Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Exécuté par Mag (administrateur) sur MAG-PC (13-04-2017 02:17:09) Exécuté depuis C:\Users\Mag\Downloads Profils chargés: Mag & UpdatusUser (Profils disponibles: Mag & UpdatusUser & Administrator) Platform: Windows 7 Professional (X64) Langue: Français (France) Internet Explorer Version 8 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (ESET) C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe (DESlock Limited.) C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe () C:\Program Files (x86)\HDD Regenerator\hrsrv.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (ESET) C:\Program Files\ESET\ESET Smart Security Premium\egui.exe () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Steganos Software GmbH) C:\Program Files (x86)\Steganos Online Shield\Notifier.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776192 2017-02-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-02-04] (Realtek Semiconductor) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-08-28] (The Eraser Project) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2012-02-09] (Power Software Ltd) HKLM-x32\...\Run: [SOS Notifier] => C:\Program Files (x86)\Steganos Online Shield\Notifier.exe [4198896 2017-02-21] (Steganos Software GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2807117934-1017500276-2245334856-1000\...\Run: [EsetPasswordManager] => C:\Program Files\ESET\ESET Password Manager\pwm.exe [92672 2016-11-28] (ESET) HKU\S-1-5-21-2807117934-1017500276-2245334856-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-15] (Tonec Inc.) HKU\S-1-5-21-2807117934-1017500276-2245334856-1000\...\Run: [GoogleChromeAutoLaunch_59EDC63376AF36EBDCCAFA94134A07BD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1111896 2017-03-29] (Google Inc.) HKU\S-1-5-21-2807117934-1017500276-2245334856-1000\...\Run: [SOS Browser Monitor] => C:\Program Files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe [1130520 2017-02-21] (Steganos Software GmbH) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-11-27] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203072 2011-11-27] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [ESD Shell Icon Overlay Identifier] -> {AF106685-9C86-48AF-8524-8F485C459E17} => C:\Program Files\ESET\ESET Secure Data\esdovrly.dll [2016-08-09] (DESlock Limited) GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.192.0.1 Tcpip\..\Interfaces\{F11C54CF-BA2E-4FA7-8076-2DEE7D04783F}: [DhcpNameServer] 10.192.0.1 Internet Explorer: ================== HKU\S-1-5-21-2807117934-1017500276-2245334856-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-fr/?ocid=iehp BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2017-04-11] (iTools.hk) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2017-04-11] (iTools.hk) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Mag\AppData\Roaming\Mozilla\Firefox\Profiles\dari2vq4.default-1490895363906 [2017-04-13] FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Mag\AppData\Roaming\Mozilla\Firefox\Profiles\dari2vq4.default-1490895363906\Extensions\firefox@zenmate.com.xpi [2017-03-30] FF Extension: (Disable Prefetch) - C:\Users\Mag\AppData\Roaming\Mozilla\Firefox\Profiles\dari2vq4.default-1490895363906\features\{bc38bbe5-c932-4b03-a6ec-2e291d6170fd}\disable-prefetch@mozilla.org.xpi [2017-04-04] FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [non signé] FF HKU\S-1-5-21-2807117934-1017500276-2245334856-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16] FF HKU\S-1-5-21-2807117934-1017500276-2245334856-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mag\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Mag\AppData\Roaming\IDM\idmmzcc5 [2017-04-13] [non signé] FF HKU\S-1-5-21-2807117934-1017500276-2245334856-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-04-11] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation) FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-04-11] () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) Chrome: ======= CHR Profile: C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default [2017-04-13] CHR Extension: (Google Slides) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-07] CHR Extension: (Google Docs) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-07] CHR Extension: (Google Drive) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-07] CHR Extension: (YouTube) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-07] CHR Extension: (ZenMate VPN - Sécurité internet & Unblock) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-29] CHR Extension: (Google Sheets) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-07] CHR Extension: (FBDown Video Downloader) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-04-09] CHR Extension: (Google Docs hors connexion) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-08] CHR Extension: (IDM Integration Module) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-04-08] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-29] CHR Extension: (Gmail) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-07] CHR Extension: (Chrome Media Router) - C:\Users\Mag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-05] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 dlpsrv; C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe [540864 2016-07-08] (DESlock Limited.) R2 ekrn; C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe [2836296 2016-12-14] (ESET) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.) R2 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [82144 2013-05-08] () S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [354840 2017-02-21] (Steganos Software GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R0 DLMFENC; C:\Windows\System32\DRIVERS\DLMFENC.sys [179712 2016-08-04] (DESlock Ltd.) R0 DLPCRYPT; C:\Windows\System32\DRIVERS\dlpcrypt.sys [121184 2016-08-09] (DESlock Ltd.) R0 dlpvdisk; C:\Windows\System32\DRIVERS\dlpvdisk.sys [98304 2016-08-04] (DESlock Ltd.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2016-12-13] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [106768 2016-12-13] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180544 2016-12-13] (ESET) S4 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [49672 2016-12-13] (ESET) R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [77616 2016-12-13] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [60536 2016-12-13] (ESET) R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [96856 2016-12-13] (ESET) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-04] (REALiX(tm)) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-04-12] () R0 VDLPToken2; C:\Windows\System32\DRIVERS\vdlptkn2.sys [135736 2016-08-04] (DESlock Ltd.) S3 catchme; \??\C:\Users\Mag\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-04-13 02:17 - 2017-04-13 02:18 - 00017437 _____ C:\Users\Mag\Downloads\FRST.txt 2017-04-13 02:17 - 2017-04-13 02:17 - 00000000 ____D C:\FRST 2017-04-13 02:16 - 2017-04-13 02:16 - 02424832 _____ (Farbar) C:\Users\Mag\Downloads\FRST64.exe 2017-04-13 02:10 - 2017-04-13 02:10 - 00000000 ____D C:\Users\Mag\AppData\Local\CrashDumps 2017-04-13 02:09 - 2017-04-13 02:09 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA% 2017-04-12 23:55 - 2017-04-12 23:53 - 00002286 _____ C:\Users\Mag\Desktop\ZHPFixReport.txt 2017-04-12 23:50 - 2017-04-12 23:51 - 00000000 ____D C:\Program Files (x86)\ZHPFix 2017-04-12 23:50 - 2017-04-12 23:50 - 00001853 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2017-04-12 23:50 - 2017-04-12 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2017-04-12 23:48 - 2017-04-12 23:49 - 03521617 _____ (Nicolas Coolman ) C:\Users\Mag\Desktop\ZHPFix.exe 2017-04-12 19:35 - 2017-04-12 19:35 - 00106333 _____ C:\Users\Mag\Desktop\ZHPDiag.txt 2017-04-12 19:31 - 2017-04-12 19:31 - 00000780 _____ C:\Users\Mag\Desktop\ZHPDiag.lnk 2017-04-12 19:30 - 2017-04-12 19:30 - 02717696 _____ C:\Users\Mag\Downloads\ZHPDiag3.exe 2017-04-12 18:02 - 2017-04-12 18:02 - 00000790 _____ C:\Users\Mag\Desktop\ZHPCleaner.lnk 2017-04-12 18:01 - 2017-04-12 23:55 - 00000000 ____D C:\Users\Mag\AppData\Roaming\ZHP 2017-04-12 18:01 - 2017-04-12 19:32 - 00000000 ____D C:\Users\Mag\AppData\Local\ZHP 2017-04-12 17:19 - 2017-04-12 17:20 - 02760704 _____ C:\Users\Mag\Downloads\ZHPCleaner.exe 2017-04-12 17:19 - 2017-04-12 17:19 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-04-12 17:18 - 2017-04-12 17:18 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-04-12 17:18 - 2017-04-12 17:18 - 00000000 ____D C:\ProgramData\RogueKiller 2017-04-12 17:18 - 2017-04-12 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-04-12 17:17 - 2017-04-12 17:18 - 00000000 ____D C:\Program Files\RogueKiller 2017-04-12 17:10 - 2017-04-12 17:11 - 35207600 _____ (Adlice Software ) C:\Users\Mag\Downloads\setup.exe 2017-04-12 17:09 - 2017-04-12 17:12 - 00000000 ____D C:\AdwCleaner 2017-04-12 17:08 - 2017-04-12 17:08 - 04089296 _____ C:\Users\Mag\Desktop\adwcleaner_6.045.exe 2017-04-12 17:06 - 2017-04-12 17:07 - 00000000 ____D C:\Users\Mag\Desktop\projet 2017-04-12 16:04 - 2017-04-12 16:05 - 00086019 _____ C:\Users\Mag\Downloads\formulaire-formation-continue-956278.pdf 2017-04-12 16:01 - 2017-04-12 16:01 - 00543997 _____ C:\Users\Mag\Downloads\Passeport(1).pdf 2017-04-12 15:59 - 2017-04-12 15:59 - 00390789 _____ C:\Users\Mag\Downloads\lettre de recomm.pdf 2017-04-12 15:53 - 2017-04-12 15:53 - 00192988 _____ C:\Users\Mag\Downloads\Lettre_de_motivation-1-1.pdf 2017-04-12 02:07 - 2017-04-12 02:08 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo 2017-04-12 02:07 - 2017-04-12 02:07 - 03961080 _____ (Crystal Dew World ) C:\Users\Mag\Downloads\CrystalDiskInfo7_0_5.exe 2017-04-12 02:07 - 2017-04-12 02:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2017-04-11 22:30 - 2017-04-11 22:30 - 00262144 _____ C:\Windows\Minidump\041117-18392-01.dmp 2017-04-11 18:42 - 2017-04-11 18:42 - 00000000 ____D C:\ProgramData\Apple Computer 2017-04-11 18:41 - 2017-04-11 18:42 - 00000000 ____D C:\Users\Mag\AppData\Roaming\Apple Computer 2017-04-11 18:41 - 2017-04-11 18:41 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-04-11 18:40 - 2017-04-11 18:42 - 00000000 ____D C:\ProgramData\Apple 2017-04-11 18:35 - 2017-04-13 02:14 - 00003280 _____ C:\Windows\System32\Tasks\iToolsDaemon 2017-04-11 18:35 - 2017-04-13 02:14 - 00000314 _____ C:\Windows\Tasks\iToolsDaemon.job 2017-04-11 18:35 - 2017-04-11 18:35 - 00000000 ____D C:\ProgramData\ThinkSky 2017-04-11 18:35 - 2017-04-11 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTools 3 2017-04-11 18:35 - 2017-04-11 18:35 - 00000000 ____D C:\Program Files (x86)\ThinkSky 2017-04-11 18:34 - 2017-04-11 18:34 - 17686616 _____ C:\Users\Mag\Downloads\iToolsSetup_EN_3.3.9.5.exe 2017-04-09 14:48 - 2017-04-09 14:48 - 00000737 _____ C:\Users\Mag\Desktop\Start Tor Browser.lnk 2017-04-09 14:47 - 2017-04-09 14:47 - 00000000 ____D C:\Users\Mag\Desktop\Tor Browser 2017-04-09 14:45 - 2017-04-09 14:46 - 50766760 _____ C:\Users\Mag\Downloads\torbrowser-install-6.5.1_en-US(1).exe 2017-04-08 20:38 - 2017-04-08 20:38 - 00000017 _____ C:\Users\Mag\AppData\Local\resmon.resmoncfg 2017-04-07 21:03 - 2017-04-07 21:03 - 00000000 ____D C:\Program Files\Broadcom 2017-04-07 21:02 - 2017-04-07 21:02 - 00000000 ____D C:\Windows\Downloaded Installations 2017-04-07 19:50 - 2017-04-09 14:48 - 00000785 _____ C:\Users\Mag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk 2017-04-07 19:47 - 2017-04-07 19:48 - 50766760 _____ C:\Users\Mag\Downloads\torbrowser-install-6.5.1_en-US.exe 2017-04-05 22:58 - 2017-04-05 22:58 - 00056076 _____ C:\Users\Mag\Downloads\Résumer projet.pdf 2017-04-05 22:16 - 2017-04-05 22:16 - 03341748 _____ C:\Users\Mag\Downloads\Memoire_PFE_GC5_EtienneDaelman.pdf 2017-04-05 22:15 - 2017-04-05 22:15 - 00214297 _____ C:\Users\Mag\Downloads\fran.pdf 2017-04-05 21:22 - 2017-04-05 21:22 - 03515025 _____ C:\Users\Mag\Downloads\PFE1011.pdf 2017-04-04 16:10 - 2017-04-06 17:31 - 00009304 _____ C:\Users\Administrator\Desktop\Triangle wave finale 0704.asc 2017-04-04 16:10 - 2017-04-06 17:18 - 01540398 _____ C:\Users\Administrator\Desktop\Triangle wave finale 2.raw 2017-04-04 16:10 - 2017-04-06 17:18 - 00001885 _____ C:\Users\Administrator\Desktop\Triangle wave finale 2.net 2017-04-04 16:09 - 2017-04-06 16:16 - 00004235 _____ C:\Users\Administrator\AppData\Roaming\LTspiceXVII.ini 2017-04-04 16:09 - 2017-04-06 15:00 - 00037122 _____ C:\Users\Administrator\Desktop\Triangle wave finale aviol.raw 2017-04-03 14:55 - 2017-04-03 14:55 - 00000000 ____D C:\Users\Administrator\Documents\LTspiceXVII 2017-04-03 14:39 - 2017-04-03 17:38 - 00321700 _____ C:\Users\Administrator\Desktop\Triangle wave finale.raw 2017-04-03 14:39 - 2017-04-03 16:40 - 00008866 _____ C:\Users\Administrator\Desktop\Triangle wave finale aviol.asc 2017-04-02 21:42 - 2017-04-02 21:42 - 00089154 _____ C:\Users\Mag\Downloads\Appréciation_pédagogique.pdf 2017-04-02 21:35 - 2017-04-02 21:35 - 01328426 _____ C:\Users\Mag\Downloads\Relevé_de_ntoes.pdf 2017-04-02 21:30 - 2017-04-02 21:48 - 00191913 _____ C:\Users\Mag\Downloads\Lettre_de_motivation-1.pdf 2017-04-02 21:27 - 2017-04-02 21:27 - 00543997 _____ C:\Users\Mag\Downloads\Passeport.pdf 2017-04-02 21:26 - 2017-04-02 21:26 - 01260747 _____ C:\Users\Mag\Downloads\Diplôme_.pdf 2017-04-02 21:25 - 2017-04-02 21:25 - 00223495 _____ C:\Users\Mag\Downloads\SALMI Mouad CV.pdf 2017-03-31 22:21 - 2017-03-31 22:21 - 00109248 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2017-03-31 22:00 - 2017-04-06 14:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Steganos 2017-03-31 21:59 - 2017-03-31 21:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\DESlock+ 2017-03-30 19:40 - 2017-03-30 19:40 - 39825040 _____ (Steganos Software GmbH) C:\Users\Mag\Downloads\sosint.exe 2017-03-30 19:40 - 2017-03-30 19:40 - 00000000 ____D C:\Users\Mag\AppData\Roaming\Steganos VPN 2017-03-30 19:40 - 2017-03-30 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield 2017-03-30 19:40 - 2017-03-30 19:40 - 00000000 ____D C:\Program Files (x86)\Steganos Online Shield 2017-03-30 19:39 - 2017-04-01 12:19 - 00000000 ____D C:\Users\Mag\AppData\Roaming\Steganos 2017-03-30 19:39 - 2017-03-30 19:39 - 02756632 _____ (Steganos Software GmbH) C:\Users\Mag\Downloads\sosintdle.exe 2017-03-30 12:43 - 2017-03-30 12:49 - 00000000 ____D C:\Users\Mag\AppData\Roaming\HD Tune Pro 2017-03-30 12:43 - 2017-03-30 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro 2017-03-30 12:43 - 2017-03-30 12:43 - 00000000 ____D C:\Program Files (x86)\HD Tune Pro 2017-03-30 11:48 - 2017-03-30 12:03 - 00000000 ____D C:\Users\Mag\AppData\Local\ElevatedDiagnostics 2017-03-29 20:01 - 2017-03-29 20:01 - 00003096 _____ C:\Users\Mag\Downloads\Triangle-wave-et-additionneur(1).asc 2017-03-29 19:00 - 2017-03-29 19:54 - 00007940 _____ C:\Users\Mag\Downloads\Triangle-wave-et-additionneur.raw 2017-03-29 18:59 - 2017-03-29 18:59 - 00003096 _____ C:\Users\Mag\Downloads\Triangle-wave-et-additionneur.asc 2017-03-29 15:48 - 2017-04-10 23:45 - 00004771 _____ C:\Users\Mag\AppData\Roaming\LTspiceXVII.ini 2017-03-29 15:48 - 2017-03-29 15:49 - 00001662 _____ C:\Users\Mag\Downloads\Triangle wave.asc 2017-03-29 15:32 - 2017-03-29 22:50 - 00001324 _____ C:\Users\Mag\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice XVII.lnk 2017-03-29 15:32 - 2017-03-29 15:32 - 00000000 ____D C:\Users\Mag\Documents\LTspiceXVII 2017-03-29 15:30 - 2017-03-29 15:30 - 00000000 ____D C:\Program Files\LTC 2017-03-29 03:49 - 2017-03-29 03:49 - 00956630 _____ C:\Users\Mag\Downloads\video-1488754122.mp4 2017-03-29 03:04 - 2017-03-29 03:05 - 00001901 _____ C:\Users\Mag\Downloads\partc.asc 2017-03-28 23:26 - 2017-03-28 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinToUSB 2017-03-28 23:06 - 2017-03-28 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2017-03-28 23:06 - 2017-03-28 23:06 - 00000000 ____D C:\Program Files (x86)\PowerISO 2017-03-28 05:27 - 2017-03-28 05:27 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2017-03-28 05:27 - 2017-03-28 05:27 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2017-03-26 23:06 - 2017-03-26 23:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2017-03-26 23:06 - 2017-03-26 23:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help 2017-03-22 06:16 - 2017-03-22 06:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc 2017-03-22 06:15 - 2017-03-22 06:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TrueCrypt 2017-03-22 06:14 - 2017-04-10 22:35 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla 2017-03-22 06:14 - 2017-04-04 18:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2017-03-22 06:14 - 2017-03-26 22:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla 2017-03-22 06:14 - 2017-03-22 06:14 - 00001463 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-03-22 06:14 - 2017-03-22 06:14 - 00001429 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2017-03-22 06:14 - 2017-03-22 06:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla 2017-03-22 06:14 - 2017-03-22 06:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\ESET 2017-03-22 06:13 - 2017-03-22 06:14 - 00000000 ____D C:\Users\Administrator 2017-03-22 06:13 - 2017-03-22 06:13 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 _SHDL C:\Users\Administrator\Voisinage réseau 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 _SHDL C:\Users\Administrator\Voisinage d'impression 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 _SHDL C:\Users\Administrator\Modèles 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 _SHDL C:\Users\Administrator\Mes documents 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 _SHDL C:\Users\Administrator\Menu Démarrer 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 _SHDL C:\Users\Administrator\Documents\Mes vidéos 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 _SHDL C:\Users\Administrator\Documents\Mes images 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 _SHDL C:\Users\Administrator\Documents\Ma musique 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Historique 2017-03-22 06:13 - 2017-03-22 06:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\VirtualStore 2017-03-22 06:13 - 2009-07-14 17:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-04-13 02:15 - 2017-02-04 01:41 - 00000000 ____D C:\Users\Mag\AppData\LocalLow\Mozilla 2017-04-13 02:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-04-13 02:07 - 2017-02-04 02:01 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-04-13 00:55 - 2017-02-04 02:29 - 00000000 ____D C:\Users\Mag\AppData\Roaming\vlc 2017-04-13 00:04 - 2009-07-14 06:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-04-13 00:04 - 2009-07-14 06:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-04-12 23:55 - 2017-02-04 01:51 - 00000000 ____D C:\Users\Mag\AppData\Roaming\DMCache 2017-04-12 17:07 - 2017-01-01 06:18 - 00000000 ____D C:\Users\Mag\Desktop\psseree 2017-04-11 22:30 - 2017-02-08 21:20 - 454089987 _____ C:\Windows\MEMORY.DMP 2017-04-11 22:30 - 2017-02-08 21:20 - 00000000 ____D C:\Windows\Minidump 2017-04-11 18:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2017-04-11 03:27 - 2017-02-07 03:21 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-11 03:27 - 2017-02-07 03:21 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-08 20:07 - 2017-02-04 02:17 - 00000000 ____D C:\Users\UpdatusUser 2017-04-08 15:04 - 2009-07-14 17:24 - 00747154 _____ C:\Windows\system32\perfh00C.dat 2017-04-08 15:04 - 2009-07-14 17:24 - 00149646 _____ C:\Windows\system32\perfc00C.dat 2017-04-08 15:04 - 2009-07-14 07:13 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI 2017-04-04 12:17 - 2017-02-07 03:21 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-04-02 01:26 - 2017-02-06 20:05 - 00000000 ____D C:\Users\Mag\AppData\Local\Eraser 6 2017-03-29 05:32 - 2017-02-05 16:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-03-29 05:32 - 2017-02-05 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-28 23:26 - 2017-02-04 03:01 - 00000000 ____D C:\Program Files\WinToUSB 2017-03-28 23:06 - 2017-02-04 01:51 - 00000000 ____D C:\Users\Mag\Downloads\Compressed 2017-03-28 22:26 - 2009-07-14 06:45 - 00407640 _____ C:\Windows\system32\FNTCACHE.DAT 2017-03-28 05:30 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini 2017-03-28 05:20 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared ==================== Fichiers à la racine de certains dossiers ======= 2017-03-29 15:48 - 2017-04-10 23:45 - 0004771 _____ () C:\Users\Mag\AppData\Roaming\LTspiceXVII.ini 2017-04-08 20:38 - 2017-04-08 20:38 - 0000017 _____ () C:\Users\Mag\AppData\Local\resmon.resmoncfg 2017-02-04 01:58 - 2017-02-04 01:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-04-06 19:49 ==================== Fin de FRST.txt ============================