Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017 Exécuté par PC Q (administrateur) sur PCQ-PC (09-09-2017 09:06:05) Exécuté depuis C:\Users\PC Q\Desktop Profils chargés: PC Q (Profils disponibles: PC Q) Platform: Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) Langue: Français (France) Internet Explorer Version 8 (Navigateur par défaut: "C:\Program Files\Maxthon5\Bin\Maxthon.exe" "%1") Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (Maxthon International ltd.) C:\Program Files\Maxthon5\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon5\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon5\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon5\Bin\Maxthon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Maxthon International ltd.) C:\Program Files\Maxthon5\Bin\Maxthon.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-01] (AVAST Software) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2017-03-28] (IDT, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient.exe [3971528 2017-09-06] (SoftEther VPN Project at University of Tsukuba, Japan.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2939468264-998961724-2388039128-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4019312 2017-06-28] (Tonec Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-09-06] ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr.exe (SoftEther VPN Project at University of Tsukuba, Japan.) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{75FEF49E-48E7-4772-89EE-35B04BAD2AD8}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{96B6D22D-CEE4-4DA4-AC2D-F3B34A01F3AB}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E3BBB335-9A62-4B1F-ADDA-1E1141B4A87A}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{F46D356B-6A8F-46A3-A503-E322F00E25F2}: [DhcpNameServer] 192.168.1.1 ManualProxies: 0hxxp://accessquickweb.com/wpad.dat?b9e2fa254214b9206b1d0a129a3ba6ed34985379 Internet Explorer: ================== HKU\S-1-5-21-2939468264-998961724-2388039128-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp URLSearchHook: [S-1-5-21-2939468264-998961724-2388039128-1000] ATTENTION => URLSearchHook par défaut est absent BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-06-23] (Internet Download Manager, Tonec Inc.) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-09-02] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-07-02] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-09-01] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-09-02] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-02] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-02] (Oracle Corporation) Toolbar: HKU\S-1-5-21-2939468264-998961724-2388039128-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-02] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-02] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-02] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-02] (Microsoft Corporation) FireFox: ======== FF HKU\S-1-5-21-2939468264-998961724-2388039128-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26] FF HKU\S-1-5-21-2939468264-998961724-2388039128-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\PC Q\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\PC Q\AppData\Roaming\IDM\idmmzcc5 [2017-07-13] [non signé] FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-02] (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-02] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-02] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR Profile: C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default [2017-09-07] CHR Extension: (Heartbeat) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\aailiojlhjbichheofhdpcongebcgcgm [2017-07-17] CHR Extension: (عروض Google التقديمية) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-27] CHR Extension: (محرّر مستندات Google) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-27] CHR Extension: (Google Drive) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-27] CHR Extension: (Youtube) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-27] CHR Extension: (آدبلوك بلس) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13] CHR Extension: (Adobe Acrobat) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-29] CHR Extension: (Avast SafePrice) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-09-03] CHR Extension: (جداول بيانات Google ) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-27] CHR Extension: (Alerte Bons Plans eBuyClub) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjjddemkcndmbbeeibicagaobbijjgmm [2017-08-06] CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-27] CHR Extension: (Avast Online Security) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-03] CHR Extension: (goo.gl URL Shortener (Unofficial)) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2017-09-03] CHR Extension: (IDM Integration Module) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2001-12-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-27] CHR Extension: (Chrome Media Router) - C:\Users\PC Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-14] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-06-28] CHR HKU\S-1-5-21-2939468264-998961724-2388039128-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (Adblock Plus) - C:\Users\PC Q\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-08-19] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5830352 2017-09-01] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-01] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2840768 2017-08-28] (Microsoft Corporation) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes) S2 MxService; C:\Program Files\Maxthon5\Bin\MxService.exe [143648 2017-03-30] (Maxthon International ltd.) R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3971528 2017-09-06] (SoftEther VPN Project at University of Tsukuba, Japan.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2017-03-28] (IDT, Inc.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267520 2017-09-01] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-09-01] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-09-01] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-09-01] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-09-01] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-09-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99568 2017-09-01] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-09-01] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [773800 2017-09-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [500136 2017-09-01] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [147720 2017-09-01] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296824 2017-09-01] (AVAST Software) S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2015-08-31] (Windows (R) Win 7 DDK provider) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2017-04-01] (Samsung Electronics Co., Ltd.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-03-27] (REALiX(tm)) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2017-03-28] (Qualcomm Atheros Co., Ltd.) R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0121.sys [37920 2017-09-06] (SoftEther Corporation) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [945504 2017-03-28] (Ralink Technology Corp.) R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.) R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-09-09 09:06 - 2017-09-09 09:07 - 000016080 _____ C:\Users\PC Q\Desktop\FRST.txt 2017-09-09 09:04 - 2017-09-09 09:06 - 000000000 ____D C:\FRST 2017-09-09 09:04 - 2017-09-09 09:04 - 001792512 _____ (Farbar) C:\Users\PC Q\Desktop\FRST.exe 2017-09-08 20:00 - 2017-09-08 20:02 - 000000000 ____D C:\Users\PC Q\Desktop\Nouveau dossier (5) 2017-09-08 00:35 - 2017-09-08 00:42 - 000000000 ____D C:\Users\PC Q\Desktop\souri hd 2017-09-08 00:18 - 2017-09-08 00:38 - 000000000 ____D C:\Users\PC Q\Desktop\SOURI 2017-09-07 22:21 - 2017-09-07 22:21 - 000002668 _____ C:\Users\PC Q\Desktop\ZHPFixReport.txt 2017-09-07 18:04 - 2017-09-07 18:17 - 000110990 _____ C:\Users\PC Q\Desktop\ZHPDiag.txt 2017-09-07 17:53 - 2017-09-07 17:53 - 000000220 _____ C:\Users\PC 2017-09-07 17:51 - 2017-09-07 22:21 - 000000000 ____D C:\Users\PC Q\AppData\Roaming\ZHP 2017-09-07 17:51 - 2017-09-07 17:56 - 000000000 ____D C:\Users\PC Q\AppData\Local\ZHP 2017-09-07 17:51 - 2017-09-07 17:51 - 000000781 _____ C:\Users\PC Q\Desktop\ZHPDiag.lnk 2017-09-07 11:56 - 2017-09-07 11:56 - 000001240 _____ C:\Users\PC Q\Desktop\m.txt 2017-09-07 11:02 - 2017-09-07 11:09 - 000000000 ____D C:\AdwCleaner 2017-09-06 20:49 - 2017-09-06 20:49 - 000141768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe 2017-09-06 20:49 - 2017-09-06 20:49 - 000037920 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_0121.sys 2017-09-06 20:48 - 2017-09-06 20:48 - 000002062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk 2017-09-06 20:48 - 2017-09-06 20:48 - 000002056 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk 2017-09-06 20:48 - 2017-09-06 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client 2017-09-06 20:48 - 2002-01-01 00:01 - 000000000 ____D C:\Program Files\SoftEther VPN Client 2017-09-06 20:18 - 2017-09-06 20:21 - 000000000 ____D C:\Program Files\TAP-Windows 2017-09-06 19:47 - 2017-09-06 19:47 - 000001544 _____ C:\Users\PC Q\Desktop\HH.txt 2017-09-06 17:53 - 2002-01-01 00:02 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-09-06 17:52 - 2002-01-01 00:01 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-06 17:52 - 2002-01-01 00:00 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-09-06 17:51 - 2002-01-01 00:00 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-06 17:50 - 2017-09-07 11:59 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys 2017-09-06 17:50 - 2017-09-06 17:50 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-06 17:50 - 2017-09-06 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-06 17:49 - 2017-09-06 17:49 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-06 17:49 - 2017-09-06 17:49 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-06 17:30 - 2017-09-06 17:31 - 000002872 _____ C:\Users\PC Q\Desktop\Rkill.txt 2017-09-06 11:57 - 2017-09-06 19:48 - 000000000 ____D C:\Users\PC Q\Desktop\ps4 2017-09-05 15:25 - 2017-09-05 15:25 - 000000000 ____D C:\Program Files\Common Files\Skype 2017-09-05 14:12 - 2017-09-05 14:15 - 000000000 ____D C:\Users\PC Q\Desktop\Nouveau dossier (4) 2017-09-03 15:43 - 2017-09-03 15:43 - 000000000 _____ C:\Users\PC Q\Documents\DROP.txt 2017-09-02 22:42 - 2017-09-02 22:42 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2017-09-01 06:15 - 2017-09-01 06:14 - 000304816 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-08-31 22:11 - 2017-09-01 01:05 - 000000000 ____D C:\Users\PC Q\Desktop\Nouveau dossier (3) 2017-08-31 00:27 - 2017-09-05 14:23 - 000000000 ____D C:\Users\PC Q\Desktop\TOP 2017-08-31 00:13 - 2017-08-31 00:13 - 000001051 _____ C:\Users\PC Q\Desktop\PhotoZoom Pro 6.lnk 2017-08-31 00:13 - 2017-08-31 00:13 - 000000000 ____D C:\Users\PC Q\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoZoom Pro 6 2017-08-31 00:13 - 2017-08-31 00:13 - 000000000 ____D C:\Program Files\PhotoZoom Pro 6 2017-08-30 23:58 - 2017-08-31 00:26 - 000000000 ____D C:\Users\PC Q\Desktop\Nouveau dossier (2) 2017-08-29 17:41 - 2017-08-31 00:26 - 000000000 ____D C:\Users\PC Q\Desktop\Nouveau dossier 2017-08-26 21:58 - 2017-08-26 22:00 - 030407204 _____ C:\Users\PC Q\Downloads\whatsapp-messenger.apk 2017-08-26 21:31 - 2017-08-26 21:42 - 039243282 _____ C:\Users\PC Q\Downloads\whatsapp-messenger-2-17-313.apk 2017-08-24 22:12 - 2017-08-24 22:12 - 000111056 _____ C:\Users\PC Q\AppData\Local\GDIPFONTCACHEV1.DAT 2017-08-19 14:57 - 2017-08-19 14:57 - 000001876 _____ C:\Users\PC Q\Desktop\XM Global MT4.lnk 2017-08-18 20:19 - 2017-08-18 20:19 - 000000000 ____D C:\Users\PC Q\AppData\Roaming\Opera Software 2017-08-18 20:19 - 2017-08-18 20:19 - 000000000 ____D C:\Users\PC Q\AppData\Local\Opera Software 2017-08-18 20:18 - 2017-09-07 11:09 - 000001057 _____ C:\Users\Public\Desktop\Navigateur Opera.lnk 2017-08-18 20:18 - 2017-09-07 11:09 - 000001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk 2017-08-18 20:16 - 2017-08-26 21:41 - 000000000 ____D C:\Program Files\Opera 2017-08-18 11:52 - 2017-08-18 11:52 - 000000000 ____D C:\ProgramData\MetaQuotes 2017-08-18 11:50 - 2017-08-18 11:50 - 000001876 _____ C:\Users\Public\Desktop\XM Global MT4.lnk 2017-08-18 11:50 - 2017-08-18 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XM Global MT4 2017-08-18 11:50 - 2017-08-18 11:50 - 000000000 ____D C:\Program Files\XM Global MT4 2017-08-16 20:37 - 2017-08-16 20:37 - 000001849 _____ C:\Users\Public\Desktop\MetaTrader.lnk 2017-08-16 20:37 - 2017-08-16 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 2017-08-16 20:37 - 2017-08-16 20:37 - 000000000 ____D C:\Program Files\MetaTrader 2017-08-16 20:23 - 2017-08-16 20:37 - 000000000 ____D C:\Users\PC Q\AppData\Roaming\MetaQuotes ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-09-08 12:06 - 2017-03-27 22:10 - 000000000 ____D C:\Users\PC Q\AppData\Roaming\DMCache 2017-09-07 22:19 - 2017-07-13 15:38 - 000000000 ____D C:\Users\PC Q\AppData\Roaming\IDM 2017-09-07 11:09 - 2017-03-27 22:32 - 000000000 ____D C:\ProgramData\IObit 2017-09-07 11:09 - 2017-03-27 20:11 - 000002115 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-09-07 11:09 - 2017-03-27 20:11 - 000002115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-07 11:09 - 2017-03-27 00:29 - 000001387 _____ C:\Users\PC Q\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-09-06 20:51 - 2009-07-14 02:37 - 000000000 ____D C:\Windows\inf 2017-09-06 20:46 - 2017-03-27 22:10 - 000000000 ____D C:\Users\PC Q\Downloads\Compressed 2017-09-06 20:29 - 2017-03-28 00:22 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-06 18:37 - 2011-04-12 01:35 - 000748052 _____ C:\Windows\system32\perfh00C.dat 2017-09-06 18:37 - 2011-04-12 01:35 - 000149984 _____ C:\Windows\system32\perfc00C.dat 2017-09-06 18:37 - 2010-11-20 21:01 - 001669828 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-06 10:15 - 2017-03-27 22:10 - 000000000 ____D C:\Users\PC Q\Downloads\Video 2017-09-05 15:26 - 2017-05-17 22:15 - 000000000 ____D C:\ProgramData\Skype 2017-09-05 15:25 - 2017-05-17 22:15 - 000000000 ___RD C:\Program Files\Skype 2017-09-02 22:46 - 2017-03-27 19:49 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-09-02 22:42 - 2009-07-14 02:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-09-01 18:20 - 2017-03-27 19:57 - 000000000 ____D C:\Program Files\Common Files\AV 2017-09-01 06:14 - 2017-03-27 19:57 - 000296824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2017-09-01 06:14 - 2017-03-27 19:57 - 000147720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-09-01 06:14 - 2017-03-27 19:56 - 000773800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-09-01 06:14 - 2017-03-27 19:56 - 000500136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-09-01 06:14 - 2017-03-27 19:56 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys 2017-09-01 06:14 - 2017-03-27 19:56 - 000267520 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys 2017-09-01 06:14 - 2017-03-27 19:56 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys 2017-09-01 06:14 - 2017-03-27 19:56 - 000124952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-09-01 06:14 - 2017-03-27 19:56 - 000099568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-09-01 06:14 - 2017-03-27 19:56 - 000070864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-09-01 06:14 - 2017-03-27 19:56 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys 2017-09-01 06:14 - 2017-03-27 19:56 - 000042856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-08-29 18:02 - 2017-04-24 20:53 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-22 12:42 - 2017-07-25 15:17 - 000000000 ____D C:\Windows\Minidump 2017-08-22 12:42 - 2017-05-06 12:05 - 000000000 ____D C:\Users\PC Q\AppData\Local\CrashDumps 2017-08-22 12:42 - 2017-04-10 22:39 - 000000000 ____D C:\Users\PC Q\AppData\Roaming\TeamViewer 2017-08-18 19:59 - 2017-07-09 12:51 - 000000000 ____D C:\Users\PC Q\Desktop\STOCK 2017-08-11 16:21 - 2009-07-14 04:53 - 000032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-08-11 13:52 - 2017-05-05 19:10 - 000000000 ____D C:\Users\PC Q\Documents\Camtasia Studio 2017-08-10 00:55 - 2017-03-27 23:38 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-08-10 00:55 - 2017-03-27 23:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-08-10 00:55 - 2017-03-27 23:38 - 000000000 ____D C:\Windows\system32\Macromed ==================== Fichiers à la racine de certains dossiers ======= 2017-07-06 01:56 - 2017-07-26 18:29 - 000000132 _____ () C:\Users\PC Q\AppData\Roaming\تفضيلات Adobe PNG Format CS5 2017-05-06 21:21 - 2017-05-13 13:08 - 000001432 _____ () C:\Users\PC Q\AppData\Local\Adobe Save for Web 12.0 Prefs 2017-04-04 21:52 - 2017-04-11 15:55 - 000003584 _____ () C:\Users\PC Q\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-09-05 21:22 ==================== Fin de FRST.txt ============================