Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2017 Exécuté par hp (administrateur) sur HP-PC (13-09-2017 15:24:39) Exécuté depuis C:\Users\hp\Desktop Profils chargés: hp (Profils disponibles: hp) Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France) Internet Explorer Version 8 (Navigateur par défaut: Chrome) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswpbapi.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (© 2015 Microsoft Corporation) C:\Users\hp\AppData\Local\Microsoft\BingSvc\BingSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswtrayutil.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [338000 2015-06-22] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-01-31] (Zbshareware Lab) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455816 2017-02-02] (Power Software Ltd) HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2041011723-2276574768-378680139-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.) HKU\S-1-5-21-2041011723-2276574768-378680139-1000\...\Run: [BingSvc] => C:\Users\hp\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) HKU\S-1-5-21-2041011723-2276574768-378680139-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-08-29] (Tonec Inc.) HKU\S-1-5-21-2041011723-2276574768-378680139-1000\...\MountPoints2: {eae6e9aa-0b34-11e7-8484-bdc47a0a3ec4} - E:\AutoRun.exe HKU\S-1-5-21-2041011723-2276574768-378680139-1000\...\MountPoints2: {eae6e9bb-0b34-11e7-8484-bdc47a0a3ec4} - E:\AutoRun.exe Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-04] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2017-04-01] ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{8B320288-334A-4029-B98A-26E0758AECDD}: [NameServer] 41.214.140.4 8.8.8.8 Tcpip\..\Interfaces\{8E780779-283A-4EAA-BC6C-B08EF949DA27}: [NameServer] 103.229.80.2,114.130.25.2 Tcpip\..\Interfaces\{ED2E9C10-461F-4AEA-BB35-651C8F0CE235}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKU\S-1-5-21-2041011723-2276574768-378680139-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=fr-fr HKU\S-1-5-21-2041011723-2276574768-378680139-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp HKU\S-1-5-21-2041011723-2276574768-378680139-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://linkzb.com BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 1grzrvbs.default FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\1grzrvbs.default [2017-09-13] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\1grzrvbs.default -> Bing FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\1grzrvbs.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\1grzrvbs.default -> Bing FF Homepage: Mozilla\Firefox\Profiles\1grzrvbs.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=fr-fr hxxp://linkzb.com FF Keyword.URL: Mozilla\Firefox\Profiles\1grzrvbs.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q= FF Extension: (Bing Search) - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\1grzrvbs.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-04-29] FF Extension: (MEGA) - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\1grzrvbs.default\Extensions\firefox@mega.co.nz.xpi [2017-09-08] FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\1grzrvbs.default\searchplugins\bing-.xml [2017-04-29] FF HKU\S-1-5-21-2041011723-2276574768-378680139-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02] FF HKU\S-1-5-21-2041011723-2276574768-378680139-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-2041011723-2276574768-378680139-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\hp\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\hp\AppData\Roaming\IDM\idmmzcc5 [2017-07-20] [non signé] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-06] (Google Inc.) Chrome: ======= CHR HomePage: Default -> msn.com CHR NewTab: Default -> Active:"chrome-extension://clgckgfbhciacomhlchmgdnplmdiadbj/newtab.html" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms} CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2017-09-12] CHR Extension: (Google Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-06] CHR Extension: (Кнопка PsyFactor.ORG) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmekljdcgphlpephegkonbbhpnbdaoco [2017-07-06] CHR Extension: (Google Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-06] CHR Extension: (Tabs 2 Grid) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhhlffidbdcekjjclelmafdgfpekkgeh [2017-09-04] CHR Extension: (Google Docs hors connexion) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-06] CHR Extension: (IDM Integration Module) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-20] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-23] CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-31] CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-24] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-22] CHR HKU\S-1-5-21-2041011723-2276574768-378680139-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-22] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [Fichier non signé] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [684624 2015-06-22] (Hewlett-Packard Company) R2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [Fichier non signé] S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [Fichier non signé] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404368 2017-08-21] (McAfee, Inc.) S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [Fichier non signé] R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [Fichier non signé] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X] S2 InstallerWrapperService; "C:\Program Files\TrueKey\InstallerWrapperService.exe" [X] ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [609696 2016-11-28] (Qualcomm) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-09-12] () S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.) S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [60928 2017-07-19] (GenesysLogic) S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [226176 2017-07-19] (MBB Technologies Co., Ltd.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-07-18] (REALiX(tm)) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-12] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-13] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-13] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-13] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-13] (Malwarebytes) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [2595648 2016-09-19] (Sonix Tech. Co., Ltd.) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [205952 2017-04-28] (Oracle Corporation) U3 aswbdisk; pas de ImagePath ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-09-13 15:24 - 2017-09-13 15:25 - 000017468 _____ C:\Users\hp\Desktop\FRST.txt 2017-09-13 15:24 - 2017-09-13 15:24 - 000000000 ____D C:\FRST 2017-09-13 15:18 - 2017-09-13 15:18 - 002397696 _____ (Farbar) C:\Users\hp\Desktop\FRST64.exe 2017-09-12 23:39 - 2017-09-12 23:39 - 000000608 _____ C:\Users\hp\Desktop\122030.txt 2017-09-12 23:39 - 2017-09-12 23:39 - 000000608 _____ C:\Users\hp\Desktop\00000.txt 2017-09-12 15:32 - 2017-09-12 15:32 - 002870984 _____ (ESET) C:\Users\hp\Desktop\esetsmartinstaller_fra.exe 2017-09-12 15:32 - 2017-09-12 15:32 - 000000000 ____D C:\Program Files (x86)\ESET 2017-09-12 14:54 - 2017-09-12 14:54 - 000076783 _____ C:\Users\hp\Desktop\hvhv.txt 2017-09-12 14:26 - 2017-09-13 10:19 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-09-12 14:26 - 2017-09-13 10:06 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-12 14:26 - 2017-09-13 10:06 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-09-12 14:26 - 2017-09-13 10:06 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-12 14:26 - 2017-09-12 15:02 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-09-12 14:26 - 2017-09-12 15:02 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-09-12 14:26 - 2017-09-12 14:26 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-12 14:26 - 2017-09-12 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-12 14:25 - 2017-09-12 14:25 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-12 14:25 - 2017-09-12 14:25 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-12 14:19 - 2017-09-12 14:22 - 065942208 _____ (Malwarebytes ) C:\Users\hp\Desktop\mb3-setup-35891.35891-3.2.2.2018.exe 2017-09-11 21:43 - 2017-09-11 21:43 - 032445445 _____ C:\Users\hp\Desktop\cureit..txt 2017-09-11 17:12 - 2017-09-11 21:42 - 000000000 ____D C:\Users\hp\Doctor Web 2017-09-11 17:12 - 2017-09-11 17:12 - 000000000 ____D C:\ProgramData\Doctor Web 2017-09-11 17:05 - 2017-09-11 17:11 - 158021928 _____ C:\Users\hp\Desktop\8ukiisyt.exe 2017-09-11 16:22 - 2017-09-13 15:22 - 000000000 ____D C:\Users\hp\AppData\Roaming\ZHP 2017-09-11 16:22 - 2017-09-11 16:24 - 000000000 ____D C:\Users\hp\AppData\Local\ZHP 2017-09-08 19:35 - 2017-09-08 21:54 - 1093541548 _____ C:\Users\hp\Desktop\[EgyBest].Case.39.2009.BluRay.1080p.x264.mp4 2017-09-06 16:12 - 2017-09-06 16:12 - 048343973 _____ C:\Users\hp\Downloads\Muslim - Dommini - (Official Video Clip 2017) مـسـلـم ـ ضُـمِّـنـي - YouTube.MKV 2017-09-04 22:53 - 2017-09-04 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2017-09-04 22:53 - 2017-09-04 22:53 - 000000000 ____D C:\ProgramData\McAfee Security Scan 2017-09-04 00:11 - 2017-09-04 00:11 - 000536308 _____ ( ) C:\Users\hp\Downloads\One_Piece_-_622_480ParabicBy_deidara_senpai.mp4.exe 2017-09-04 00:10 - 2017-09-04 00:10 - 000000592 __RSH C:\ProgramData\ntuser.pol 2017-09-02 23:58 - 2017-09-02 23:58 - 023736205 _____ C:\Users\hp\Downloads\Dua Lipa - New Rules (Official Music Video) - YouTube.MKV 2017-08-28 17:53 - 2017-09-03 17:08 - 000000000 ____D C:\Users\hp\Desktop\Nouveau dossier (9) 2017-08-24 18:57 - 2017-08-24 18:58 - 043648772 _____ C:\Users\hp\Downloads\Balti featuring Zied Nigro - Douza Douza - YouTube.MKV 2017-08-24 18:57 - 2017-08-24 18:57 - 042070933 _____ C:\Users\hp\Downloads\Balti - Hala Mala (2016) - YouTube.MKV 2017-08-24 18:54 - 2017-08-24 18:54 - 038493300 _____ C:\Users\hp\Downloads\Balti - Skerti Raw7i - YouTube.MKV 2017-08-22 16:29 - 2017-08-22 16:29 - 000030659 _____ C:\Users\hp\Desktop\Présentation1.pptx 2017-08-22 14:19 - 2017-08-30 16:32 - 000080326 _____ C:\Users\hp\Desktop\CV123.pptx 2017-08-20 21:26 - 2017-08-20 21:31 - 140471643 _____ C:\Users\hp\Desktop\videoplayback_138.MP4 2017-08-19 23:13 - 2017-08-19 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2017-08-19 23:12 - 2017-08-19 23:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Works 2017-08-19 23:11 - 2017-08-19 23:11 - 000000000 ____D C:\Windows\PCHEALTH 2017-08-19 23:11 - 2017-08-19 23:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2017-08-19 23:09 - 2017-08-19 23:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-08-19 23:09 - 2017-08-19 23:09 - 000000000 ____D C:\Users\hp\AppData\Local\Microsoft Help 2017-08-19 23:09 - 2017-08-19 23:09 - 000000000 ____D C:\Program Files\Microsoft Office 2017-08-19 23:09 - 2017-08-19 23:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2017-08-19 23:08 - 2017-08-19 23:08 - 000000000 __RHD C:\MSOCache 2017-08-19 01:20 - 2017-08-19 01:20 - 000003278 _____ C:\Windows\System32\Tasks\{03BC9274-0F53-4DC4-A9DB-F62552F6C2A5} 2017-08-19 01:13 - 2015-10-09 15:34 - 612214279 _____ (منتدى شروحات البرامج) C:\Users\hp\Desktop\Office 2007 by startimes.exe 2017-08-19 00:52 - 2017-08-19 01:12 - 613198788 _____ C:\Users\hp\Desktop\Office 2007 by startimes.rar 2017-08-16 19:27 - 2017-08-16 19:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_GeneStor_01009.Wdf 2017-08-15 19:34 - 2017-08-15 19:35 - 000245824 _____ (Mozilla) C:\Users\hp\Downloads\Firefox Installer.exe 2017-08-15 19:30 - 2017-08-26 19:59 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-08-15 19:30 - 2017-08-26 19:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-08-15 19:30 - 2017-08-15 19:36 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-08-15 19:30 - 2017-08-15 19:36 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2017-09-13 14:42 - 2017-05-23 17:20 - 000000000 ____D C:\Users\hp\AppData\Roaming\vlc 2017-09-13 10:18 - 2017-04-29 10:17 - 000000000 ____D C:\Users\hp\AppData\Roaming\Skype 2017-09-13 10:14 - 2009-07-14 04:45 - 000027680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-13 10:14 - 2009-07-14 04:45 - 000027680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-13 10:06 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-12 23:48 - 2017-07-18 23:53 - 000000000 ____D C:\Users\hp\AppData\Roaming\DMCache 2017-09-12 23:47 - 2017-03-17 18:26 - 000000000 ____D C:\Users\hp\Downloads\Video 2017-09-12 17:27 - 2017-03-17 00:59 - 000000000 ____D C:\Users\hp 2017-09-12 14:50 - 2017-03-23 12:23 - 000000000 ____D C:\Program Files (x86)\pes 2016 2017-09-12 10:33 - 2017-03-24 22:32 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-09-12 10:33 - 2017-03-24 22:32 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-09-12 10:33 - 2017-03-24 22:32 - 000004496 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-09-12 10:32 - 2017-03-24 22:32 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-09-12 10:32 - 2017-03-24 22:32 - 000000000 ____D C:\Windows\system32\Macromed 2017-09-11 21:43 - 2017-07-18 23:53 - 000000000 ____D C:\Users\hp\Desktop\Driver Booster Pro__4.0.2.320 - startimes 2017-09-11 21:43 - 2017-03-19 18:44 - 000000000 ____D C:\SocketeQ 2017-09-09 19:37 - 2009-07-14 05:08 - 000032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-09-09 18:50 - 2011-02-07 13:51 - 000747154 _____ C:\Windows\system32\perfh00C.dat 2017-09-09 18:50 - 2011-02-07 13:51 - 000149646 _____ C:\Windows\system32\perfc00C.dat 2017-09-09 18:50 - 2009-07-14 05:13 - 001667292 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-09 18:50 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf 2017-09-08 18:08 - 2017-03-17 18:16 - 000004042 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1489774572 2017-09-04 22:53 - 2017-03-25 18:02 - 000000000 ____D C:\Program Files\McAfee Security Scan 2017-09-04 22:53 - 2017-03-24 22:32 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2017-09-04 00:10 - 2009-07-14 03:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2017-09-04 00:10 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2017-09-02 09:53 - 2017-04-14 22:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-08-31 15:28 - 2017-07-18 23:54 - 000000000 ____D C:\ProgramData\ProductData 2017-08-31 15:28 - 2017-07-18 23:53 - 000002288 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk 2017-08-24 18:50 - 2017-07-06 09:04 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-22 01:12 - 2017-06-12 01:46 - 000000000 ____D C:\Users\hp\Desktop\d7k 2017-08-20 13:34 - 2017-03-17 16:49 - 000108840 _____ C:\Users\hp\AppData\Local\GDIPFONTCACHEV1.DAT 2017-08-20 13:33 - 2009-07-14 04:45 - 000413640 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-19 23:11 - 2010-11-21 07:17 - 000000000 ____D C:\Windows\ShellNew 2017-08-19 23:11 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files (x86)\MSBuild 2017-08-19 23:10 - 2009-07-14 03:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-08-19 23:09 - 2009-07-14 02:34 - 000000478 _____ C:\Windows\win.ini 2017-08-19 02:04 - 2017-04-20 22:16 - 000000580 _____ C:\Users\hp\Desktop\Nouveau document texte (2).txt 2017-08-19 01:13 - 2017-03-17 18:26 - 000000000 ____D C:\Users\hp\Downloads\Compressed 2017-08-16 19:28 - 2017-07-21 18:13 - 000000000 ____D C:\Users\hp\AppData\Roaming\dvdcss 2017-08-15 19:26 - 2017-03-17 18:30 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Mozilla ==================== Fichiers à la racine de certains dossiers ======= 2017-03-17 23:47 - 2017-07-24 00:59 - 000000600 _____ () C:\Users\hp\AppData\Roaming\winscp.rnd Certains fichiers dans TEMP: ==================== 2017-04-29 10:27 - 2017-04-29 10:27 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\hp\AppData\Local\Temp\BSvcProcessor.exe 2017-04-29 10:27 - 2017-04-29 10:27 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\hp\AppData\Local\Temp\BSvcUpdater.exe 2017-03-17 17:14 - 2009-08-23 02:43 - 000206336 ____R (Huawei Technologies Co., Ltd.) C:\Users\hp\AppData\Local\Temp\DataCard_Setup64.exe 2017-03-29 10:15 - 2017-09-09 19:41 - 000003584 _____ () C:\Users\hp\AppData\Local\Temp\dateinj01.dll 2017-09-12 20:36 - 2017-09-12 20:36 - 000000000 _____ () C:\Users\hp\AppData\Local\Temp\l4xri7cz.dll 2017-03-17 17:24 - 2017-03-17 17:24 - 001562624 _____ (Opera Software) C:\Users\hp\AppData\Local\Temp\Opera_installer_20173172418201.dll 2017-03-17 17:24 - 2017-03-17 17:24 - 001562624 _____ (Opera Software) C:\Users\hp\AppData\Local\Temp\Opera_installer_20173172418498.dll 2017-03-17 17:24 - 2017-03-17 17:24 - 001562624 _____ (Opera Software) C:\Users\hp\AppData\Local\Temp\Opera_installer_2017317241928.dll 2017-06-22 20:55 - 2017-06-22 20:55 - 002011648 _____ (Opera Software) C:\Users\hp\AppData\Local\Temp\Opera_installer_2017622554677.dll 2017-03-17 17:14 - 2008-02-20 21:16 - 000007168 ____R () C:\Users\hp\AppData\Local\Temp\ResetDevice.exe 2017-07-27 13:38 - 2017-07-27 13:41 - 058740704 _____ (Skype Technologies S.A.) C:\Users\hp\AppData\Local\Temp\SkypeSetup.exe 2017-04-29 10:13 - 2017-04-29 10:14 - 014456872 _____ (Microsoft Corporation) C:\Users\hp\AppData\Local\Temp\vc_redist.x86.exe ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement C:\Windows\system32\wininit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement C:\Windows\explorer.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\Windows\system32\svchost.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\Windows\system32\services.exe => Le fichier est signé numériquement C:\Windows\system32\User32.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement C:\Windows\system32\userinit.exe => Le fichier est signé numériquement C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2017-09-12 16:56 ==================== Fin de FRST.txt ============================