Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2017 Exécuté par SAID (administrateur) sur SAID-PC (11-03-2017 15:07:27) Exécuté depuis C:\Users\SAID\Downloads\Programs Profils chargés: SAID & Ѕystem (Profils disponibles: SAID & Ѕystem) Platform: Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (AbeGunnerZ Lab) C:\Program Files\USB Disk Security\USBGuard.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (Performix LLC) C:\Program Files\Adguard\Adguard.exe (BitTorrent Inc.) C:\Users\SAID\AppData\Roaming\uTorrent\uTorrent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (PC Remote) C:\Program Files\PC Remote\PC Remote\PCRemote.exe () C:\Program Files\TP-LINK\Utilitaire de configuration sans fil TP-LINK\TWCU.exe (BitTorrent Inc.) C:\Users\SAID\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe (BitTorrent Inc.) C:\Users\SAID\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe (ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (BlueStack Systems, Inc.) C:\Program Files\Bluestacks\HD-LogRotatorService.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe (ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe () C:\Program Files\Oracle\VirtualBox\csrsc.exe (Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe () C:\Program Files\RogueKiller\RogueKiller.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [2347008 2012-04-26] (AbeGunnerZ Lab) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14696704 2016-01-14] (Realtek Semiconductor) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-02-22] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3966064 2016-08-24] (Tonec Inc.) HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC) HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [uTorrent] => C:\Users\SAID\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-04] (BitTorrent Inc.) HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [PC Remote Server] => C:\Program Files\PC Remote\PC Remote\PCRemote.exe [1190648 2014-10-12] (PC Remote) HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\MountPoints2: F - F:\Welcome\Welcome.exe HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\MountPoints2: K - K:\Welcome\Welcome.exe HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\MountPoints2: {0fd2530d-a394-11e6-bf97-b8975a82f03a} - L:\iLinker.exe HKLM\...\Providers\n1quw63i: C:\Program Files\Zretain Agent\local32spl.dll ShellExecuteHooks: Pas de nom - {81387C70-EEB7-11E6-9E7B-64006A5CFC23} - -> Pas de fichier ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Utilitaire de configuration sans fil TP-LINK.lnk [2016-08-13] ShortcutTarget: Utilitaire de configuration sans fil TP-LINK.lnk -> C:\Program Files\TP-LINK\Utilitaire de configuration sans fil TP-LINK\TWCU.exe () BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Restriction ? <======= ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{39AEFD31-25FF-42DB-88D1-8B9B4A3D6B01}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{39AEFD31-25FF-42DB-88D1-8B9B4A3D6B01}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-18] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-18] (Oracle Corporation) FireFox: ======== FF DefaultProfile: 7fyl3rfv.default FF ProfilePath: C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default [2017-03-11] FF Homepage: Mozilla\Firefox\Profiles\7fyl3rfv.default -> www.google.com FF Extension: (FoxyProxy Standard) - C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default\Extensions\foxyproxy@eric.h.jung [2017-01-30] FF Extension: (IDM integration) - C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default\Extensions\mozilla_cc2@internetdownloadmanager.com [2017-01-26] FF SearchPlugin: C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default\searchplugins\n1quw63i.xml [2017-02-14] FF HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-08-03] FF HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\SAID\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\SAID\AppData\Roaming\IDM\idmmzcc5 [2017-03-11] [non signé] FF HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2012-12-14] (Google) FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-18] (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-07] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=69aaf4210b9b94b0cb58570gaz1bamde1caq2gccdq&from=isr&uid=HitachiXHDS5C1032CLA382_JC0411HV3BTULH3BTULHX&type=hp CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.com/" CHR Profile: C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-11] <==== ATTENTION CHR Extension: (Google Slides) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-22] CHR Extension: (Google Docs) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22] CHR Extension: (Google Drive) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22] CHR Extension: (YouTube) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22] CHR Extension: (Recherche Google) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-08-22] CHR Extension: (Google Sheets) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-22] CHR Extension: (Google Docs hors connexion) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-25] CHR Extension: (IDM Integration Module) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-22] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Gmail) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22] CHR Extension: (Chrome Media Router) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-07] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-08-05] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [151312 2017-02-07] (Performix LLC) R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [3326976 2010-09-20] (ANSYS, Inc.) [Fichier non signé] S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [349048 2017-02-22] (Avira Operations GmbH & Co. KG) S3 BstHdAndroidSvc; C:\Program Files\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.) R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3105144 2013-11-27] (WIBU-SYSTEMS AG) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation) S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [26624 2016-10-22] (Google Inc.) [Fichier non signé] S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [26624 2016-10-22] (Google Inc.) [Fichier non signé] R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [56560 2017-02-01] () S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [Fichier non signé] R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119208 2016-12-15] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140840 2016-12-15] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2016-08-14] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-08-14] (Avira Operations GmbH & Co. KG) S3 BstHdDrv; C:\Program Files\Bluestacks\HD-Hypervisor-x86.sys [139360 2016-12-13] (BlueStack Systems) S3 BstkDrv; C:\Program Files\Bluestacks\BstkDrv.sys [220216 2016-11-08] (Bluestack System Inc. ) R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [156416 2015-10-08] (Intel Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [867472 2012-12-18] (Realtek Semiconductor Corporation ) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [867472 2012-12-18] (Realtek Semiconductor Corporation ) R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113168 2012-12-09] (Power Software Ltd) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-03-09] () U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Fichier non signé] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-03-11 15:07 - 2017-03-11 15:07 - 00000000 ____D C:\FRST 2017-03-11 12:42 - 2017-03-11 12:42 - 00000000 ____H C:\ProgramData\cm-lock 2017-03-10 03:08 - 2017-03-10 03:09 - 00224671 _____ C:\Users\SAID\Downloads\UC28+%20pricelist.xlsx 2017-03-09 20:18 - 2017-03-09 20:18 - 00001096 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2017-03-07 03:12 - 2016-10-30 15:52 - 00001923 _____ C:\Users\Public\ystem.vbe 2017-03-07 02:17 - 2017-03-07 02:25 - 00000000 ____D C:\vghd 2017-03-07 02:16 - 2017-03-07 02:16 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-07 02:16 - 2017-03-07 02:16 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-07 02:06 - 2017-03-07 02:06 - 01129376 _____ (Google Inc.) C:\Users\SAID\Downloads\ChromeSetup.exe 2017-03-07 01:58 - 2017-03-07 20:47 - 00000000 ____D C:\Program Files\USB Disk Security 2017-03-07 01:58 - 2017-03-07 01:59 - 00000000 ____D C:\ProgramData\Zbshareware Lab 2017-03-07 01:58 - 2017-03-07 01:58 - 00001032 _____ C:\Users\Public\Desktop\USB Disk Security.lnk 2017-03-07 01:58 - 2017-03-07 01:58 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Zbshareware Lab 2017-03-07 01:58 - 2017-03-07 01:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security 2017-03-07 01:28 - 2017-03-07 01:28 - 00000000 ____D C:\Windows\system32\appmgmt 2017-03-04 18:02 - 2017-03-11 12:44 - 00000000 ____D C:\Users\Ѕystem\.VirtualBox 2017-03-04 18:02 - 2017-03-04 18:02 - 00000020 ___SH C:\Users\Ѕystem\ntuser.ini 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Voisinage réseau 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Voisinage d'impression 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Modèles 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Mes documents 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Menu Démarrer 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Documents\Mes vidéos 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Documents\Mes images 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Documents\Ma musique 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\AppData\Local\Historique 2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 ____D C:\Users\Ѕystem\VirtualBox VMs 2017-03-04 18:02 - 2010-11-21 01:39 - 00000000 ____D C:\Users\Ѕystem\AppData\Roaming\Media Center Programs 2017-03-04 18:01 - 2017-03-07 17:55 - 00000000 _RSHD C:\Users\Ѕystem 2017-03-04 18:00 - 2014-05-16 15:25 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2017-03-04 17:59 - 2017-03-04 17:59 - 00000000 _RSHD C:\Program Files\Oracle 2017-03-04 17:59 - 2014-05-16 15:24 - 00104736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2017-03-04 17:23 - 2017-03-11 14:12 - 00000000 _RSHD C:\Users\Public\System 2017-03-04 17:23 - 2017-03-04 17:23 - 00000000 ___HD C:\Users\Public\lastbth 2017-03-04 17:23 - 2017-03-04 17:23 - 00000000 _____ C:\Users\Public\System.vbe 2017-03-04 17:23 - 2016-12-20 02:05 - 00004886 __RSH C:\Users\Public\second.vbe 2017-03-04 17:23 - 2016-10-30 15:52 - 00001923 __RSH C:\Users\Public\Ѕystem.vbe 2017-02-23 02:20 - 2017-02-23 02:20 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Wireshark 2017-02-23 02:08 - 2017-02-23 02:08 - 00001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk 2017-02-23 02:08 - 2017-02-23 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2017-02-23 02:08 - 2017-02-23 02:08 - 00000000 ____D C:\Program Files\WinPcap 2017-02-23 02:07 - 2017-02-23 02:07 - 00001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk 2017-02-23 02:06 - 2017-02-23 02:08 - 00000000 ____D C:\Program Files\Wireshark 2017-02-21 01:05 - 2017-02-21 01:05 - 00001116 _____ C:\Users\SAID\Desktop\PC Remote Server.lnk 2017-02-21 01:05 - 2017-02-21 01:05 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Remote 2017-02-21 01:05 - 2017-02-21 01:05 - 00000000 ____D C:\Program Files\PC Remote 2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Sun 2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\Users\SAID\AppData\LocalLow\Sun 2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\Program Files\Common Files\Java 2017-02-18 01:16 - 2017-02-18 01:15 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2017-02-18 01:15 - 2017-02-18 01:17 - 00000000 ____D C:\ProgramData\Oracle 2017-02-18 01:15 - 2017-02-18 01:15 - 00000000 ____D C:\Program Files\Java 2017-02-18 00:42 - 2017-02-18 00:46 - 00000000 ____D C:\ProgramData\TEMP 2017-02-18 00:42 - 2017-02-18 00:42 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Anyplace Control 4 2017-02-18 00:42 - 2017-02-18 00:42 - 00000000 ____D C:\ProgramData\Anyplace Control Portable 2017-02-18 00:41 - 2017-02-18 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Desktop Control 2017-02-18 00:41 - 2017-02-18 00:41 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Remote Desktop Control 2 2017-02-18 00:41 - 2017-02-18 00:41 - 00000000 ____D C:\ProgramData\Remote Desktop Control 2 2017-02-18 00:41 - 2017-02-18 00:41 - 00000000 ____D C:\ProgramData\Anyplace Control 4 2017-02-17 14:33 - 2017-02-21 01:05 - 00000000 ____D C:\Users\SAID\AppData\Roaming\PC Remote 2017-02-17 14:28 - 2017-02-23 03:04 - 00000000 ____D C:\Windows\system32\MRT 2017-02-17 14:27 - 2017-02-23 03:01 - 135086848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-17 01:50 - 2017-02-17 01:50 - 00007917 _____ C:\Users\SAID\Downloads\worldgeol 2017-02-17 01:38 - 2017-02-17 01:39 - 00807090 _____ C:\Users\SAID\Downloads\mrds-2017-02-16-19-38-48.kml 2017-02-17 01:24 - 2017-02-17 01:24 - 00164133 _____ C:\Users\SAID\Downloads\mrds-2017-02-16-19-23-27.kml 2017-02-14 02:35 - 2017-02-14 12:04 - 00000000 ____D C:\Program Files\Zretain Agent 2017-02-14 02:35 - 2017-02-14 02:36 - 00000000 ____D C:\Users\SAID\AppData\Local\Grtaing 2017-02-14 00:56 - 2017-02-14 01:12 - 00000000 ____D C:\Program Files\VIRTUAL GIRL-HD 2017-02-09 01:29 - 2017-02-09 01:53 - 00000588 __RSH C:\ProgramData\ntuser.pol ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-03-11 15:09 - 2016-08-13 19:10 - 00000000 ____D C:\ProgramData\Adguard 2017-03-11 15:08 - 2016-08-13 19:27 - 00000000 ____D C:\Users\SAID\AppData\Roaming\uTorrent 2017-03-11 15:06 - 2016-08-13 18:55 - 00000000 ____D C:\Users\SAID\AppData\Roaming\IDM 2017-03-11 15:05 - 2017-01-16 02:05 - 00000000 ____D C:\Users\SAID\AppData\LocalLow\Mozilla 2017-03-11 15:00 - 2010-11-21 01:30 - 00746916 _____ C:\Windows\system32\perfh00C.dat 2017-03-11 15:00 - 2010-11-21 01:30 - 00149440 _____ C:\Windows\system32\perfc00C.dat 2017-03-11 15:00 - 2010-11-20 22:01 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-11 15:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2017-03-11 14:58 - 2016-11-26 17:52 - 00000000 ____D C:\Users\SAID\Desktop\belaidi photo 2017-03-11 14:47 - 2016-08-13 20:17 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-03-11 14:46 - 2016-08-13 15:10 - 00000956 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2017-03-11 12:51 - 2009-07-14 05:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-11 12:51 - 2009-07-14 05:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-11 12:41 - 2017-02-04 22:39 - 00000000 ____D C:\Users\SAID\AppData\LocalLow\uTorrent 2017-03-11 12:41 - 2016-08-13 19:10 - 00000000 ____D C:\Program Files\Adguard 2017-03-11 12:41 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-11 05:00 - 2016-08-13 18:55 - 00000000 ____D C:\Users\SAID\AppData\Roaming\DMCache 2017-03-11 03:24 - 2017-01-06 00:32 - 00000000 ____D C:\Users\SAID\AppData\Roaming\vlc 2017-03-10 20:05 - 2016-09-11 01:44 - 00000000 ____D C:\Users\SAID\AppData\Local\CrashDumps 2017-03-10 19:20 - 2016-08-14 01:39 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2017-03-10 02:05 - 2016-08-13 19:10 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-09 20:21 - 2016-08-14 01:42 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-03-09 20:18 - 2016-08-14 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-03-08 21:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF 2017-03-07 02:33 - 2017-01-12 20:25 - 00016384 _____ C:\Users\SAID\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-03-07 02:16 - 2016-08-13 19:09 - 00000000 ____D C:\Program Files\Google 2017-03-07 01:52 - 2016-08-13 23:42 - 00000000 ____D C:\AdwCleaner 2017-03-07 01:28 - 2017-01-15 01:36 - 00000000 ____D C:\Program Files\OttPlayer 2017-02-27 00:12 - 2016-08-15 01:37 - 00000000 ____D C:\Users\SAID\AppData\Local\ElevatedDiagnostics 2017-02-26 21:01 - 2016-08-13 19:11 - 00000262 _____ C:\Windows\system32\Drivers\vwifikerneldrv.sys 2017-02-26 21:01 - 2016-08-13 19:11 - 00000262 _____ C:\Windows\system32\d3dx9_11.dll.tmp 2017-02-26 21:01 - 2016-08-13 19:11 - 00000262 _____ C:\ProgramData\fontcacheev1.dat 2017-02-23 11:31 - 2016-08-13 15:08 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2017-02-21 01:17 - 2017-01-09 00:28 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI 2017-02-21 00:44 - 2009-07-14 05:53 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-02-18 13:18 - 2016-08-13 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard 2017-02-18 03:18 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries 2017-02-17 14:36 - 2017-01-14 01:00 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2017-02-15 01:14 - 2016-08-13 14:24 - 00000000 ____D C:\Program Files\WinRAR 2017-02-14 23:49 - 2016-08-13 20:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-02-14 23:49 - 2016-08-13 20:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-02-14 23:49 - 2016-08-13 20:17 - 00000000 ____D C:\Windows\system32\Macromed 2017-02-14 02:38 - 2016-08-13 14:24 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-02-14 02:38 - 2016-08-13 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-02-11 02:52 - 2017-01-31 18:00 - 00000000 ____D C:\Users\SAID\AppData\Roaming\PGWARE 2017-02-09 01:27 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy ==================== Fichiers à la racine de certains dossiers ======= 2016-12-16 18:16 - 2016-12-16 18:16 - 0000055 _____ () C:\Users\SAID\AppData\Roaming\MouseServer.ini 2017-01-12 20:25 - 2017-03-07 02:33 - 0016384 _____ () C:\Users\SAID\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-08-13 22:25 - 2016-08-13 22:25 - 0007602 _____ () C:\Users\SAID\AppData\Local\Resmon.ResmonCfg 2017-01-14 01:01 - 2016-11-23 14:37 - 0000570 _____ () C:\Users\SAID\AppData\Local\TroubleshooterConfig.json 2016-12-20 00:53 - 2016-12-20 00:55 - 0002099 _____ () C:\Users\SAID\AppData\Local\WiDiSetupLog.20161220.005333.txt 2017-03-11 12:42 - 2017-03-11 12:42 - 0000000 ____H () C:\ProgramData\cm-lock 2016-08-13 19:11 - 2017-02-26 21:01 - 0000262 _____ () C:\ProgramData\fontcacheev1.dat Fichiers à déplacer ou supprimer: ==================== C:\ProgramData\fontcacheev1.dat Certains fichiers dans TEMP: ==================== 2017-03-11 14:59 - 2016-10-11 16:21 - 1310528 _____ (Microsoft Corporation) C:\Users\SAID\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-03-04 05:25 ==================== Fin de FRST.txt ============================