FRST.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Exécuté par SERVER (administrateur) sur SERVER (15-12-2016 19:46:05)
Exécuté depuis C:\Users\SERVER\Desktop
Profils chargés: SERVER (Profils disponibles: SERVER)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 9 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Ates Yazilim, Bilgisayar & Internet Teknolojileri Tic Ltd Sti) C:\Program Files (x86)\handyCafe\Server\hndserver.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(PandoraTV) C:\KMPlayer\KMPlayer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: J - J:\AutoRun.exe
HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {42384c86-b476-11e6-aa08-b8975a26dca4} - J:\Auto.exe
HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {489342de-b219-11e6-a306-b8975a26dca4} - J:\autorun.exe
HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {489342e2-b219-11e6-a306-b8975a26dca4} - J:\autorun.exe
HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {530a6631-a041-11e6-a971-10feedce4ac2} - J:\Setup.exe
HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {71de87cf-ace2-11e6-bd5f-b8975a26dca4} - J:\AutoRun.exe
HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {8edca6ce-b79b-11e6-aaef-10feedce4ac2} - J:\AutoRun.exe
HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {defd7e2d-9e7a-11e6-a17a-10feedce4ac2} - J:\AutoRun.exe
HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\MountPoints2: {fbba8562-b271-11e6-810a-b8975a26dca4} - K:\Setup.exe
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Pas de fichier
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Pas de fichier
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Pas de fichier
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Pas de fichier
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Pas de fichier
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Pas de fichier

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Hosts: 127.0.0.1 activation-v2.geo.kaspersky.com
Tcpip\..\Interfaces\{2A3148E4-23E2-4E16-AEBE-8C54A9084C26}: [NameServer] 208.67.222.123,208.67.220.123
Tcpip\..\Interfaces\{50DD600E-1A1F-4C39-958B-CB622D763825}: [DhcpNameServer] 192.168.137.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-11-30] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-11-30] (Internet Download Manager, Tonec Inc.)

FireFox:
========
FF DefaultProfile: w0jy8d21.default
FF ProfilePath: C:\Users\SERVER\AppData\Roaming\Mozilla\Firefox\Profiles\w0jy8d21.default [2016-12-15]
FF Homepage: Mozilla\Firefox\Profiles\w0jy8d21.default -> www.google.com
FF Extension: (Visual Bookmarks) - C:\Users\SERVER\AppData\Roaming\Mozilla\Firefox\Profiles\w0jy8d21.default\Extensions\vb@yandex.ru.xpi [2016-11-09]
FF Extension: (Pas de nom) - C:\Users\SERVER\AppData\Roaming\Mozilla\Firefox\Profiles\w0jy8d21.default\extensions\yasearch@yandex.ru.xpi [non trouvé(e)]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\SERVER\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\SERVER\AppData\Roaming\IDM\idmmzcc5 [2016-12-15] [non signé]
FF HKU\S-1-5-21-444279093-2062295991-3838736036-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default [2016-12-15]
CHR Extension: (Google Slides) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-28]
CHR Extension: (Google Docs) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-28]
CHR Extension: (Google Drive) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28]
CHR Extension: (YouTube) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28]
CHR Extension: (Adblock Plus) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-01]
CHR Extension: (Google Sheets) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-28]
CHR Extension: (Google Docs hors connexion) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-28]
CHR Extension: (IDM Integration Module) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-09]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28]
CHR Extension: (Gmail) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-28]
CHR Extension: (Chrome Media Router) - C:\Users\SERVER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-11-30]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-11-30]

Opera:
=======
OPR Extension: (IDM Integration Module) - C:\Users\SERVER\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-11]

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [Fichier non signé]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2815520 2016-10-11] (ESET)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Fichier non signé]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Fichier non signé]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [38024 2015-08-23] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-11-24] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-11-24] (Disc Soft Ltd)
S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2016-11-01] (Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2016-11-01] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [212096 2016-10-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [48768 2016-10-13] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [76416 2016-10-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59528 2016-10-13] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [91784 2016-10-13] (ESET)
S3 GMLXD16Fltr; C:\Windows\System32\drivers\GMLXDFltr01.sys [19488 2016-05-27] (LXD Development, Inc.)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros Co., Ltd.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-12-15 19:46 - 2016-12-15 19:46 - 00014296 _____ C:\Users\SERVER\Desktop\FRST.txt
2016-12-15 19:45 - 2016-12-15 19:46 - 00000000 ____D C:\FRST
2016-12-15 19:44 - 2016-12-15 19:44 - 02420224 _____ (Farbar) C:\Users\SERVER\Desktop\FRST64.exe
2016-12-15 19:43 - 2016-12-15 19:43 - 00010030 _____ C:\Users\SERVER\Desktop\rk_48C2.tmp.txt
2016-12-15 19:41 - 2016-12-15 19:41 - 00010030 _____ C:\Users\SERVER\Desktop\rk_861E.tmp.txt
2016-12-15 16:31 - 2016-12-15 16:31 - 00000000 ____D C:\Users\SERVER\AppData\Local\CrashDumps
2016-12-15 14:12 - 2016-12-15 14:12 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-12-15 14:09 - 2016-12-15 19:45 - 00000000 ____D C:\ProgramData\RogueKiller
2016-12-15 14:09 - 2016-12-15 14:09 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-15 14:09 - 2016-12-15 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-12-15 14:09 - 2016-12-15 14:09 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-15 13:59 - 2016-12-15 14:43 - 00000000 ____D C:\Users\SERVER\Desktop\réparé pc
2016-12-15 04:51 - 2016-12-15 04:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-12-15 04:51 - 2016-12-15 04:51 - 00000000 ____D C:\ProgramData\ESET
2016-12-15 02:47 - 2016-12-15 02:47 - 00001032 _____ C:\Users\SERVER\Desktop\Your Unin-staller!.lnk
2016-12-15 02:47 - 2016-12-15 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
2016-12-15 02:47 - 2016-12-15 02:47 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
2016-12-15 02:11 - 2016-12-15 04:40 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-15 01:59 - 2016-12-15 04:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-15 01:44 - 2016-12-15 04:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-12-15 01:35 - 2016-12-15 01:35 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\URSoft
2016-12-15 01:01 - 2016-12-15 01:01 - 00000000 ____D C:\Users\SERVER\Desktop\Kaspersky
2016-12-14 22:37 - 2016-12-15 19:03 - 00000000 ____D C:\Users\SERVER\AppData\LocalLow\Mozilla
2016-12-14 22:36 - 2016-12-15 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-14 22:36 - 2016-12-14 22:36 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-14 22:36 - 2016-12-14 22:36 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-14 22:23 - 2016-12-14 22:34 - 44594784 _____ C:\Users\SERVER\Downloads\Firefox Setup 50.1.0.exe
2016-12-14 22:15 - 2016-12-14 22:15 - 00243552 _____ C:\Users\SERVER\Downloads\Firefox Setup Stub 50.1.0.exe
2016-12-14 20:25 - 2016-12-15 08:42 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-14 20:25 - 2016-12-15 08:42 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-14 20:25 - 2016-12-15 08:42 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-14 20:25 - 2016-12-15 08:41 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-14 20:25 - 2016-12-15 08:41 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-14 20:25 - 2016-12-14 20:25 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-14 20:25 - 2016-12-14 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-14 20:25 - 2016-12-14 20:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-14 20:25 - 2016-12-14 20:25 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-14 20:25 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-14 20:04 - 2016-12-14 20:04 - 01380712 _____ C:\Users\SERVER\Downloads\grand-theft-auto-vice-city [1].exe
2016-12-14 19:04 - 2016-12-14 20:20 - 00000000 ____D C:\AdwCleaner
2016-12-14 18:37 - 2016-12-14 22:05 - 00113811 _____ C:\Users\SERVER\Desktop\ZHPDiag.txt
2016-12-14 18:33 - 2016-12-14 22:03 - 00000819 _____ C:\Users\SERVER\Desktop\ZHPDiag.lnk
2016-12-14 18:32 - 2016-12-14 22:07 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\ZHP
2016-12-14 18:31 - 2016-12-14 18:31 - 02579968 _____ C:\Users\SERVER\Desktop\ZHPDiag3.exe
2016-12-12 23:33 - 2016-12-12 23:34 - 00000000 ____D C:\Users\SERVER\Desktop\Nouveau dossier (2)
2016-12-12 22:40 - 2016-12-12 22:40 - 00000606 _____ C:\Users\SERVER\Desktop\KMPlayer.lnk
2016-12-12 22:40 - 2016-12-12 22:40 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2016-12-12 22:39 - 2016-12-15 19:17 - 00000000 ____D C:\KMPlayer
2016-12-12 19:14 - 2016-12-12 19:14 - 00128457 _____ C:\Users\SERVER\Desktop\دروس.pdf
2016-12-12 15:02 - 2016-12-12 15:03 - 05529447 _____ C:\Users\SERVER\Desktop\كتاب زاد المستقنع.pdf
2016-12-12 15:00 - 2016-12-12 15:00 - 00000000 ____H C:\Users\SERVER\Documents\Default.rdp
2016-12-11 23:42 - 2016-12-12 06:18 - 00000000 ____D C:\Users\SERVER\Desktop\Vikings.S01.Season.1.Complete.1080p.WEB-DL.AC3.X264-MRSK[cttv]
2016-12-10 13:27 - 2016-12-10 13:28 - 00068888 _____ (Microsoft Corporation) C:\Users\SERVER\Downloads\xinput1_3.dll
2016-12-09 10:43 - 2016-12-09 10:44 - 11681628 _____ C:\Users\SERVER\Downloads\Candy Camera_v3.16_apkpure.com.apk
2016-12-09 06:00 - 2016-12-09 06:00 - 00000000 ____D C:\Temp
2016-12-09 03:39 - 2016-12-09 03:39 - 00000000 ____D C:\Program Files (x86)\handyCafe
2016-12-08 15:48 - 2016-12-08 15:48 - 00176342 _____ C:\Users\SERVER\Documents\hhhhh.xps
2016-12-08 03:15 - 2016-12-08 03:33 - 27317941 _____ C:\Users\SERVER\Downloads\WhatsApp Messenger_v2.16.352_apkpure.com (1).apk
2016-12-08 01:18 - 2016-12-08 01:47 - 27317941 _____ C:\Users\SERVER\Downloads\WhatsApp Messenger_v2.16.352_apkpure.com.apk
2016-12-06 11:37 - 2016-12-09 03:39 - 00001096 _____ C:\Users\Public\Desktop\handyCafe Server.lnk
2016-12-06 11:28 - 2016-12-06 11:28 - 00000000 __SHD C:\found.000
2016-12-06 00:28 - 2016-12-06 00:28 - 00006544 ____N C:\bootsqm.dat
2016-12-05 18:14 - 2016-12-05 18:17 - 00001906 _____ C:\Users\SERVER\Desktop\Opera.lnk
2016-12-05 18:14 - 2016-12-05 18:14 - 00000000 _RSHD C:\SERVER
2016-12-05 05:17 - 2016-12-08 01:28 - 00000000 ____D C:\Users\SERVER\Desktop\Nouveau dossier
2016-12-02 23:16 - 2016-12-02 23:16 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Zbshareware Lab
2016-12-02 20:46 - 2016-12-02 20:56 - 00003868 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1480707985
2016-12-02 20:46 - 2016-12-02 20:46 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-02 03:09 - 2016-12-02 03:09 - 00041316 _____ C:\Users\SERVER\Downloads\kis 2016 by akram kimou.rar
2016-12-02 01:55 - 2016-12-02 01:55 - 00000000 ____D C:\Program Files\ESET
2016-12-02 01:16 - 2016-12-02 01:16 - 00000000 ____D C:\Users\SERVER\AppData\Local\UCBrowser
2016-12-01 21:58 - 2016-12-01 21:58 - 00918383 _____ C:\Users\SERVER\Downloads\drive-download-20161201T205757Z.zip
2016-12-01 17:26 - 2016-12-01 17:26 - 09493086 _____ C:\Users\SERVER\Downloads\Google Earth_v8.0.4.2346_apkpure.com.apk
2016-11-30 16:21 - 2016-10-17 16:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2016-11-30 09:58 - 2016-11-30 09:58 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\ESET
2016-11-29 20:24 - 2016-11-29 20:24 - 00003330 _____ C:\Windows\System32\Tasks\{4381109E-2038-4075-BE12-2794FBC8B883}
2016-11-29 09:17 - 2016-08-29 01:08 - 04184488 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2016-11-29 02:16 - 2016-11-29 02:16 - 00000000 ____D C:\Screens
2016-11-29 02:08 - 2016-11-29 02:08 - 00000000 ____D C:\Windows\ALmzor-G
2016-11-27 18:14 - 2016-11-27 18:19 - 09282735 _____ C:\Users\SERVER\Downloads\لعبة المزرعة السعيدة للموبايل_v1.0.1_apkpure.com.apk
2016-11-26 23:20 - 2016-11-26 23:20 - 00000000 ____D C:\Users\SERVER\AppData\Local\SKIDROW
2016-11-26 23:05 - 2016-11-26 23:05 - 00001245 _____ C:\Users\SERVER\Desktop\charmap.lnk
2016-11-26 19:20 - 2016-11-26 19:20 - 00000833 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2016-11-25 21:30 - 2016-12-06 11:11 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\EurekaLog
2016-11-25 15:52 - 2016-11-25 15:52 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-25 15:52 - 2016-11-25 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-25 15:51 - 2016-11-25 15:52 - 00000000 ____D C:\Program Files\iTunes
2016-11-25 15:51 - 2016-11-25 15:51 - 00000000 ____D C:\Program Files\iPod
2016-11-25 15:51 - 2016-11-25 15:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-11-25 15:49 - 2016-11-25 15:49 - 00000000 ____D C:\Program Files\Bonjour
2016-11-25 15:49 - 2016-11-25 15:49 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-11-25 15:49 - 2016-11-25 15:49 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-11-25 15:30 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2016-11-25 15:29 - 2016-11-25 15:51 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-11-25 15:25 - 2016-11-25 15:25 - 00000000 ____D C:\Windows\system32\appmgmt
2016-11-25 01:36 - 2016-11-25 01:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-25 01:28 - 2016-11-25 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ripstone
2016-11-24 23:48 - 2016-11-24 23:52 - 01641656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-11-24 23:40 - 2016-11-24 23:40 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-11-24 23:38 - 2016-12-04 06:39 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\DAEMON Tools Lite
2016-11-24 23:38 - 2016-11-24 23:38 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-11-24 23:02 - 2016-11-24 23:38 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-11-24 22:50 - 2016-11-24 22:50 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-11-24 22:49 - 2016-11-24 22:49 - 00000000 ____D C:\Users\SERVER\AppData\Local\Bluestacks
2016-11-24 02:52 - 2016-11-25 21:32 - 00000000 ____D C:\Users\SERVER\Desktop\Pure.Chess.Grandmaster.Edition-SKIDROW
2016-11-24 02:51 - 2016-11-24 02:52 - 00018061 _____ C:\Users\SERVER\Downloads\Pure.Chess.Grandmaster.Edition-SKIDROW.torrent
2016-11-22 13:55 - 2016-12-15 18:28 - 01739264 ___SH C:\Users\SERVER\Desktop\Thumbs.db
2016-11-22 12:58 - 2016-11-22 12:56 - 02440546 ___SH C:\Users\SERVER\AppData\Local\CSIDL_X
2016-11-22 12:58 - 2016-11-22 12:56 - 02440546 ___SH C:\Users\SERVER\AppData\Local\CSIDL_
2016-11-22 12:36 - 2016-11-22 12:36 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Eziriz
2016-11-22 12:35 - 2016-11-22 12:35 - 00000000 __HDC C:\ProgramData\{5D14B84F-03AF-49ED-AD37-667086D39ECE}
2016-11-22 12:35 - 2016-11-22 12:35 - 00000000 ____D C:\Users\SERVER\Documents\.NET Reactor SDK Test Apps
2016-11-22 12:35 - 2016-11-22 12:35 - 00000000 ____D C:\Program Files (x86)\Eziriz
2016-11-22 11:58 - 2016-11-22 11:58 - 00000000 ____D C:\1d5726ff0349f1ad700bc5d72a2f
2016-11-22 05:26 - 2016-11-22 05:26 - 00000000 ____D C:\Users\SERVER\Documents\CPY_SAVES
2016-11-22 02:47 - 2016-11-22 02:54 - 24965896 _____ C:\Users\SERVER\Downloads\Iboga Live Video Facebook_v1.7_apkpure.com.apk
2016-11-22 02:07 - 2016-08-10 10:07 - 00088248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140 (2).dll
2016-11-22 01:26 - 2016-11-25 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2016-11-21 18:30 - 2007-07-27 21:46 - 00000183 _____ C:\Users\SERVER\Desktop\delXP.bat
2016-11-19 20:31 - 2016-11-19 20:32 - 02802362 _____ C:\Users\SERVER\Downloads\DigDeep Image Recovery_v2.2_apkpure.com.apk
2016-11-18 20:12 - 2016-11-18 20:12 - 08299631 _____ C:\Users\SERVER\Downloads\Photo Pattern Lock Screen DIY_v1.4_apkpure.com.apk
2016-11-18 00:35 - 2016-11-18 00:35 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\ObviousIdea
2016-11-18 00:35 - 2016-11-18 00:35 - 00000000 ____D C:\Users\SERVER\AppData\Local\ObviousIdea
2016-11-17 15:06 - 2016-11-17 15:06 - 00957128 _____ (Microsoft Corporation) C:\Users\SERVER\Downloads\SaveAsPDFandXPS.exe
2016-11-17 15:00 - 2016-11-17 15:00 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-11-15 18:46 - 2016-11-16 09:33 - 00014879 ____H C:\Users\SERVER\Desktop\~WRL0005.tmp
2016-11-15 14:39 - 2016-11-15 14:39 - 00342321 _____ C:\Users\SERVER\Downloads\Office of International Leaderships.pdf
2016-11-15 00:36 - 2016-11-18 04:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-11-15 00:36 - 2016-11-15 00:36 - 00000000 ____D C:\Users\SERVER\AppData\Local\CEF

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-12-15 19:11 - 2016-10-28 23:00 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-15 18:59 - 2016-10-28 23:27 - 00000000 ____D C:\Users\SERVER\Downloads\Video
2016-12-15 18:07 - 2010-11-21 07:19 - 00746916 _____ C:\Windows\system32\perfh00C.dat
2016-12-15 18:07 - 2010-11-21 07:19 - 00149440 _____ C:\Windows\system32\perfc00C.dat
2016-12-15 18:07 - 2009-07-14 06:13 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-15 18:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-15 13:58 - 2016-10-28 23:27 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\DMCache
2016-12-15 13:57 - 2016-10-28 23:27 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\IDM
2016-12-15 11:25 - 2016-10-29 01:51 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Skype
2016-12-15 10:17 - 2016-11-02 01:28 - 00000000 ____D C:\ProgramData\TEMP
2016-12-15 08:48 - 2009-07-14 05:45 - 00033712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-15 08:48 - 2009-07-14 05:45 - 00033712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-15 08:40 - 2016-10-28 22:59 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-15 08:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-15 04:02 - 2016-11-02 02:02 - 00000286 _____ C:\Windows\Tasks\DLL-Files FixerASKUSER.job
2016-12-15 04:00 - 2016-10-28 23:27 - 00000000 ____D C:\Users\SERVER\Downloads\Compressed
2016-12-14 20:54 - 2009-07-14 06:08 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-14 14:09 - 2016-10-28 23:30 - 00000000 ____D C:\Program Files (x86)\netcut
2016-12-14 03:23 - 2016-10-29 00:15 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\vlc
2016-12-13 15:26 - 2016-10-29 00:06 - 00000000 ____D C:\Users\SERVER\Desktop\Nouveau dossier (3)
2016-12-13 05:20 - 2016-10-30 13:55 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-12-12 20:00 - 2016-11-02 03:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-12 19:59 - 2016-11-07 04:06 - 00000000 ____D C:\Users\SERVER\AppData\Local\Ubisoft Game Launcher
2016-12-12 19:54 - 2016-10-30 13:55 - 00000000 ____D C:\Program Files (x86)\DriverPack Notifier
2016-12-12 19:18 - 2016-10-29 00:06 - 00000000 ____D C:\Users\SERVER\Desktop\fedouha
2016-12-11 11:04 - 2016-10-29 00:06 - 00000000 ____D C:\Users\SERVER\Desktop\بحوث
2016-12-10 06:54 - 2016-10-28 23:27 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-12-09 20:17 - 2016-10-28 23:01 - 00002153 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-09 20:17 - 2016-10-28 23:01 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-09 11:13 - 2016-11-08 12:09 - 00000000 ___RD C:\Users\SERVER\Documents\MEGA
2016-12-09 11:13 - 2016-11-08 12:06 - 00000000 ____D C:\Users\SERVER\AppData\Local\MEGAsync
2016-12-09 03:39 - 2016-10-28 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\handyCafe
2016-12-08 15:50 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-08 15:49 - 2016-10-29 00:07 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Adobe
2016-12-07 17:36 - 2016-10-28 23:00 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-07 04:56 - 2016-11-09 09:36 - 00000000 ____D C:\Windows\pss
2016-12-06 11:38 - 2016-10-28 23:52 - 00000000 ____D C:\ProgramData\handyCafe
2016-12-04 01:07 - 2016-10-29 11:47 - 00000000 ____D C:\Users\SERVER\AppData\Local\Ahead
2016-12-02 23:21 - 2016-10-29 00:06 - 00000000 ____D C:\Users\SERVER\Desktop\إمـــام
2016-12-02 20:46 - 2016-10-28 23:00 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Opera Software
2016-12-02 20:46 - 2016-10-28 23:00 - 00000000 ____D C:\Users\SERVER\AppData\Local\Opera Software
2016-11-30 11:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-30 09:51 - 2016-10-29 02:08 - 00000000 ____D C:\Users\SERVER\AppData\Local\ElevatedDiagnostics
2016-11-29 21:50 - 2016-10-28 21:42 - 00000000 ____D C:\Users\SERVER
2016-11-29 21:49 - 2016-10-28 23:32 - 00000000 ____D C:\Program Files\Recuva
2016-11-25 15:51 - 2016-10-28 23:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-25 15:49 - 2016-10-29 00:03 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-11-25 03:12 - 2016-11-08 12:23 - 00000000 ____D C:\Windows\Minidump
2016-11-25 02:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system
2016-11-25 00:35 - 2016-11-01 22:41 - 00000000 ____D C:\Users\SERVER\AppData\Local\Disc_Soft_Ltd
2016-11-24 18:32 - 2016-10-29 00:04 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Apple Computer
2016-11-24 12:57 - 2016-10-29 01:57 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2016-11-22 14:10 - 2016-10-29 01:57 - 00000000 ____D C:\Users\SERVER\AppData\Roaming\Anvsoft
2016-11-22 05:26 - 2016-10-29 17:19 - 00000000 ____D C:\Users\SERVER\Documents\KONAMI
2016-11-22 05:26 - 2016-10-29 17:19 - 00000000 ____D C:\ProgramData\KONAMI
2016-11-22 02:32 - 2010-11-21 07:29 - 00000000 ___RD C:\Users\Public\Recorded TV

==================== Fichiers à la racine de certains dossiers =======

2016-10-29 02:03 - 2016-10-29 02:03 - 0000056 _____ () C:\Users\SERVER\AppData\Roaming\coreavc.ini
2016-11-22 12:58 - 2016-11-22 12:56 - 2440546 ___SH () C:\Users\SERVER\AppData\Local\CSIDL_
2016-11-22 12:58 - 2016-11-22 12:56 - 2440546 ___SH () C:\Users\SERVER\AppData\Local\CSIDL_X
2016-11-03 22:51 - 2016-11-03 22:51 - 0003584 _____ () C:\Users\SERVER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-10 19:17 - 2016-11-10 19:17 - 0000700 ___SH () C:\Users\SERVER\AppData\Local\systemFL7.dat
2016-11-09 20:02 - 2016-11-09 20:02 - 0004128 _____ () C:\ProgramData\bqeojehc.wbx
2016-10-29 01:57 - 2016-10-29 01:57 - 0004996 _____ () C:\ProgramData\mudtcpaz.vzs

Certains fichiers dans TEMP:
====================
C:\Users\SERVER\AppData\Local\Temp\dllnt_dump.dll
C:\Users\SERVER\AppData\Local\Temp\kernel32.dll
C:\Users\SERVER\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2016-10-28 21:36

==================== Fin de FRST.txt ============================

Signaler le contenu de ce document