Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016 Exécuté par priver (administrateur) sur PENTIUM4 (26-04-2016 15:48:13) Exécuté depuis C:\Documents and Settings\priver\Mes documents\Downloads\Programs Profils chargés: priver (Profils disponibles: priver) Platform: Microsoft Windows XP Professionnel Service Pack 3 (X86) Langue: Français (France) Internet Explorer Version 8 (Navigateur par défaut: FF) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe (S3 Graphics Co., Ltd.) C:\WINDOWS\system32\S3Trayp.exe () C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe () C:\Program Files\Windows Alerter\WinAlert.exe () C:\Program Files\Windows Common Files\Commgr.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (BitTorrent Inc.) C:\Documents and Settings\priver\Application Data\uTorrent\uTorrent.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (BitTorrent Inc.) C:\Documents and Settings\priver\Application Data\uTorrent\updates\3.4.6_42094\utorrentie.exe (BitTorrent Inc.) C:\Documents and Settings\priver\Application Data\uTorrent\updates\3.4.6_42094\utorrentie.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [] => [X] HKLM\...\Run: [VTTimer] => C:\WINDOWS\system32\VTTimer.exe [53248 2006-09-21] (S3 Graphics, Inc.) HKLM\...\Run: [S3Trayp] => C:\WINDOWS\system32\S3trayp.exe [176128 2007-06-11] (S3 Graphics Co., Ltd.) HKLM\...\Run: [WindowMessenger] => C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe [376832 2016-04-06] () HKLM\...\Run: [Windows Alerter] => C:\Program Files\Windows Alerter\WinAlert.exe [376832 2016-04-06] () HKLM\...\Run: [Windows Common Files Manager] => C:\Program Files\Windows Common Files\Commgr.exe [376832 2016-04-06] () HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3907152 2015-08-15] (Tonec Inc.) HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [uTorrent] => C:\Documents and Settings\priver\Application Data\uTorrent\uTorrent.exe [1959424 2016-04-08] (BitTorrent Inc.) HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd) HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [Windows Common Files Manager] => C:\Program Files\Windows Common Files\Commgr.exe [376832 2016-04-06] () HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [WindowMessenger] => C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe [376832 2016-04-06] () HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [Windows Alerter] => C:\Program Files\Windows Alerter\WinAlert.exe [376832 2016-04-06] () HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {47e34488-f828-11e5-8151-001bb9b527fa} - E:\RECYCLER\SuZzWmE.exe HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {8b64e926-fda2-11e5-8160-001bb9b527fa} - E:\RECYCLER\FkCxPqN.exe HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {916b19e1-cb47-11e5-80ef-001bb9b527fa} - E:\مكتبة-طالب-العلم-الرقمية.exe HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {a47b447d-810b-11dc-a17b-806d6172696f} - E:\setup.exe HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [Fichiers hors connexion] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll [2008-04-13] (Microsoft Corporation) Startup: C:\Documents and Settings\priver\Menu Démarrer\Programmes\Démarrage\ 30 ( 59 60 ) - .mp4.lnk [2015-02-14] ShortcutTarget: 30 ( 59 60 ) - .mp4.lnk -> C:\Documents and Settings\All Users\Application Data\{ffbd0fce-b2ab-ac9b-ffbd-d0fceb2a3f3a}\ 30 ( 59 60 ) - .mp4.exe (Pas de fichier) Startup: C:\Documents and Settings\priver\Menu Démarrer\Programmes\Démarrage\Download.lnk [2015-02-14] ShortcutTarget: Download.lnk -> C:\Documents and Settings\All Users\Application Data\{67cce07f-dc8e-ac80-67cc-ce07fdc881ff}\Download.exe (Pas de fichier) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{BFC872FC-913F-4913-9890-992876379784}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.com HKU\S-1-5-21-1708537768-484763869-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.dz/ HKU\S-1-5-21-1708537768-484763869-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par 01net.com HKU\S-1-5-21-1708537768-484763869-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.01net.com/telecharger/ hxxp://www.01men.com/ URLSearchHook: [S-1-5-21-1708537768-484763869-1606980848-1003] ATTENTION => URLSearchHook par défaut est absent SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL = SearchScopes: HKU\S-1-5-21-1708537768-484763869-1606980848-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKU\S-1-5-21-1708537768-484763869-1606980848-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-07-08] (Internet Download Manager, Tonec Inc.) Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll [2009-05-23] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Documents and Settings\priver\Application Data\Mozilla\Firefox\Profiles\ob5lwmzm.default FF NewTab: about:newtab FF SelectedSearchEngine: Search Provided by Yahoo FF Homepage: hxxp://www.google.dz/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2007-10-23] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.) FF SearchPlugin: C:\Documents and Settings\priver\Application Data\Mozilla\Firefox\Profiles\ob5lwmzm.default\searchplugins\Search Provided by Yahoo.xml [2016-04-18] FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-08-14] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Pas de nom - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2015-09-04] [non signé] FF HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://www.google.dz/ CHR StartupUrls: Default -> "hxxp://www.hohosearch.com/?mode=nnnb&ptid=isr&uid=700AF31965BC1BE439649CF6DEED878D&v=20160415&ts=AHEqA3UpAXUtC0.." CHR Profile: C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-17] CHR Extension: (Google Docs) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Drive) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Search and Replace) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bldchfkhmnkoimaciljpilanilmbnofo [2015-07-26] [UpdateUrl: hxxps://mynamedomain.koko/00] <==== ATTENTION CHR Extension: (YouTube) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION CHR Extension: (Recherche Google) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION CHR Extension: (Google Docs hors connexion) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Google Wallet) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Gmail) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION CHR Extension: (EaxstraCuoupon) - C:\Documents and Settings\All Users\Application Data\hkobgidnbdabbcghenamilbflajbipfo\ [] CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10] CHR HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Avec liste blanche) ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) "d51a71667b27960" => service n'a pas pu être déverrouillé. <===== ATTENTION R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG) S2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2007-10-23] (Sun Microsystems, Inc.) S3 ose; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation) S3 osppsvc; C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation) S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X] S2 SstrprSrv; "C:\Program Files\Sosition\SstrprSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X] ===================== Pilotes (Avec liste blanche) ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-12-04] (VIA Technologies, Inc. ) [Fichier non signé] S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [128528 2015-06-12] (Tonec Inc.) R3 S3GIGP; C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys [714240 2007-07-11] (S3 Graphics Co., Ltd.) [Fichier non signé] U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2016-04-23] () R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-01] (VIA Technologies, Inc.) R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [208384 2007-10-16] (VIA Technologies, Inc.) U5 d51a71667b27960; C:\Windows\System32\Drivers\d51a71667b27960.sys [86656 2015-10-02] () <===== ATTENTION Necurs Rootkit? S4 IntelIde; pas de ImagePath U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [Fichier non signé] U1 WS2IFSL; pas de ImagePath ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-04-26 09:42 - 2016-04-26 09:42 - 00000000 ____H C:\Documents and Settings\All Users\Application Data\cm-lock 2016-04-23 17:18 - 2016-04-26 15:47 - 00000000 ____D C:\FRST 2016-04-23 02:38 - 2016-04-23 02:38 - 00008040 _____ C:\Documents and Settings\priver\Mes documents\txt.txt 2016-04-20 07:15 - 2016-04-23 01:40 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2016-04-20 07:15 - 2016-04-20 07:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller 2016-04-19 17:11 - 2016-04-19 17:11 - 00000000 ____D C:\Program Files\ESET 2016-04-18 04:43 - 2016-04-18 04:43 - 00000376 __RSH C:\Documents and Settings\All Users\ntuser.pol 2016-04-18 04:43 - 2016-04-18 04:43 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-04-18 04:01 - 2016-04-18 04:01 - 00002088 _____ C:\Documents and Settings\priver\Bureau\Hetman Partition Recovery.lnk 2016-04-18 04:01 - 2016-04-18 04:01 - 00000000 ____D C:\Program Files\Hetman Software 2016-04-18 04:01 - 2016-04-18 04:01 - 00000000 ____D C:\Documents and Settings\priver\Menu Démarrer\Programmes\Hetman Software 2016-04-18 04:01 - 2015-02-28 15:05 - 14883995 _____ C:\Documents and Settings\priver\Mes documents\hetman_partition_recovery.exe 2016-04-18 03:58 - 2016-04-18 04:00 - 14882146 _____ C:\Documents and Settings\priver\Mes documents\top4top_1a55b27c711.rar 2016-04-18 03:42 - 2016-04-18 03:42 - 00000000 ____D C:\Program Files\CodeMeter 2016-04-18 03:42 - 2016-04-18 03:42 - 00000000 ____D C:\Documents and Settings\priver\Menu Démarrer\Programmes\Recover My Files v5 2016-04-18 03:42 - 2012-07-19 15:18 - 00666024 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\system32\WibuCm32.dll 2016-04-17 02:43 - 2016-04-17 02:43 - 00005120 _____ C:\Documents and Settings\priver\Application Data\GiftBag.db 2016-04-17 02:41 - 2016-04-17 02:41 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Tencent 2016-04-17 02:29 - 2016-04-26 15:30 - 00001496 _____ C:\WINDOWS\Tasks\Sosition Reports.job 2016-04-17 02:29 - 2016-04-17 02:31 - 00000000 ____D C:\Documents and Settings\priver\Local Settings\Application Data\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-04-17 01:36 - 2016-04-17 01:36 - 00001512 _____ C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk 2016-04-17 01:36 - 2016-04-17 01:36 - 00000000 ____D C:\Program Files\ZHPFix 2016-04-17 01:36 - 2016-04-17 01:36 - 00000000 ____D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP 2016-04-17 00:48 - 2016-04-25 22:53 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\EaseUS Data Recovery Wizard 9.8 Technician 2016-04-17 00:36 - 2016-04-17 02:06 - 00000000 ____D C:\Documents and Settings\priver\Application Data\ZHP 2016-04-17 00:36 - 2016-04-17 00:36 - 00000802 _____ C:\Documents and Settings\priver\Bureau\ZHPDiag.lnk 2016-04-17 00:25 - 2016-04-17 00:38 - 17331783 _____ C:\Documents and Settings\priver\Mes documents\EaseUS Data Recovery Wizard 9.8 By Kouski.rar 2016-04-16 20:17 - 2016-04-16 20:17 - 00000000 ____D C:\Shamelah_Library 2016-04-15 22:21 - 2008-11-13 10:25 - 00137024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinet.ocx 2016-04-15 22:21 - 2005-06-10 13:22 - 00450560 _____ (Sky Software) C:\WINDOWS\system32\filevw61.ocx 2016-04-15 22:21 - 2005-06-10 13:22 - 00352256 _____ (Sky Software) C:\WINDOWS\system32\shcmb61.ocx 2016-04-15 22:21 - 2005-06-10 13:21 - 00417792 _____ (Sky Software) C:\WINDOWS\system32\fldrvw61.ocx 2016-04-15 22:21 - 2005-04-15 19:58 - 01351392 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.ocx 2016-04-15 22:21 - 2005-04-13 03:00 - 00331784 _____ (VBGold Software) C:\WINDOWS\system32\aresize.ocx 2016-04-15 22:21 - 2004-10-02 09:36 - 00212240 _____ (Microsoft Corporation) C:\WINDOWS\system32\richtx32.ocx 2016-04-15 22:21 - 1999-09-28 21:42 - 01050896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet35.dll 2016-04-15 22:21 - 1998-06-18 10:33 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vb5db.dll 2016-04-15 22:21 - 1998-05-18 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbar332.dll 2016-04-15 22:21 - 1998-04-24 18:40 - 00407312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrepl35.dll 2016-04-15 22:21 - 1998-04-24 18:40 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd2x35.dll 2016-04-15 22:21 - 1998-04-24 18:40 - 00123664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint35.dll 2016-04-15 22:21 - 1998-04-24 18:40 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjter35.dll 2016-04-15 22:21 - 1997-07-19 19:00 - 00227600 _____ (Microsoft) C:\WINDOWS\system32\msflxgrd.ocx 2016-04-15 22:19 - 2016-04-15 22:20 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\bin 2016-04-15 03:33 - 2016-04-18 03:44 - 00000000 ____D C:\Program Files\CCleaner 2016-04-15 03:33 - 2016-04-15 03:33 - 00000682 _____ C:\Documents and Settings\All Users\Bureau\CCleaner.lnk 2016-04-15 03:33 - 2016-04-15 03:33 - 00000000 ____D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner 2016-04-12 15:08 - 2016-04-25 17:41 - 00101888 ___SH C:\Documents and Settings\priver\Mes documents\Thumbs.db 2016-04-12 14:34 - 2016-04-12 14:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC1Data 2016-04-12 14:34 - 2016-04-12 14:34 - 04454296 _____ ((c) PC Cleaners Inc) C:\Documents and Settings\All Users\Application Data\pclunst.exe 2016-04-12 12:12 - 2016-04-17 16:00 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-04-12 02:47 - 2016-04-12 02:47 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled 2016-04-12 02:47 - 2016-04-12 02:47 - 00000000 ____D C:\Program Files\Fichiers communs\IObit 2016-04-12 02:36 - 2016-04-12 02:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData 2016-04-12 02:35 - 2016-04-12 02:48 - 00000000 ____D C:\Documents and Settings\priver\Application Data\IObit 2016-04-12 02:35 - 2016-04-12 02:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit 2016-04-10 19:21 - 2016-04-10 19:11 - 02521734 _____ C:\Documents and Settings\priver\Mes documents\Sans titre8.bmp ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-04-26 15:48 - 2007-10-23 02:30 - 00000000 ____D C:\Documents and Settings\priver\Local Settings\Temp 2016-04-26 15:46 - 2007-10-23 02:30 - 00000000 ____D C:\Documents and Settings\priver\Bureau 2016-04-26 15:45 - 2014-10-15 20:55 - 00000000 ____D C:\Documents and Settings\priver\Application Data\uTorrent 2016-04-26 14:20 - 2007-10-23 02:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-26 09:42 - 2002-09-07 00:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2016-04-26 04:04 - 2007-10-23 02:30 - 00000184 ___SH C:\Documents and Settings\priver\ntuser.ini 2016-04-26 04:04 - 2007-10-23 02:26 - 00032200 _____ C:\WINDOWS\SchedLgU.Txt 2016-04-26 04:03 - 2007-10-23 02:30 - 00000000 ____D C:\Documents and Settings\priver 2016-04-25 22:10 - 2007-10-23 03:11 - 00000000 ____D C:\Documents and Settings\priver\Application Data\DMCache 2016-04-25 17:40 - 2007-10-23 02:30 - 00000000 ___RD C:\Documents and Settings\priver\Mes documents 2016-04-24 03:24 - 2014-10-09 19:16 - 00000000 ____D C:\Documents and Settings\priver\Application Data\vlc 2016-04-19 01:39 - 2007-10-23 04:07 - 00000000 ____D C:\Documents and Settings\All Users 2016-04-19 01:36 - 2007-10-23 04:09 - 00000000 ____D C:\Documents and Settings\All Users\Bureau 2016-04-18 17:20 - 2007-10-23 04:09 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Démarrer\Programmes 2016-04-18 17:20 - 2007-10-23 02:30 - 00000000 ___RD C:\Documents and Settings\priver\Menu Démarrer\Programmes 2016-04-18 03:56 - 2015-04-06 23:41 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\Téléchargements 2016-04-17 16:01 - 2007-10-23 02:26 - 00000184 __SHC C:\Documents and Settings\LocalService\ntuser.ini 2016-04-17 12:41 - 2014-10-09 18:12 - 00084536 ____C C:\Documents and Settings\priver\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2016-04-17 10:34 - 2007-10-23 04:07 - 00325912 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-17 02:49 - 2007-10-23 04:09 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Démarrer 2016-04-17 02:47 - 2015-08-12 02:26 - 00001693 _____ C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Chrome.lnk 2016-04-17 02:47 - 2015-08-12 02:26 - 00001687 _____ C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk 2016-04-17 02:47 - 2015-03-29 00:06 - 00001542 _____ C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk 2016-04-17 02:47 - 2015-03-29 00:06 - 00001536 _____ C:\Documents and Settings\priver\Bureau\امينة.lnk 2016-04-17 02:47 - 2015-03-29 00:06 - 00001536 _____ C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk 2016-04-17 02:40 - 2007-10-23 04:10 - 00000000 ____D C:\Program Files\Fichiers communs 2016-04-17 02:30 - 2007-10-23 02:30 - 00000000 ___RD C:\Documents and Settings\priver\Menu Démarrer 2016-04-17 00:34 - 2015-08-21 01:57 - 00000000 ____D C:\Documents and Settings\priver\Application Data\IDM 2016-04-16 15:02 - 2007-10-23 02:46 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt 2016-04-16 14:00 - 2007-10-23 04:01 - 00000000 ___HD C:\WINDOWS\inf 2016-04-16 13:59 - 2007-10-23 02:38 - 00000000 ____D C:\Program Files\FreeTime 2016-04-16 09:47 - 2015-06-21 00:56 - 00000000 ___RD C:\Documents and Settings\priver\Mes documents\Ma musique 2016-04-15 22:45 - 2015-07-26 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\hkobgidnbdabbcghenamilbflajbipfo 2016-04-15 22:21 - 2014-10-15 20:46 - 00000000 ____D C:\Documents and Settings\priver\Application Data\shamela 2016-04-15 03:37 - 2014-12-18 11:25 - 00000000 ____D C:\WINDOWS\Minidump 2016-04-15 02:54 - 2014-12-08 22:23 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\قرآن 2016-04-12 15:01 - 2015-10-03 23:41 - 00000000 ___RD C:\Documents and Settings\priver\Mes documents\Mes images 2016-04-12 14:39 - 2015-02-20 23:31 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\Mes vidéos 2016-04-12 14:39 - 2014-12-30 02:12 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\Temp 2016-04-12 14:39 - 2014-11-04 08:32 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\Any Audio Converter 2016-04-12 14:39 - 2007-10-23 04:07 - 00000000 ___HD C:\Documents and Settings\Default User 2016-04-12 02:48 - 2007-10-23 02:30 - 00000000 ___HD C:\Documents and Settings\priver\Modèles 2016-04-03 23:15 - 2007-10-23 03:21 - 00002561 _____ C:\Documents and Settings\priver\Bureau\Microsoft Word 2010.lnk 2016-04-03 15:26 - 2007-10-23 04:01 - 00000000 ____D C:\WINDOWS\Network Diagnostic 2016-03-27 09:16 - 2007-10-23 02:30 - 00000000 ___RD C:\Documents and Settings\priver\Favoris 2016-03-27 07:48 - 2007-10-23 04:10 - 00776082 ____C C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-27 07:48 - 2002-09-07 00:00 - 00367896 _____ C:\WINDOWS\system32\perfh00C.dat 2016-03-27 07:48 - 2002-09-07 00:00 - 00048700 _____ C:\WINDOWS\system32\perfc00C.dat ==================== Fichiers à la racine de certains dossiers ======= 2014-10-11 06:55 - 2014-10-11 06:55 - 6326656 ____C (Tonec Inc.) C:\Program Files\idman621build11.exe 2016-04-17 02:43 - 2016-04-17 02:43 - 0005120 _____ () C:\Documents and Settings\priver\Application Data\GiftBag.db 2014-10-11 07:39 - 2015-06-06 01:33 - 0013312 ____C () C:\Documents and Settings\priver\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-04-26 09:42 - 2016-04-26 09:42 - 0000000 ____H () C:\Documents and Settings\All Users\Application Data\cm-lock 2016-04-12 14:34 - 2016-04-12 14:34 - 4454296 _____ ((c) PC Cleaners Inc) C:\Documents and Settings\All Users\Application Data\pclunst.exe Certains fichiers dans TEMP: ==================== C:\Documents and Settings\priver\Local Settings\Temp\dllnt_dump.dll C:\Documents and Settings\priver\Local Settings\Temp\QQPCMgr_Setup.exe ==================== Bamital & volsnap ================= (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\WINDOWS\explorer.exe [2010-11-11 00:44] - [2010-11-11 00:44] - 2566144 ____A (Microsoft Corporation) 99D471D9BD7A68F9617A5637B0183A55 C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement ==================== Fin de FRST.txt ============================