Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017 Exécuté par yess (administrateur) sur YESS-PC (12-04-2017 19:13:52) Exécuté depuis C:\Users\yess\Desktop Profils chargés: yess (Profils disponibles: yess) Platform: Microsoft Windows 7 Édition Starter Service Pack 1 (X86) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\hsscp.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKU\S-1-5-21-982583287-2987408562-3145824088-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation) HKU\S-1-5-21-982583287-2987408562-3145824088-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3911248 2015-10-16] (Tonec Inc.) HKU\S-1-5-21-982583287-2987408562-3145824088-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.) HKU\S-1-5-21-982583287-2987408562-3145824088-1000\...\Run: [EPSON SX100 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE [188928 2008-02-05] (SEIKO EPSON CORPORATION) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-09-18] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-982583287-2987408562-3145824088-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{86DC00F5-1894-4050-922C-CE50C64FC686}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-982583287-2987408562-3145824088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-982583287-2987408562-3145824088-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-982583287-2987408562-3145824088-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-982583287-2987408562-3145824088-1000 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL = BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-13] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-04-05] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-13] (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2015-04-05] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab FireFox: ======== FF HKU\S-1-5-21-982583287-2987408562-3145824088-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-11-09] FF HKU\S-1-5-21-982583287-2987408562-3145824088-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\yess\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\yess\AppData\Roaming\IDM\idmmzcc5 [2017-04-12] [non signé] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] () FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-13] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-982583287-2987408562-3145824088-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\yess\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-03-06] (Zoom Video Communications, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__ CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdFxZAghJQhgUdgoNTA1DE1QOIghcBRQQEQxHcFpdWAlDFQwFIk0FA1oDB0VXfV5bFElXTwhsLmpMAF4U" CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://www.amazon.com/websearch/?ie=UTF8__PARAM__&query={searchTerms} CHR DefaultSearchKeyword: Default -> amazon CHR Profile: C:\Users\yess\AppData\Local\Google\Chrome\User Data\Default [2017-04-12] CHR Extension: (Sardalert - alert Live - Sardoche) - C:\Users\yess\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnpfaoipdfdhikjacbpcfhpnehjjaii [2017-03-07] CHR Extension: (Google Docs hors connexion) - C:\Users\yess\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Chrome Media Router) - C:\Users\yess\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-05] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-11-09] CHR HKU\S-1-5-21-982583287-2987408562-3145824088-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dbaonaocldpohelilahfhnkmjankmbcc] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (aapbdbdomjkkjkaonfhkkikfgjllcleb) - C:\Users\yess\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-07-08] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [2604664 2017-03-01] (AnchorFree Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 AFTrafMgr1.2; C:\Program Files\Hotspot Shield\bin\TrafMgr_1_2_32.sys [49080 2017-02-16] (AnchorFree Inc.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.) S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2012-07-04] (LG Electronics Inc.) R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.) S3 cmusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [103552 2008-08-29] (Mobile Connector) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [220088 2017-04-12] (Malwarebytes) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation) R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [49856 2016-03-28] (Screaming Bee Inc) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [36944 2016-03-01] (Anchorfree Inc.) R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx86.sys [54696 2017-04-10] () U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\yess\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X] S3 FXDrv32; \??\E:\FXDrv32.sys [X] S1 kikxtirh; \??\C:\Windows\system32\drivers\kikxtirh.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-04-12 19:13 - 2017-04-12 19:14 - 00013524 _____ C:\Users\yess\Desktop\FRST.txt 2017-04-12 19:13 - 2017-04-12 19:13 - 00000000 ____D C:\FRST 2017-04-12 19:12 - 2017-04-12 19:12 - 01766912 _____ (Farbar) C:\Users\yess\Desktop\FRST.exe 2017-04-12 18:12 - 2017-04-12 18:12 - 00119569 _____ C:\Users\yess\Desktop\ZHPDiag.txt 2017-04-12 18:02 - 2017-04-12 18:02 - 00000781 _____ C:\Users\yess\Desktop\ZHPDiag.lnk 2017-04-12 17:58 - 2017-04-12 18:00 - 00668346 _____ C:\TDSSKiller.3.1.0.12_12.04.2017_17.58.02_log.txt 2017-04-12 17:57 - 2017-04-12 17:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\yess\Desktop\tdsskiller.exe 2017-04-12 17:52 - 2017-04-12 17:56 - 00635610 _____ C:\TDSSKiller.3.1.0.12_12.04.2017_17.52.46_log.txt 2017-04-12 17:50 - 2017-04-12 17:51 - 00004670 _____ C:\TDSSKiller.3.1.0.12_12.04.2017_17.50.44_log.txt 2017-04-12 17:48 - 2017-04-12 17:50 - 00192890 _____ C:\TDSSKiller.3.1.0.12_12.04.2017_17.48.10_log.txt 2017-04-12 13:56 - 2017-04-12 13:56 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-04-12 13:56 - 2017-04-12 13:56 - 00002029 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2017-04-11 18:17 - 2017-04-11 18:17 - 00000000 ____D C:\Program Files\ZHPFix 2017-04-11 18:09 - 2017-04-11 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2017-04-10 22:13 - 2017-04-10 22:13 - 00002060 _____ C:\Users\Public\Desktop\MorphVOX Jr.lnk 2017-04-10 22:13 - 2017-04-10 22:13 - 00000000 ____D C:\Users\yess\AppData\Roaming\Screaming Bee 2017-04-10 22:13 - 2017-04-10 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee 2017-04-10 22:13 - 2017-04-10 22:13 - 00000000 ____D C:\Program Files\Screaming Bee 2017-04-10 21:52 - 2017-04-10 21:52 - 00054696 _____ C:\Windows\system32\Drivers\voxaldriverx86.sys 2017-04-10 21:52 - 2017-04-10 21:52 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk 2017-04-10 21:52 - 2017-04-10 21:52 - 00000000 ____D C:\Users\yess\AppData\Roaming\NCH Software 2017-04-10 21:52 - 2017-04-10 21:52 - 00000000 ____D C:\ProgramData\NCH Software 2017-04-10 21:52 - 2017-04-10 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2017-04-10 21:52 - 2017-04-10 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs 2017-04-10 20:37 - 2017-04-10 20:37 - 00161216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-04-10 20:37 - 2017-04-10 20:37 - 00096704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-04-10 20:37 - 2017-04-10 20:37 - 00064288 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-04-10 20:36 - 2017-04-12 18:08 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-04-10 20:36 - 2017-04-12 18:07 - 00059904 _____ C:\Windows\system32\Drivers\mbae.sys 2017-04-10 20:36 - 2017-04-10 20:36 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-04-10 20:36 - 2017-04-10 20:36 - 00002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-04-10 20:36 - 2017-04-10 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-04-10 20:36 - 2017-04-10 20:36 - 00000000 ____D C:\Program Files\Malwarebytes 2017-04-10 20:20 - 2017-04-10 20:20 - 00000000 ____D C:\Users\yess\Documents\Nouveau dossier 2017-04-10 20:16 - 2017-04-10 20:17 - 00000000 _____ C:\Users\yess\Downloads\adwcleaner_6.045 (1).exe 2017-04-10 20:15 - 2017-04-10 20:15 - 00000000 _____ C:\Users\yess\Desktop\adwcleaner_6.045.exe 2017-04-10 20:14 - 2017-04-10 20:23 - 00000000 _____ C:\Users\yess\Downloads\adwcleaner_6.045.exe 2017-04-10 19:56 - 2017-04-10 20:23 - 00000000 _____ C:\Users\yess\Downloads\zhpcleaner_2016.12.24.222 (3).exe 2017-04-10 19:55 - 2017-04-10 19:59 - 00000000 _____ C:\Users\yess\Downloads\zhpcleaner_2016.12.24.222 (2).exe 2017-04-10 19:48 - 2017-04-10 19:54 - 00000000 _____ C:\Users\yess\Downloads\zhpcleaner_2016.12.24.222 (1).exe 2017-04-10 19:43 - 2017-04-10 19:44 - 00000000 _____ C:\Users\yess\Downloads\zhpcleaner_2016.12.24.222.exe 2017-04-10 00:46 - 2017-04-10 00:46 - 00004111 _____ C:\Users\yess\Desktop\UsbFix_Report.txt 2017-04-10 00:43 - 2017-04-10 00:43 - 00008192 ____H C:\Users\Public\amjlggswgbswlnjbnzjdueelcnculhuf 2017-04-10 00:43 - 2017-04-10 00:43 - 00005120 ____H C:\Users\Public\amnfhldbwdclcjwyhpepjeupgnwgjfdg 2017-04-10 00:43 - 2017-04-10 00:43 - 00004608 ____H C:\Users\yess\Documents\amnfhldbwdclcjwyhpepjeupgnwgjfdg 2017-04-10 00:43 - 2017-04-10 00:43 - 00000498 _____ C:\Users\Public\addin.0 2017-04-10 00:43 - 2017-04-10 00:43 - 00000087 ____H C:\Users\yess\Documents\amsnlnujsbzusebleunwfelcsznhfbys 2017-04-10 00:43 - 2017-04-10 00:43 - 00000000 ____D C:\Users\yess\Documents\XLSTAT 2017-04-10 00:43 - 2017-04-10 00:43 - 00000000 ____D C:\ProgramData\addin 2017-04-09 23:12 - 2017-04-09 23:12 - 00001984 _____ C:\Users\Public\Desktop\XLSTAT 2017.lnk 2017-04-09 23:12 - 2017-04-09 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Addinsoft 2017-04-09 23:11 - 2017-04-09 23:11 - 00000000 ____D C:\Users\yess\AppData\Roaming\ADDINSOFT 2017-04-09 23:11 - 2017-04-09 23:11 - 00000000 ____D C:\Program Files\Addinsoft 2017-04-09 22:45 - 2017-04-10 00:47 - 00000000 _____ C:\Users\yess\Downloads\xlstat.exe 2017-04-09 21:57 - 2017-04-09 21:57 - 00082801 _____ C:\Users\yess\Downloads\Une nouvelle typologie de l’image de marque_Korchia.pdf 2017-04-09 21:56 - 2017-04-09 21:57 - 01448722 _____ C:\Users\yess\Downloads\These Korchia.pdf 2017-04-09 21:56 - 2017-04-09 21:56 - 00554225 _____ C:\Users\yess\Downloads\L'etude quali.pdf 2017-04-09 21:35 - 2017-04-12 18:10 - 00000000 ____D C:\Users\yess\AppData\Roaming\ZHP 2017-04-09 21:35 - 2017-04-09 21:37 - 00000000 ____D C:\Users\yess\AppData\Local\ZHP 2017-04-09 21:34 - 2017-04-10 13:52 - 00000000 _____ C:\Users\yess\Downloads\ZHPDiag3.exe 2017-04-08 22:53 - 2017-04-08 22:54 - 00859097 _____ C:\Users\yess\Downloads\537f0f32a3c38.pdf 2017-04-08 21:52 - 2017-04-10 00:47 - 00000000 _____ C:\Users\yess\Downloads\UsbFix_9.042.exe 2017-04-07 23:49 - 2017-04-07 23:49 - 00237256 _____ C:\Users\yess\Documents\cc_20170407_234928.reg 2017-04-07 20:58 - 2017-04-10 00:47 - 00000000 _____ C:\Users\yess\Downloads\clamwin-0.99.1-setup.exe 2017-04-07 20:52 - 2017-04-07 20:51 - 08001698 _____ C:\Users\yess\Desktop\marketing-strategique-et-operationnel-lAMBIN.pdf 2017-04-07 20:52 - 2017-04-07 20:51 - 01561305 _____ C:\Users\yess\Desktop\Tableaux et figures seance 5.pdf 2017-04-07 20:50 - 2017-04-07 20:51 - 08001698 _____ C:\Users\yess\Downloads\marketing-strategique-et-operationnel-lAMBIN.pdf 2017-04-07 20:50 - 2017-04-07 20:51 - 01561305 _____ C:\Users\yess\Downloads\Tableaux et figures seance 5.pdf 2017-04-06 01:10 - 2017-04-07 19:37 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-04-06 01:03 - 2017-04-10 00:47 - 00000000 _____ C:\Users\yess\Downloads\Windows-KB890830-V5.46.exe 2017-04-06 00:12 - 2017-04-06 00:12 - 00013150 _____ C:\ComboFix.txt 2017-04-05 23:59 - 2017-04-06 00:12 - 00000000 ____D C:\Qoobox 2017-04-05 23:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2017-04-05 23:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2017-04-05 23:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-04-05 23:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-04-05 23:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-04-05 23:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2017-04-05 23:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2017-04-05 23:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2017-04-05 23:58 - 2017-04-06 00:12 - 00000000 ____D C:\Windows\erdnt 2017-04-05 22:54 - 2017-04-05 22:54 - 00000000 _____ C:\Users\yess\sfc 2017-04-05 21:55 - 2017-04-10 13:52 - 00000000 ____D C:\UsbFix 2017-04-05 21:55 - 2017-04-05 21:55 - 00001448 _____ C:\Users\yess\Desktop\UsbFix.lnk 2017-04-05 21:55 - 2017-04-05 21:55 - 00000000 _____ C:\Users\yess\Downloads\UsbFix_9.41 (1).exe 2017-04-05 21:46 - 2017-04-10 00:45 - 00000000 ___HD C:\boots 2017-04-05 21:22 - 2017-04-05 21:47 - 00000000 _____ C:\Users\yess\Downloads\UsbFix_9.41.exe 2017-04-05 21:14 - 2017-03-31 23:51 - 01172930 _____ C:\Users\yess\Desktop\Methodologie_G3 corrigee.pptx 2017-04-05 02:29 - 2017-04-05 02:36 - 00635685 _____ C:\Users\yess\Desktop\analyse Antitache (2).pptx 2017-04-04 22:51 - 2017-04-04 22:33 - 00630844 _____ C:\Users\yess\Desktop\analyse Antitache.pptx 2017-04-04 22:33 - 2017-04-05 02:36 - 00635685 _____ C:\Users\yess\Downloads\analyse Antitache.pptx 2017-04-03 23:24 - 2017-04-03 23:52 - 00076038 _____ C:\Users\yess\Desktop\pub assurance.pptx 2017-03-31 23:50 - 2017-03-31 23:51 - 01172930 _____ C:\Users\yess\Downloads\Methodologie_G3 corrigee.pptx 2017-03-31 22:13 - 2017-03-31 22:13 - 00243677 _____ C:\Users\yess\Downloads\ENSMMARKETING-02042017.docx_1490210006593.pdf 2017-03-31 21:43 - 2017-03-31 21:43 - 00852786 _____ C:\Users\yess\Downloads\3-le produit et la promotion.pptx 2017-03-31 21:16 - 2017-03-31 21:16 - 00000000 ____D C:\Users\yess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2017-03-31 14:52 - 2017-03-31 14:52 - 00248812 _____ C:\Users\yess\Downloads\BJVM-June-2010-p.65-80.pdf 2017-03-31 00:08 - 2017-03-31 21:16 - 00000000 ____D C:\Users\yess\AppData\Roaming\Zoom 2017-03-31 00:07 - 2017-04-05 21:47 - 00000000 _____ C:\Users\yess\Downloads\Zoom_launcher.exe 2017-03-30 23:47 - 2017-03-30 23:59 - 01168615 _____ C:\Users\yess\Desktop\metho et grille d_entretien, image de marque de BMW.pptx 2017-03-30 23:47 - 2017-03-30 23:47 - 01141291 _____ C:\Users\yess\Downloads\metho et grille d_entretien, image de marque de BMW.pptx 2017-03-30 22:15 - 2017-03-30 22:15 - 00122807 _____ C:\Users\yess\Desktop\metho et grille d'entretien, image de marque de BMW.pptx 2017-03-14 22:45 - 2017-03-14 22:44 - 00714580 _____ C:\Users\yess\Desktop\cours de communication séance 1.pdf 2017-03-14 22:43 - 2017-03-14 22:44 - 03684955 _____ C:\Users\yess\Downloads\Gordon C. Bruner, II..-Marketing scales handbook _ Vol 6 echelles de mesures compotement du conso et recherches pubs.pdf 2017-03-14 22:43 - 2017-03-14 22:44 - 00714580 _____ C:\Users\yess\Downloads\cours de communication séance 1.pdf 2017-03-14 22:40 - 2017-03-14 22:41 - 07661546 _____ C:\Users\yess\Downloads\Gordon C. Bruner, II.-Marketing scales handbook _Vol5 (1).pdf ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-04-12 19:12 - 2015-03-14 17:59 - 00000000 ____D C:\Users\yess\AppData\Roaming\DMCache 2017-04-12 19:03 - 2014-12-25 17:53 - 00000000 ____D C:\Users\yess\AppData\Roaming\Skype 2017-04-12 17:59 - 2009-07-14 06:34 - 00017248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-04-12 17:59 - 2009-07-14 06:34 - 00017248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-04-12 17:52 - 2015-01-11 18:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2017-04-12 17:52 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-04-12 17:47 - 2015-03-14 17:59 - 00000000 ____D C:\Users\yess\Downloads\Compressed 2017-04-12 09:36 - 2015-12-05 16:17 - 00000000 ____D C:\Users\yess\Desktop\confection 2017-04-11 23:47 - 2014-09-10 17:32 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-04-11 23:47 - 2014-09-10 17:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-04-11 23:47 - 2014-09-06 21:30 - 00000000 ____D C:\Windows\system32\Macromed 2017-04-10 22:13 - 2015-12-14 21:16 - 00000000 ____D C:\ProgramData\Package Cache 2017-04-10 22:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf 2017-04-10 20:55 - 2016-01-31 18:36 - 00000000 ____D C:\Program Files\Amazon 2017-04-10 20:36 - 2015-09-30 19:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-04-10 20:19 - 2015-09-30 19:38 - 00000000 ____D C:\AdwCleaner 2017-04-10 20:18 - 2015-12-07 19:57 - 00000000 ____D C:\Users\yess\AppData\Roaming\IDM 2017-04-10 19:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing 2017-04-10 00:46 - 2014-07-22 20:55 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI 2017-04-10 00:46 - 2009-07-27 12:41 - 00746916 _____ C:\Windows\system32\perfh00C.dat 2017-04-10 00:46 - 2009-07-27 12:41 - 00149440 _____ C:\Windows\system32\perfc00C.dat 2017-04-09 23:13 - 2009-07-14 04:04 - 00000617 _____ C:\Windows\win.ini 2017-04-09 23:11 - 2014-09-04 17:07 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2017-04-09 21:59 - 2017-03-03 00:37 - 00000000 ____D C:\Users\yess\Desktop\etude image de marque BMW 2017-04-09 01:12 - 2014-10-08 17:44 - 00000000 ____D C:\Users\yess\AppData\Local\ElevatedDiagnostics 2017-04-07 23:52 - 2016-02-26 21:42 - 00000000 ____D C:\Users\yess\AppData\Roaming\TS3Client 2017-04-07 23:52 - 2014-07-23 06:37 - 00000000 ____D C:\Windows\Panther 2017-04-07 23:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\ModemLogs 2017-04-06 21:33 - 2014-07-22 20:52 - 00001126 _____ C:\Users\yess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-04-06 00:12 - 2016-11-26 22:23 - 00000000 ____D C:\Users\yess\Desktop\Bases_finales 2017-04-06 00:10 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini 2017-04-06 00:08 - 2009-07-14 04:03 - 45875200 _____ C:\Windows\system32\config\software.bak 2017-04-06 00:08 - 2009-07-14 04:03 - 17039360 _____ C:\Windows\system32\config\system.bak 2017-04-06 00:08 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\security.bak 2017-04-06 00:08 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\sam.bak 2017-04-06 00:08 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\default.bak 2017-04-06 00:05 - 2014-09-07 18:08 - 00000000 ____D C:\ProgramData\TEMP 2017-04-05 22:54 - 2014-07-22 20:51 - 00000000 ____D C:\Users\yess 2017-04-05 21:47 - 2017-03-06 23:25 - 00000000 _____ C:\Users\yess\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-04-05 21:47 - 2016-09-28 22:35 - 00000000 ____D C:\Users\yess\Desktop\Selfishnet win 7 2017-04-05 21:47 - 2016-03-27 19:54 - 00000000 _____ C:\Users\yess\Downloads\torbrowser-install-5.5.4_fr.exe 2017-04-05 21:47 - 2015-12-07 18:33 - 00000000 ____D C:\Users\yess\Downloads\IDM 2017-04-05 21:47 - 2015-12-07 18:05 - 00000000 _____ C:\Users\yess\Downloads\idman625build3.exe 2017-04-05 21:47 - 2015-10-27 20:36 - 00000000 ____D C:\Users\yess\Desktop\WinRAR 2017-04-05 21:47 - 2015-10-25 11:54 - 00000000 _____ C:\Users\yess\Desktop\Registration.exe 2017-04-05 21:47 - 2015-10-16 01:25 - 00000000 _____ C:\Users\yess\Downloads\ChromeSetup.exe 2017-04-05 21:47 - 2015-09-30 19:43 - 00000000 _____ C:\Users\yess\Downloads\mbam-setup-2.1.8.1057.exe 2017-04-05 21:47 - 2015-07-08 03:16 - 00000000 _____ C:\Users\yess\Downloads\chromeinstall-8u45.exe 2017-04-05 21:47 - 2015-07-08 02:30 - 00000000 _____ C:\Users\yess\Downloads\setup.exe 2017-04-05 21:47 - 2015-07-03 20:55 - 00000000 _____ C:\Users\yess\Downloads\flashplayer18pp_da_install.exe 2017-04-05 21:47 - 2015-06-02 01:50 - 00000000 _____ C:\Users\yess\Downloads\OverwolfInstaller.exe 2017-04-05 21:47 - 2015-03-26 00:37 - 00000000 _____ C:\Users\yess\Downloads\cdbxp_setup_4.5.4.5306.exe 2017-04-05 21:47 - 2015-03-25 16:22 - 00000000 _____ C:\Users\yess\Downloads\nero-essentials-free_nero_burnlite_10_francais_295676 [1].exe 2017-04-05 21:47 - 2015-03-14 17:56 - 00000000 _____ C:\Users\yess\Downloads\idman623build6.exe 2017-04-05 21:47 - 2015-01-09 19:20 - 00000000 _____ C:\Users\yess\Downloads\Nokia_PC_Suite_fre_web.exe 2017-04-05 21:47 - 2014-12-25 17:45 - 00000000 _____ C:\Users\yess\Downloads\SkypeSetup.exe 2017-04-05 21:46 - 2016-03-27 20:01 - 00000000 ____D C:\ProgramData\Hotspot Shield 2017-04-04 22:23 - 2016-01-29 19:59 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-04-04 22:23 - 2016-01-29 19:59 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-04-03 21:30 - 2016-11-08 23:51 - 00000000 ____D C:\Users\yess\Desktop\COURS ENSM 2017-04-03 00:11 - 2016-12-25 22:00 - 00000000 ____D C:\Users\yess\Desktop\RESITAS 2017-03-30 22:14 - 2014-09-10 18:04 - 00000000 ____D C:\Users\yess\AppData\Local\Microsoft Help 2017-03-17 21:21 - 2016-01-15 15:53 - 00000000 ____D C:\Users\yess\Desktop\stage caat 2017-03-15 01:09 - 2017-03-08 01:56 - 00000000 ____D C:\Users\yess\Desktop\nett ==================== Fichiers à la racine de certains dossiers ======= 2015-07-27 12:03 - 2015-10-17 11:32 - 0000024 _____ () C:\Users\yess\AppData\Roaming\appdataFr25.bin 2015-01-09 22:14 - 2015-02-05 20:19 - 0006656 _____ () C:\Users\yess\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-01 00:08 - 2016-08-31 01:07 - 0007606 _____ () C:\Users\yess\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-04-06 21:58 ==================== Fin de FRST.txt ============================