-06 11:48 - 2016-09-17 12:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AIMP 2017-02-06 11:41 - 2013-12-18 13:47 - 00000000 ____D C:\Users\Admin\Downloads\Video 2017-02-03 17:01 - 2014-04-15 23:11 - 00000000 ____D C:\ProgramData\ProgDVB 2017-02-03 16:43 - 2013-12-28 02:13 - 00000000 ____D C:\ProgramData\Skype 2017-01-31 12:36 - 2016-04-01 19:25 - 00000668 _____ C:\Users\Admin\Desktop\CCcam.cfg 2017-01-28 11:55 - 2014-03-15 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters 2017-01-28 11:55 - 2014-03-15 20:46 - 00000000 ____D C:\Program Files\LAV Filters 2017-01-28 11:47 - 2016-05-23 17:12 - 00000000 ____D C:\dvbdream 2017-01-28 11:45 - 2016-05-23 17:12 - 00000606 _____ C:\Users\Admin\Desktop\DVB Dream.lnk 2017-01-28 11:45 - 2016-05-23 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVB Dream 2017-01-27 17:58 - 2016-09-01 20:04 - 00000360 _____ C:\Users\Admin\Desktop\network_info.cfg 2017-01-19 13:50 - 2016-01-24 17:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Fichiers à la racine de certains dossiers ======= 2016-09-26 09:27 - 2016-09-26 09:27 - 0007887 _____ () C:\Users\Admin\AppData\Roaming\pcouffin.cat 2016-09-26 09:27 - 2016-09-26 09:27 - 0001144 _____ () C:\Users\Admin\AppData\Roaming\pcouffin.inf 2016-09-26 09:27 - 2016-09-26 09:27 - 0000055 _____ () C:\Users\Admin\AppData\Roaming\pcouffin.log 2016-09-26 09:27 - 2016-09-26 09:27 - 0047360 _____ (VSO Software) C:\Users\Admin\AppData\Roaming\pcouffin.sys 2013-12-17 23:11 - 2017-02-13 19:17 - 0000600 _____ () C:\Users\Admin\AppData\Roaming\winscp.rnd 2016-11-24 10:13 - 2017-01-09 15:01 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND 2017-02-14 17:09 - 2017-02-14 17:09 - 0000000 ____H () C:\ProgramData\cm-lock Certains fichiers dans TEMP: ==================== 2017-02-13 17:03 - 2017-02-13 17:03 - 0001536 _____ () C:\Users\Admin\AppData\Local\Temp\NEventMessages.dll 2017-02-13 17:03 - 2017-02-13 17:03 - 0001536 _____ () C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-02-14 17:47 ==================== Fin de FRST.txt ============================