Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2017
Exécuté par SAID (administrateur) sur SAID-PC (11-03-2017 15:07:27)
Exécuté depuis C:\Users\SAID\Downloads\Programs
Profils chargés: SAID & Ѕystem (Profils disponibles: SAID & Ѕystem)
Platform: Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AbeGunnerZ Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Performix LLC) C:\Program Files\Adguard\Adguard.exe
(BitTorrent Inc.) C:\Users\SAID\AppData\Roaming\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(PC Remote) C:\Program Files\PC Remote\PC Remote\PCRemote.exe
() C:\Program Files\TP-LINK\Utilitaire de configuration sans fil TP-LINK\TWCU.exe
(BitTorrent Inc.) C:\Users\SAID\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\SAID\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files\Bluestacks\HD-LogRotatorService.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
() C:\Program Files\Oracle\VirtualBox\csrsc.exe
(Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
() C:\Program Files\RogueKiller\RogueKiller.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [2347008 2012-04-26] (AbeGunnerZ Lab)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14696704 2016-01-14] (Realtek Semiconductor)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-02-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3966064 2016-08-24] (Tonec Inc.)
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC)
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [uTorrent] => C:\Users\SAID\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-04] (BitTorrent Inc.)
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [PC Remote Server] => C:\Program Files\PC Remote\PC Remote\PCRemote.exe [1190648 2014-10-12] (PC Remote)
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\MountPoints2: F - F:\Welcome\Welcome.exe
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\MountPoints2: K - K:\Welcome\Welcome.exe
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\MountPoints2: {0fd2530d-a394-11e6-bf97-b8975a82f03a} - L:\iLinker.exe
HKLM\...\Providers\n1quw63i: C:\Program Files\Zretain Agent\local32spl.dll
ShellExecuteHooks: Pas de nom - {81387C70-EEB7-11E6-9E7B-64006A5CFC23} - -> Pas de fichier
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Utilitaire de configuration sans fil TP-LINK.lnk [2016-08-13]
ShortcutTarget: Utilitaire de configuration sans fil TP-LINK.lnk -> C:\Program Files\TP-LINK\Utilitaire de configuration sans fil TP-LINK\TWCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Restriction ? <======= ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39AEFD31-25FF-42DB-88D1-8B9B4A3D6B01}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{39AEFD31-25FF-42DB-88D1-8B9B4A3D6B01}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-18] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 7fyl3rfv.default
FF ProfilePath: C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default [2017-03-11]
FF Homepage: Mozilla\Firefox\Profiles\7fyl3rfv.default -> www.google.com
FF Extension: (FoxyProxy Standard) - C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default\Extensions\foxyproxy@eric.h.jung [2017-01-30]
FF Extension: (IDM integration) - C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default\Extensions\mozilla_cc2@internetdownloadmanager.com [2017-01-26]
FF SearchPlugin: C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default\searchplugins\n1quw63i.xml [2017-02-14]
FF HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\SAID\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\SAID\AppData\Roaming\IDM\idmmzcc5 [2017-03-11] [non signé]
FF HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2012-12-14] (Google)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=69aaf4210b9b94b0cb58570gaz1bamde1caq2gccdq&from=isr&uid=HitachiXHDS5C1032CLA382_JC0411HV3BTULH3BTULHX&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.com/"
CHR Profile: C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-11] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-22]
CHR Extension: (Google Docs) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22]
CHR Extension: (Google Drive) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22]
CHR Extension: (YouTube) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22]
CHR Extension: (Recherche Google) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-08-22]
CHR Extension: (Google Sheets) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-22]
CHR Extension: (Google Docs hors connexion) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-25]
CHR Extension: (IDM Integration Module) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-22]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-08-05]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [151312 2017-02-07] (Performix LLC)
R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [3326976 2010-09-20] (ANSYS, Inc.) [Fichier non signé]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [349048 2017-02-22] (Avira Operations GmbH & Co. KG)
S3 BstHdAndroidSvc; C:\Program Files\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3105144 2013-11-27] (WIBU-SYSTEMS AG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [26624 2016-10-22] (Google Inc.) [Fichier non signé]
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [26624 2016-10-22] (Google Inc.) [Fichier non signé]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [56560 2017-02-01] ()
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [Fichier non signé]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119208 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140840 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2016-08-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-08-14] (Avira Operations GmbH & Co. KG)
S3 BstHdDrv; C:\Program Files\Bluestacks\HD-Hypervisor-x86.sys [139360 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files\Bluestacks\BstkDrv.sys [220216 2016-11-08] (Bluestack System Inc. )
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [156416 2015-10-08] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [867472 2012-12-18] (Realtek Semiconductor Corporation )
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [867472 2012-12-18] (Realtek Semiconductor Corporation )
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113168 2012-12-09] (Power Software Ltd)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-03-09] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Fichier non signé]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-03-11 15:07 - 2017-03-11 15:07 - 00000000 ____D C:\FRST
2017-03-11 12:42 - 2017-03-11 12:42 - 00000000 ____H C:\ProgramData\cm-lock
2017-03-10 03:08 - 2017-03-10 03:09 - 00224671 _____ C:\Users\SAID\Downloads\UC28+%20pricelist.xlsx
2017-03-09 20:18 - 2017-03-09 20:18 - 00001096 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-03-07 03:12 - 2016-10-30 15:52 - 00001923 _____ C:\Users\Public\ystem.vbe
2017-03-07 02:17 - 2017-03-07 02:25 - 00000000 ____D C:\vghd
2017-03-07 02:16 - 2017-03-07 02:16 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-07 02:16 - 2017-03-07 02:16 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-07 02:06 - 2017-03-07 02:06 - 01129376 _____ (Google Inc.) C:\Users\SAID\Downloads\ChromeSetup.exe
2017-03-07 01:58 - 2017-03-07 20:47 - 00000000 ____D C:\Program Files\USB Disk Security
2017-03-07 01:58 - 2017-03-07 01:59 - 00000000 ____D C:\ProgramData\Zbshareware Lab
2017-03-07 01:58 - 2017-03-07 01:58 - 00001032 _____ C:\Users\Public\Desktop\USB Disk Security.lnk
2017-03-07 01:58 - 2017-03-07 01:58 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Zbshareware Lab
2017-03-07 01:58 - 2017-03-07 01:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
2017-03-07 01:28 - 2017-03-07 01:28 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-04 18:02 - 2017-03-11 12:44 - 00000000 ____D C:\Users\Ѕystem\.VirtualBox
2017-03-04 18:02 - 2017-03-04 18:02 - 00000020 ___SH C:\Users\Ѕystem\ntuser.ini
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Voisinage réseau
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Voisinage d'impression
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Modèles
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Mes documents
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Menu Démarrer
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Documents\Mes vidéos
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Documents\Mes images
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Documents\Ma musique
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\AppData\Local\Historique
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 ____D C:\Users\Ѕystem\VirtualBox VMs
2017-03-04 18:02 - 2010-11-21 01:39 - 00000000 ____D C:\Users\Ѕystem\AppData\Roaming\Media Center Programs
2017-03-04 18:01 - 2017-03-07 17:55 - 00000000 _RSHD C:\Users\Ѕystem
2017-03-04 18:00 - 2014-05-16 15:25 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2017-03-04 17:59 - 2017-03-04 17:59 - 00000000 _RSHD C:\Program Files\Oracle
2017-03-04 17:59 - 2014-05-16 15:24 - 00104736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-03-04 17:23 - 2017-03-11 14:12 - 00000000 _RSHD C:\Users\Public\System
2017-03-04 17:23 - 2017-03-04 17:23 - 00000000 ___HD C:\Users\Public\lastbth
2017-03-04 17:23 - 2017-03-04 17:23 - 00000000 _____ C:\Users\Public\System.vbe
2017-03-04 17:23 - 2016-12-20 02:05 - 00004886 __RSH C:\Users\Public\second.vbe
2017-03-04 17:23 - 2016-10-30 15:52 - 00001923 __RSH C:\Users\Public\Ѕystem.vbe
2017-02-23 02:20 - 2017-02-23 02:20 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Wireshark
2017-02-23 02:08 - 2017-02-23 02:08 - 00001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-02-23 02:08 - 2017-02-23 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-02-23 02:08 - 2017-02-23 02:08 - 00000000 ____D C:\Program Files\WinPcap
2017-02-23 02:07 - 2017-02-23 02:07 - 00001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2017-02-23 02:06 - 2017-02-23 02:08 - 00000000 ____D C:\Program Files\Wireshark
2017-02-21 01:05 - 2017-02-21 01:05 - 00001116 _____ C:\Users\SAID\Desktop\PC Remote Server.lnk
2017-02-21 01:05 - 2017-02-21 01:05 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Remote
2017-02-21 01:05 - 2017-02-21 01:05 - 00000000 ____D C:\Program Files\PC Remote
2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Sun
2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\Users\SAID\AppData\LocalLow\Sun
2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\Program Files\Common Files\Java
2017-02-18 01:16 - 2017-02-18 01:15 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-02-18 01:15 - 2017-02-18 01:17 - 00000000 ____D C:\ProgramData\Oracle
2017-02-18 01:15 - 2017-02-18 01:15 - 00000000 ____D C:\Program Files\Java
2017-02-18 00:42 - 2017-02-18 00:46 - 00000000 ____D C:\ProgramData\TEMP
2017-02-18 00:42 - 2017-02-18 00:42 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Anyplace Control 4
2017-02-18 00:42 - 2017-02-18 00:42 - 00000000 ____D C:\ProgramData\Anyplace Control Portable
2017-02-18 00:41 - 2017-02-18 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Desktop Control
2017-02-18 00:41 - 2017-02-18 00:41 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Remote Desktop Control 2
2017-02-18 00:41 - 2017-02-18 00:41 - 00000000 ____D C:\ProgramData\Remote Desktop Control 2
2017-02-18 00:41 - 2017-02-18 00:41 - 00000000 ____D C:\ProgramData\Anyplace Control 4
2017-02-17 14:33 - 2017-02-21 01:05 - 00000000 ____D C:\Users\SAID\AppData\Roaming\PC Remote
2017-02-17 14:28 - 2017-02-23 03:04 - 00000000 ____D C:\Windows\system32\MRT
2017-02-17 14:27 - 2017-02-23 03:01 - 135086848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-17 01:50 - 2017-02-17 01:50 - 00007917 _____ C:\Users\SAID\Downloads\worldgeol
2017-02-17 01:38 - 2017-02-17 01:39 - 00807090 _____ C:\Users\SAID\Downloads\mrds-2017-02-16-19-38-48.kml
2017-02-17 01:24 - 2017-02-17 01:24 - 00164133 _____ C:\Users\SAID\Downloads\mrds-2017-02-16-19-23-27.kml
2017-02-14 02:35 - 2017-02-14 12:04 - 00000000 ____D C:\Program Files\Zretain Agent
2017-02-14 02:35 - 2017-02-14 02:36 - 00000000 ____D C:\Users\SAID\AppData\Local\Grtaing
2017-02-14 00:56 - 2017-02-14 01:12 - 00000000 ____D C:\Program Files\VIRTUAL GIRL-HD
2017-02-09 01:29 - 2017-02-09 01:53 - 00000588 __RSH C:\ProgramData\ntuser.pol
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-03-11 15:09 - 2016-08-13 19:10 - 00000000 ____D C:\ProgramData\Adguard
2017-03-11 15:08 - 2016-08-13 19:27 - 00000000 ____D C:\Users\SAID\AppData\Roaming\uTorrent
2017-03-11 15:06 - 2016-08-13 18:55 - 00000000 ____D C:\Users\SAID\AppData\Roaming\IDM
2017-03-11 15:05 - 2017-01-16 02:05 - 00000000 ____D C:\Users\SAID\AppData\LocalLow\Mozilla
2017-03-11 15:00 - 2010-11-21 01:30 - 00746916 _____ C:\Windows\system32\perfh00C.dat
2017-03-11 15:00 - 2010-11-21 01:30 - 00149440 _____ C:\Windows\system32\perfc00C.dat
2017-03-11 15:00 - 2010-11-20 22:01 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-11 15:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-03-11 14:58 - 2016-11-26 17:52 - 00000000 ____D C:\Users\SAID\Desktop\belaidi photo
2017-03-11 14:47 - 2016-08-13 20:17 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-11 14:46 - 2016-08-13 15:10 - 00000956 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-03-11 12:51 - 2009-07-14 05:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-11 12:51 - 2009-07-14 05:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-11 12:41 - 2017-02-04 22:39 - 00000000 ____D C:\Users\SAID\AppData\LocalLow\uTorrent
2017-03-11 12:41 - 2016-08-13 19:10 - 00000000 ____D C:\Program Files\Adguard
2017-03-11 12:41 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 05:00 - 2016-08-13 18:55 - 00000000 ____D C:\Users\SAID\AppData\Roaming\DMCache
2017-03-11 03:24 - 2017-01-06 00:32 - 00000000 ____D C:\Users\SAID\AppData\Roaming\vlc
2017-03-10 20:05 - 2016-09-11 01:44 - 00000000 ____D C:\Users\SAID\AppData\Local\CrashDumps
2017-03-10 19:20 - 2016-08-14 01:39 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-03-10 02:05 - 2016-08-13 19:10 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-09 20:21 - 2016-08-14 01:42 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-09 20:18 - 2016-08-14 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-08 21:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-03-07 02:33 - 2017-01-12 20:25 - 00016384 _____ C:\Users\SAID\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-07 02:16 - 2016-08-13 19:09 - 00000000 ____D C:\Program Files\Google
2017-03-07 01:52 - 2016-08-13 23:42 - 00000000 ____D C:\AdwCleaner
2017-03-07 01:28 - 2017-01-15 01:36 - 00000000 ____D C:\Program Files\OttPlayer
2017-02-27 00:12 - 2016-08-15 01:37 - 00000000 ____D C:\Users\SAID\AppData\Local\ElevatedDiagnostics
2017-02-26 21:01 - 2016-08-13 19:11 - 00000262 _____ C:\Windows\system32\Drivers\vwifikerneldrv.sys
2017-02-26 21:01 - 2016-08-13 19:11 - 00000262 _____ C:\Windows\system32\d3dx9_11.dll.tmp
2017-02-26 21:01 - 2016-08-13 19:11 - 00000262 _____ C:\ProgramData\fontcacheev1.dat
2017-02-23 11:31 - 2016-08-13 15:08 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-02-21 01:17 - 2017-01-09 00:28 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2017-02-21 00:44 - 2009-07-14 05:53 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-18 13:18 - 2016-08-13 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2017-02-18 03:18 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-17 14:36 - 2017-01-14 01:00 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-15 01:14 - 2016-08-13 14:24 - 00000000 ____D C:\Program Files\WinRAR
2017-02-14 23:49 - 2016-08-13 20:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-14 23:49 - 2016-08-13 20:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-14 23:49 - 2016-08-13 20:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 02:38 - 2016-08-13 14:24 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-14 02:38 - 2016-08-13 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-11 02:52 - 2017-01-31 18:00 - 00000000 ____D C:\Users\SAID\AppData\Roaming\PGWARE
2017-02-09 01:27 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
==================== Fichiers à la racine de certains dossiers =======
2016-12-16 18:16 - 2016-12-16 18:16 - 0000055 _____ () C:\Users\SAID\AppData\Roaming\MouseServer.ini
2017-01-12 20:25 - 2017-03-07 02:33 - 0016384 _____ () C:\Users\SAID\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-13 22:25 - 2016-08-13 22:25 - 0007602 _____ () C:\Users\SAID\AppData\Local\Resmon.ResmonCfg
2017-01-14 01:01 - 2016-11-23 14:37 - 0000570 _____ () C:\Users\SAID\AppData\Local\TroubleshooterConfig.json
2016-12-20 00:53 - 2016-12-20 00:55 - 0002099 _____ () C:\Users\SAID\AppData\Local\WiDiSetupLog.20161220.005333.txt
2017-03-11 12:42 - 2017-03-11 12:42 - 0000000 ____H () C:\ProgramData\cm-lock
2016-08-13 19:11 - 2017-02-26 21:01 - 0000262 _____ () C:\ProgramData\fontcacheev1.dat
Fichiers à déplacer ou supprimer:
====================
C:\ProgramData\fontcacheev1.dat
Certains fichiers dans TEMP:
====================
2017-03-11 14:59 - 2016-10-11 16:21 - 1310528 _____ (Microsoft Corporation) C:\Users\SAID\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-03-04 05:25
==================== Fin de FRST.txt ============================
Exécuté par SAID (administrateur) sur SAID-PC (11-03-2017 15:07:27)
Exécuté depuis C:\Users\SAID\Downloads\Programs
Profils chargés: SAID & Ѕystem (Profils disponibles: SAID & Ѕystem)
Platform: Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AbeGunnerZ Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Performix LLC) C:\Program Files\Adguard\Adguard.exe
(BitTorrent Inc.) C:\Users\SAID\AppData\Roaming\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(PC Remote) C:\Program Files\PC Remote\PC Remote\PCRemote.exe
() C:\Program Files\TP-LINK\Utilitaire de configuration sans fil TP-LINK\TWCU.exe
(BitTorrent Inc.) C:\Users\SAID\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\SAID\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files\Bluestacks\HD-LogRotatorService.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansyslmd.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
() C:\Program Files\Oracle\VirtualBox\csrsc.exe
(Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
() C:\Program Files\RogueKiller\RogueKiller.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registre (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [2347008 2012-04-26] (AbeGunnerZ Lab)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14696704 2016-01-14] (Realtek Semiconductor)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-02-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3966064 2016-08-24] (Tonec Inc.)
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC)
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [uTorrent] => C:\Users\SAID\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-04] (BitTorrent Inc.)
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Run: [PC Remote Server] => C:\Program Files\PC Remote\PC Remote\PCRemote.exe [1190648 2014-10-12] (PC Remote)
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\MountPoints2: F - F:\Welcome\Welcome.exe
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\MountPoints2: K - K:\Welcome\Welcome.exe
HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\MountPoints2: {0fd2530d-a394-11e6-bf97-b8975a82f03a} - L:\iLinker.exe
HKLM\...\Providers\n1quw63i: C:\Program Files\Zretain Agent\local32spl.dll
ShellExecuteHooks: Pas de nom - {81387C70-EEB7-11E6-9E7B-64006A5CFC23} - -> Pas de fichier
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Utilitaire de configuration sans fil TP-LINK.lnk [2016-08-13]
ShortcutTarget: Utilitaire de configuration sans fil TP-LINK.lnk -> C:\Program Files\TP-LINK\Utilitaire de configuration sans fil TP-LINK\TWCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Restriction ? <======= ATTENTION
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39AEFD31-25FF-42DB-88D1-8B9B4A3D6B01}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{39AEFD31-25FF-42DB-88D1-8B9B4A3D6B01}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-18] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 7fyl3rfv.default
FF ProfilePath: C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default [2017-03-11]
FF Homepage: Mozilla\Firefox\Profiles\7fyl3rfv.default -> www.google.com
FF Extension: (FoxyProxy Standard) - C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default\Extensions\foxyproxy@eric.h.jung [2017-01-30]
FF Extension: (IDM integration) - C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default\Extensions\mozilla_cc2@internetdownloadmanager.com [2017-01-26]
FF SearchPlugin: C:\Users\SAID\AppData\Roaming\Mozilla\Firefox\Profiles\7fyl3rfv.default\searchplugins\n1quw63i.xml [2017-02-14]
FF HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-08-03]
FF HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\SAID\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\SAID\AppData\Roaming\IDM\idmmzcc5 [2017-03-11] [non signé]
FF HKU\S-1-5-21-3308630520-2618547223-1584624538-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2012-12-14] (Google)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=69aaf4210b9b94b0cb58570gaz1bamde1caq2gccdq&from=isr&uid=HitachiXHDS5C1032CLA382_JC0411HV3BTULH3BTULHX&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.com/"
CHR Profile: C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-11] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-22]
CHR Extension: (Google Docs) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22]
CHR Extension: (Google Drive) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22]
CHR Extension: (YouTube) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22]
CHR Extension: (Recherche Google) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-08-22]
CHR Extension: (Google Sheets) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-22]
CHR Extension: (Google Docs hors connexion) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-25]
CHR Extension: (IDM Integration Module) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-22]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\SAID\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-08-05]
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [151312 2017-02-07] (Performix LLC)
R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [3326976 2010-09-20] (ANSYS, Inc.) [Fichier non signé]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [349048 2017-02-22] (Avira Operations GmbH & Co. KG)
S3 BstHdAndroidSvc; C:\Program Files\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3105144 2013-11-27] (WIBU-SYSTEMS AG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [26624 2016-10-22] (Google Inc.) [Fichier non signé]
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [26624 2016-10-22] (Google Inc.) [Fichier non signé]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [56560 2017-02-01] ()
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [Fichier non signé]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119208 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140840 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2016-08-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-08-14] (Avira Operations GmbH & Co. KG)
S3 BstHdDrv; C:\Program Files\Bluestacks\HD-Hypervisor-x86.sys [139360 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files\Bluestacks\BstkDrv.sys [220216 2016-11-08] (Bluestack System Inc. )
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [156416 2015-10-08] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [867472 2012-12-18] (Realtek Semiconductor Corporation )
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [867472 2012-12-18] (Realtek Semiconductor Corporation )
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113168 2012-12-09] (Power Software Ltd)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-03-09] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Fichier non signé]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-03-11 15:07 - 2017-03-11 15:07 - 00000000 ____D C:\FRST
2017-03-11 12:42 - 2017-03-11 12:42 - 00000000 ____H C:\ProgramData\cm-lock
2017-03-10 03:08 - 2017-03-10 03:09 - 00224671 _____ C:\Users\SAID\Downloads\UC28+%20pricelist.xlsx
2017-03-09 20:18 - 2017-03-09 20:18 - 00001096 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-03-07 03:12 - 2016-10-30 15:52 - 00001923 _____ C:\Users\Public\ystem.vbe
2017-03-07 02:17 - 2017-03-07 02:25 - 00000000 ____D C:\vghd
2017-03-07 02:16 - 2017-03-07 02:16 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-07 02:16 - 2017-03-07 02:16 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-07 02:06 - 2017-03-07 02:06 - 01129376 _____ (Google Inc.) C:\Users\SAID\Downloads\ChromeSetup.exe
2017-03-07 01:58 - 2017-03-07 20:47 - 00000000 ____D C:\Program Files\USB Disk Security
2017-03-07 01:58 - 2017-03-07 01:59 - 00000000 ____D C:\ProgramData\Zbshareware Lab
2017-03-07 01:58 - 2017-03-07 01:58 - 00001032 _____ C:\Users\Public\Desktop\USB Disk Security.lnk
2017-03-07 01:58 - 2017-03-07 01:58 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Zbshareware Lab
2017-03-07 01:58 - 2017-03-07 01:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
2017-03-07 01:28 - 2017-03-07 01:28 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-04 18:02 - 2017-03-11 12:44 - 00000000 ____D C:\Users\Ѕystem\.VirtualBox
2017-03-04 18:02 - 2017-03-04 18:02 - 00000020 ___SH C:\Users\Ѕystem\ntuser.ini
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Voisinage réseau
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Voisinage d'impression
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Modèles
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Mes documents
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Menu Démarrer
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Documents\Mes vidéos
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Documents\Mes images
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\Documents\Ma musique
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 _SHDL C:\Users\Ѕystem\AppData\Local\Historique
2017-03-04 18:02 - 2017-03-04 18:02 - 00000000 ____D C:\Users\Ѕystem\VirtualBox VMs
2017-03-04 18:02 - 2010-11-21 01:39 - 00000000 ____D C:\Users\Ѕystem\AppData\Roaming\Media Center Programs
2017-03-04 18:01 - 2017-03-07 17:55 - 00000000 _RSHD C:\Users\Ѕystem
2017-03-04 18:00 - 2014-05-16 15:25 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2017-03-04 17:59 - 2017-03-04 17:59 - 00000000 _RSHD C:\Program Files\Oracle
2017-03-04 17:59 - 2014-05-16 15:24 - 00104736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-03-04 17:23 - 2017-03-11 14:12 - 00000000 _RSHD C:\Users\Public\System
2017-03-04 17:23 - 2017-03-04 17:23 - 00000000 ___HD C:\Users\Public\lastbth
2017-03-04 17:23 - 2017-03-04 17:23 - 00000000 _____ C:\Users\Public\System.vbe
2017-03-04 17:23 - 2016-12-20 02:05 - 00004886 __RSH C:\Users\Public\second.vbe
2017-03-04 17:23 - 2016-10-30 15:52 - 00001923 __RSH C:\Users\Public\Ѕystem.vbe
2017-02-23 02:20 - 2017-02-23 02:20 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Wireshark
2017-02-23 02:08 - 2017-02-23 02:08 - 00001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-02-23 02:08 - 2017-02-23 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-02-23 02:08 - 2017-02-23 02:08 - 00000000 ____D C:\Program Files\WinPcap
2017-02-23 02:07 - 2017-02-23 02:07 - 00001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2017-02-23 02:06 - 2017-02-23 02:08 - 00000000 ____D C:\Program Files\Wireshark
2017-02-21 01:05 - 2017-02-21 01:05 - 00001116 _____ C:\Users\SAID\Desktop\PC Remote Server.lnk
2017-02-21 01:05 - 2017-02-21 01:05 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Remote
2017-02-21 01:05 - 2017-02-21 01:05 - 00000000 ____D C:\Program Files\PC Remote
2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Sun
2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\Users\SAID\AppData\LocalLow\Sun
2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-18 01:16 - 2017-02-18 01:16 - 00000000 ____D C:\Program Files\Common Files\Java
2017-02-18 01:16 - 2017-02-18 01:15 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-02-18 01:15 - 2017-02-18 01:17 - 00000000 ____D C:\ProgramData\Oracle
2017-02-18 01:15 - 2017-02-18 01:15 - 00000000 ____D C:\Program Files\Java
2017-02-18 00:42 - 2017-02-18 00:46 - 00000000 ____D C:\ProgramData\TEMP
2017-02-18 00:42 - 2017-02-18 00:42 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Anyplace Control 4
2017-02-18 00:42 - 2017-02-18 00:42 - 00000000 ____D C:\ProgramData\Anyplace Control Portable
2017-02-18 00:41 - 2017-02-18 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Desktop Control
2017-02-18 00:41 - 2017-02-18 00:41 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Remote Desktop Control 2
2017-02-18 00:41 - 2017-02-18 00:41 - 00000000 ____D C:\ProgramData\Remote Desktop Control 2
2017-02-18 00:41 - 2017-02-18 00:41 - 00000000 ____D C:\ProgramData\Anyplace Control 4
2017-02-17 14:33 - 2017-02-21 01:05 - 00000000 ____D C:\Users\SAID\AppData\Roaming\PC Remote
2017-02-17 14:28 - 2017-02-23 03:04 - 00000000 ____D C:\Windows\system32\MRT
2017-02-17 14:27 - 2017-02-23 03:01 - 135086848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-17 01:50 - 2017-02-17 01:50 - 00007917 _____ C:\Users\SAID\Downloads\worldgeol
2017-02-17 01:38 - 2017-02-17 01:39 - 00807090 _____ C:\Users\SAID\Downloads\mrds-2017-02-16-19-38-48.kml
2017-02-17 01:24 - 2017-02-17 01:24 - 00164133 _____ C:\Users\SAID\Downloads\mrds-2017-02-16-19-23-27.kml
2017-02-14 02:35 - 2017-02-14 12:04 - 00000000 ____D C:\Program Files\Zretain Agent
2017-02-14 02:35 - 2017-02-14 02:36 - 00000000 ____D C:\Users\SAID\AppData\Local\Grtaing
2017-02-14 00:56 - 2017-02-14 01:12 - 00000000 ____D C:\Program Files\VIRTUAL GIRL-HD
2017-02-09 01:29 - 2017-02-09 01:53 - 00000588 __RSH C:\ProgramData\ntuser.pol
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2017-03-11 15:09 - 2016-08-13 19:10 - 00000000 ____D C:\ProgramData\Adguard
2017-03-11 15:08 - 2016-08-13 19:27 - 00000000 ____D C:\Users\SAID\AppData\Roaming\uTorrent
2017-03-11 15:06 - 2016-08-13 18:55 - 00000000 ____D C:\Users\SAID\AppData\Roaming\IDM
2017-03-11 15:05 - 2017-01-16 02:05 - 00000000 ____D C:\Users\SAID\AppData\LocalLow\Mozilla
2017-03-11 15:00 - 2010-11-21 01:30 - 00746916 _____ C:\Windows\system32\perfh00C.dat
2017-03-11 15:00 - 2010-11-21 01:30 - 00149440 _____ C:\Windows\system32\perfc00C.dat
2017-03-11 15:00 - 2010-11-20 22:01 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-11 15:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-03-11 14:58 - 2016-11-26 17:52 - 00000000 ____D C:\Users\SAID\Desktop\belaidi photo
2017-03-11 14:47 - 2016-08-13 20:17 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-11 14:46 - 2016-08-13 15:10 - 00000956 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-03-11 12:51 - 2009-07-14 05:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-11 12:51 - 2009-07-14 05:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-11 12:41 - 2017-02-04 22:39 - 00000000 ____D C:\Users\SAID\AppData\LocalLow\uTorrent
2017-03-11 12:41 - 2016-08-13 19:10 - 00000000 ____D C:\Program Files\Adguard
2017-03-11 12:41 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 05:00 - 2016-08-13 18:55 - 00000000 ____D C:\Users\SAID\AppData\Roaming\DMCache
2017-03-11 03:24 - 2017-01-06 00:32 - 00000000 ____D C:\Users\SAID\AppData\Roaming\vlc
2017-03-10 20:05 - 2016-09-11 01:44 - 00000000 ____D C:\Users\SAID\AppData\Local\CrashDumps
2017-03-10 19:20 - 2016-08-14 01:39 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-03-10 02:05 - 2016-08-13 19:10 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-09 20:21 - 2016-08-14 01:42 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-09 20:18 - 2016-08-14 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-08 21:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-03-07 02:33 - 2017-01-12 20:25 - 00016384 _____ C:\Users\SAID\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-07 02:16 - 2016-08-13 19:09 - 00000000 ____D C:\Program Files\Google
2017-03-07 01:52 - 2016-08-13 23:42 - 00000000 ____D C:\AdwCleaner
2017-03-07 01:28 - 2017-01-15 01:36 - 00000000 ____D C:\Program Files\OttPlayer
2017-02-27 00:12 - 2016-08-15 01:37 - 00000000 ____D C:\Users\SAID\AppData\Local\ElevatedDiagnostics
2017-02-26 21:01 - 2016-08-13 19:11 - 00000262 _____ C:\Windows\system32\Drivers\vwifikerneldrv.sys
2017-02-26 21:01 - 2016-08-13 19:11 - 00000262 _____ C:\Windows\system32\d3dx9_11.dll.tmp
2017-02-26 21:01 - 2016-08-13 19:11 - 00000262 _____ C:\ProgramData\fontcacheev1.dat
2017-02-23 11:31 - 2016-08-13 15:08 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-02-21 01:17 - 2017-01-09 00:28 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2017-02-21 00:44 - 2009-07-14 05:53 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-18 13:18 - 2016-08-13 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2017-02-18 03:18 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-17 14:36 - 2017-01-14 01:00 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-15 01:14 - 2016-08-13 14:24 - 00000000 ____D C:\Program Files\WinRAR
2017-02-14 23:49 - 2016-08-13 20:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-14 23:49 - 2016-08-13 20:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-14 23:49 - 2016-08-13 20:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 02:38 - 2016-08-13 14:24 - 00000000 ____D C:\Users\SAID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-14 02:38 - 2016-08-13 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-11 02:52 - 2017-01-31 18:00 - 00000000 ____D C:\Users\SAID\AppData\Roaming\PGWARE
2017-02-09 01:27 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
==================== Fichiers à la racine de certains dossiers =======
2016-12-16 18:16 - 2016-12-16 18:16 - 0000055 _____ () C:\Users\SAID\AppData\Roaming\MouseServer.ini
2017-01-12 20:25 - 2017-03-07 02:33 - 0016384 _____ () C:\Users\SAID\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-13 22:25 - 2016-08-13 22:25 - 0007602 _____ () C:\Users\SAID\AppData\Local\Resmon.ResmonCfg
2017-01-14 01:01 - 2016-11-23 14:37 - 0000570 _____ () C:\Users\SAID\AppData\Local\TroubleshooterConfig.json
2016-12-20 00:53 - 2016-12-20 00:55 - 0002099 _____ () C:\Users\SAID\AppData\Local\WiDiSetupLog.20161220.005333.txt
2017-03-11 12:42 - 2017-03-11 12:42 - 0000000 ____H () C:\ProgramData\cm-lock
2016-08-13 19:11 - 2017-02-26 21:01 - 0000262 _____ () C:\ProgramData\fontcacheev1.dat
Fichiers à déplacer ou supprimer:
====================
C:\ProgramData\fontcacheev1.dat
Certains fichiers dans TEMP:
====================
2017-03-11 14:59 - 2016-10-11 16:21 - 1310528 _____ (Microsoft Corporation) C:\Users\SAID\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2017-03-04 05:25
==================== Fin de FRST.txt ============================