cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Exécuté par priver (administrateur) sur PENTIUM4 (26-04-2016 15:48:13)
Exécuté depuis C:\Documents and Settings\priver\Mes documents\Downloads\Programs
Profils chargés: priver (Profils disponibles: priver)
Platform: Microsoft Windows XP Professionnel Service Pack 3 (X86) Langue: Français (France)
Internet Explorer Version 8 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe
(S3 Graphics Co., Ltd.) C:\WINDOWS\system32\S3Trayp.exe
() C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
() C:\Program Files\Windows Alerter\WinAlert.exe
() C:\Program Files\Windows Common Files\Commgr.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(BitTorrent Inc.) C:\Documents and Settings\priver\Application Data\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(BitTorrent Inc.) C:\Documents and Settings\priver\Application Data\uTorrent\updates\3.4.6_42094\utorrentie.exe
(BitTorrent Inc.) C:\Documents and Settings\priver\Application Data\uTorrent\updates\3.4.6_42094\utorrentie.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE


==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [VTTimer] => C:\WINDOWS\system32\VTTimer.exe [53248 2006-09-21] (S3 Graphics, Inc.)
HKLM\...\Run: [S3Trayp] => C:\WINDOWS\system32\S3trayp.exe [176128 2007-06-11] (S3 Graphics Co., Ltd.)
HKLM\...\Run: [WindowMessenger] => C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe [376832 2016-04-06] ()
HKLM\...\Run: [Windows Alerter] => C:\Program Files\Windows Alerter\WinAlert.exe [376832 2016-04-06] ()
HKLM\...\Run: [Windows Common Files Manager] => C:\Program Files\Windows Common Files\Commgr.exe [376832 2016-04-06] ()
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3907152 2015-08-15] (Tonec Inc.)
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [uTorrent] => C:\Documents and Settings\priver\Application Data\uTorrent\uTorrent.exe [1959424 2016-04-08] (BitTorrent Inc.)
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [Windows Common Files Manager] => C:\Program Files\Windows Common Files\Commgr.exe [376832 2016-04-06] ()
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [WindowMessenger] => C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe [376832 2016-04-06] ()
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Run: [Windows Alerter] => C:\Program Files\Windows Alerter\WinAlert.exe [376832 2016-04-06] ()
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {47e34488-f828-11e5-8151-001bb9b527fa} - E:\RECYCLER\SuZzWmE.exe
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {8b64e926-fda2-11e5-8160-001bb9b527fa} - E:\RECYCLER\FkCxPqN.exe
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {916b19e1-cb47-11e5-80ef-001bb9b527fa} - E:\مكتبة-طالب-العلم-الرقمية.exe
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {a47b447d-810b-11dc-a17b-806d6172696f} - E:\setup.exe
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [Fichiers hors connexion] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll [2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\priver\Menu Démarrer\Programmes\Démarrage\ 30 ( 59 60 ) - .mp4.lnk [2015-02-14]
ShortcutTarget: 30 ( 59 60 ) - .mp4.lnk -> C:\Documents and Settings\All Users\Application Data\{ffbd0fce-b2ab-ac9b-ffbd-d0fceb2a3f3a}\ 30 ( 59 60 ) - .mp4.exe (Pas de fichier)
Startup: C:\Documents and Settings\priver\Menu Démarrer\Programmes\Démarrage\Download.lnk [2015-02-14]
ShortcutTarget: Download.lnk -> C:\Documents and Settings\All Users\Application Data\{67cce07f-dc8e-ac80-67cc-ce07fdc881ff}\Download.exe (Pas de fichier)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{BFC872FC-913F-4913-9890-992876379784}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.com
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.dz/
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par 01net.com
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.01net.com/telecharger/
hxxp://www.01men.com/
URLSearchHook: [S-1-5-21-1708537768-484763869-1606980848-1003] ATTENTION => URLSearchHook par défaut est absent
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL =
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1606980848-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1606980848-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll [2009-05-23] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\priver\Application Data\Mozilla\Firefox\Profiles\ob5lwmzm.default
FF NewTab: about:newtab
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxp://www.google.dz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2007-10-23] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\priver\Application Data\Mozilla\Firefox\Profiles\ob5lwmzm.default\searchplugins\Search Provided by Yahoo.xml [2016-04-18]
FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015-08-14]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Pas de nom - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2015-09-04] [non signé]
FF HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.dz/
CHR StartupUrls: Default -> "hxxp://www.hohosearch.com/?mode=nnnb&ptid=isr&uid=700AF31965BC1BE439649CF6DEED878D&v=20160415&ts=AHEqA3UpAXUtC0.."
CHR Profile: C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-17]
CHR Extension: (Google Docs) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Search and Replace) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bldchfkhmnkoimaciljpilanilmbnofo [2015-07-26] [UpdateUrl: hxxps://mynamedomain.koko/00] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION
CHR Extension: (Recherche Google) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION
CHR Extension: (Google Docs hors connexion) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Google Wallet) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION
CHR Extension: (EaxstraCuoupon) - C:\Documents and Settings\All Users\Application Data\hkobgidnbdabbcghenamilbflajbipfo\ []
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10]
CHR HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Avec liste blanche) ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

"d51a71667b27960" => service n'a pas pu être déverrouillé. <===== ATTENTION

R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG)
S2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2007-10-23] (Sun Microsystems, Inc.)
S3 ose; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 SstrprSrv; "C:\Program Files\Sosition\SstrprSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]

===================== Pilotes (Avec liste blanche) ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-12-04] (VIA Technologies, Inc. ) [Fichier non signé]
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [128528 2015-06-12] (Tonec Inc.)
R3 S3GIGP; C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys [714240 2007-07-11] (S3 Graphics Co., Ltd.) [Fichier non signé]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2016-04-23] ()
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-01] (VIA Technologies, Inc.)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [208384 2007-10-16] (VIA Technologies, Inc.)
U5 d51a71667b27960; C:\Windows\System32\Drivers\d51a71667b27960.sys [86656 2015-10-02] () <===== ATTENTION Necurs Rootkit?
S4 IntelIde; pas de ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [Fichier non signé]
U1 WS2IFSL; pas de ImagePath

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-04-26 09:42 - 2016-04-26 09:42 - 00000000 ____H C:\Documents and Settings\All Users\Application Data\cm-lock
2016-04-23 17:18 - 2016-04-26 15:47 - 00000000 ____D C:\FRST
2016-04-23 02:38 - 2016-04-23 02:38 - 00008040 _____ C:\Documents and Settings\priver\Mes documents\txt.txt
2016-04-20 07:15 - 2016-04-23 01:40 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-20 07:15 - 2016-04-20 07:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2016-04-19 17:11 - 2016-04-19 17:11 - 00000000 ____D C:\Program Files\ESET
2016-04-18 04:43 - 2016-04-18 04:43 - 00000376 __RSH C:\Documents and Settings\All Users\ntuser.pol
2016-04-18 04:43 - 2016-04-18 04:43 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-18 04:01 - 2016-04-18 04:01 - 00002088 _____ C:\Documents and Settings\priver\Bureau\Hetman Partition Recovery.lnk
2016-04-18 04:01 - 2016-04-18 04:01 - 00000000 ____D C:\Program Files\Hetman Software
2016-04-18 04:01 - 2016-04-18 04:01 - 00000000 ____D C:\Documents and Settings\priver\Menu Démarrer\Programmes\Hetman Software
2016-04-18 04:01 - 2015-02-28 15:05 - 14883995 _____ C:\Documents and Settings\priver\Mes documents\hetman_partition_recovery.exe
2016-04-18 03:58 - 2016-04-18 04:00 - 14882146 _____ C:\Documents and Settings\priver\Mes documents\top4top_1a55b27c711.rar
2016-04-18 03:42 - 2016-04-18 03:42 - 00000000 ____D C:\Program Files\CodeMeter
2016-04-18 03:42 - 2016-04-18 03:42 - 00000000 ____D C:\Documents and Settings\priver\Menu Démarrer\Programmes\Recover My Files v5
2016-04-18 03:42 - 2012-07-19 15:18 - 00666024 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\system32\WibuCm32.dll
2016-04-17 02:43 - 2016-04-17 02:43 - 00005120 _____ C:\Documents and Settings\priver\Application Data\GiftBag.db
2016-04-17 02:41 - 2016-04-17 02:41 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Tencent
2016-04-17 02:29 - 2016-04-26 15:30 - 00001496 _____ C:\WINDOWS\Tasks\Sosition Reports.job
2016-04-17 02:29 - 2016-04-17 02:31 - 00000000 ____D C:\Documents and Settings\priver\Local Settings\Application Data\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-17 01:36 - 2016-04-17 01:36 - 00001512 _____ C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
2016-04-17 01:36 - 2016-04-17 01:36 - 00000000 ____D C:\Program Files\ZHPFix
2016-04-17 01:36 - 2016-04-17 01:36 - 00000000 ____D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
2016-04-17 00:48 - 2016-04-25 22:53 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\EaseUS Data Recovery Wizard 9.8 Technician
2016-04-17 00:36 - 2016-04-17 02:06 - 00000000 ____D C:\Documents and Settings\priver\Application Data\ZHP
2016-04-17 00:36 - 2016-04-17 00:36 - 00000802 _____ C:\Documents and Settings\priver\Bureau\ZHPDiag.lnk
2016-04-17 00:25 - 2016-04-17 00:38 - 17331783 _____ C:\Documents and Settings\priver\Mes documents\EaseUS Data Recovery Wizard 9.8 By Kouski.rar
2016-04-16 20:17 - 2016-04-16 20:17 - 00000000 ____D C:\Shamelah_Library
2016-04-15 22:21 - 2008-11-13 10:25 - 00137024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinet.ocx
2016-04-15 22:21 - 2005-06-10 13:22 - 00450560 _____ (Sky Software) C:\WINDOWS\system32\filevw61.ocx
2016-04-15 22:21 - 2005-06-10 13:22 - 00352256 _____ (Sky Software) C:\WINDOWS\system32\shcmb61.ocx
2016-04-15 22:21 - 2005-06-10 13:21 - 00417792 _____ (Sky Software) C:\WINDOWS\system32\fldrvw61.ocx
2016-04-15 22:21 - 2005-04-15 19:58 - 01351392 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.ocx
2016-04-15 22:21 - 2005-04-13 03:00 - 00331784 _____ (VBGold Software) C:\WINDOWS\system32\aresize.ocx
2016-04-15 22:21 - 2004-10-02 09:36 - 00212240 _____ (Microsoft Corporation) C:\WINDOWS\system32\richtx32.ocx
2016-04-15 22:21 - 1999-09-28 21:42 - 01050896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet35.dll
2016-04-15 22:21 - 1998-06-18 10:33 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vb5db.dll
2016-04-15 22:21 - 1998-05-18 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbar332.dll
2016-04-15 22:21 - 1998-04-24 18:40 - 00407312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrepl35.dll
2016-04-15 22:21 - 1998-04-24 18:40 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd2x35.dll
2016-04-15 22:21 - 1998-04-24 18:40 - 00123664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint35.dll
2016-04-15 22:21 - 1998-04-24 18:40 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjter35.dll
2016-04-15 22:21 - 1997-07-19 19:00 - 00227600 _____ (Microsoft) C:\WINDOWS\system32\msflxgrd.ocx
2016-04-15 22:19 - 2016-04-15 22:20 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\bin
2016-04-15 03:33 - 2016-04-18 03:44 - 00000000 ____D C:\Program Files\CCleaner
2016-04-15 03:33 - 2016-04-15 03:33 - 00000682 _____ C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
2016-04-15 03:33 - 2016-04-15 03:33 - 00000000 ____D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
2016-04-12 15:08 - 2016-04-25 17:41 - 00101888 ___SH C:\Documents and Settings\priver\Mes documents\Thumbs.db
2016-04-12 14:34 - 2016-04-12 14:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC1Data
2016-04-12 14:34 - 2016-04-12 14:34 - 04454296 _____ ((c) PC Cleaners Inc) C:\Documents and Settings\All Users\Application Data\pclunst.exe
2016-04-12 12:12 - 2016-04-17 16:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-12 02:47 - 2016-04-12 02:47 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-04-12 02:47 - 2016-04-12 02:47 - 00000000 ____D C:\Program Files\Fichiers communs\IObit
2016-04-12 02:36 - 2016-04-12 02:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2016-04-12 02:35 - 2016-04-12 02:48 - 00000000 ____D C:\Documents and Settings\priver\Application Data\IObit
2016-04-12 02:35 - 2016-04-12 02:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2016-04-10 19:21 - 2016-04-10 19:11 - 02521734 _____ C:\Documents and Settings\priver\Mes documents\Sans titre8.bmp

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-04-26 15:48 - 2007-10-23 02:30 - 00000000 ____D C:\Documents and Settings\priver\Local Settings\Temp
2016-04-26 15:46 - 2007-10-23 02:30 - 00000000 ____D C:\Documents and Settings\priver\Bureau
2016-04-26 15:45 - 2014-10-15 20:55 - 00000000 ____D C:\Documents and Settings\priver\Application Data\uTorrent
2016-04-26 14:20 - 2007-10-23 02:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-26 09:42 - 2002-09-07 00:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-04-26 04:04 - 2007-10-23 02:30 - 00000184 ___SH C:\Documents and Settings\priver\ntuser.ini
2016-04-26 04:04 - 2007-10-23 02:26 - 00032200 _____ C:\WINDOWS\SchedLgU.Txt
2016-04-26 04:03 - 2007-10-23 02:30 - 00000000 ____D C:\Documents and Settings\priver
2016-04-25 22:10 - 2007-10-23 03:11 - 00000000 ____D C:\Documents and Settings\priver\Application Data\DMCache
2016-04-25 17:40 - 2007-10-23 02:30 - 00000000 ___RD C:\Documents and Settings\priver\Mes documents
2016-04-24 03:24 - 2014-10-09 19:16 - 00000000 ____D C:\Documents and Settings\priver\Application Data\vlc
2016-04-19 01:39 - 2007-10-23 04:07 - 00000000 ____D C:\Documents and Settings\All Users
2016-04-19 01:36 - 2007-10-23 04:09 - 00000000 ____D C:\Documents and Settings\All Users\Bureau
2016-04-18 17:20 - 2007-10-23 04:09 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Démarrer\Programmes
2016-04-18 17:20 - 2007-10-23 02:30 - 00000000 ___RD C:\Documents and Settings\priver\Menu Démarrer\Programmes
2016-04-18 03:56 - 2015-04-06 23:41 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\Téléchargements
2016-04-17 16:01 - 2007-10-23 02:26 - 00000184 __SHC C:\Documents and Settings\LocalService\ntuser.ini
2016-04-17 12:41 - 2014-10-09 18:12 - 00084536 ____C C:\Documents and Settings\priver\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-04-17 10:34 - 2007-10-23 04:07 - 00325912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-17 02:49 - 2007-10-23 04:09 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Démarrer
2016-04-17 02:47 - 2015-08-12 02:26 - 00001693 _____ C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Chrome.lnk
2016-04-17 02:47 - 2015-08-12 02:26 - 00001687 _____ C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
2016-04-17 02:47 - 2015-03-29 00:06 - 00001542 _____ C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
2016-04-17 02:47 - 2015-03-29 00:06 - 00001536 _____ C:\Documents and Settings\priver\Bureau\امينة.lnk
2016-04-17 02:47 - 2015-03-29 00:06 - 00001536 _____ C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
2016-04-17 02:40 - 2007-10-23 04:10 - 00000000 ____D C:\Program Files\Fichiers communs
2016-04-17 02:30 - 2007-10-23 02:30 - 00000000 ___RD C:\Documents and Settings\priver\Menu Démarrer
2016-04-17 00:34 - 2015-08-21 01:57 - 00000000 ____D C:\Documents and Settings\priver\Application Data\IDM
2016-04-16 15:02 - 2007-10-23 02:46 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt
2016-04-16 14:00 - 2007-10-23 04:01 - 00000000 ___HD C:\WINDOWS\inf
2016-04-16 13:59 - 2007-10-23 02:38 - 00000000 ____D C:\Program Files\FreeTime
2016-04-16 09:47 - 2015-06-21 00:56 - 00000000 ___RD C:\Documents and Settings\priver\Mes documents\Ma musique
2016-04-15 22:45 - 2015-07-26 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\hkobgidnbdabbcghenamilbflajbipfo
2016-04-15 22:21 - 2014-10-15 20:46 - 00000000 ____D C:\Documents and Settings\priver\Application Data\shamela
2016-04-15 03:37 - 2014-12-18 11:25 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-15 02:54 - 2014-12-08 22:23 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\قرآن
2016-04-12 15:01 - 2015-10-03 23:41 - 00000000 ___RD C:\Documents and Settings\priver\Mes documents\Mes images
2016-04-12 14:39 - 2015-02-20 23:31 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\Mes vidéos
2016-04-12 14:39 - 2014-12-30 02:12 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\Temp
2016-04-12 14:39 - 2014-11-04 08:32 - 00000000 ____D C:\Documents and Settings\priver\Mes documents\Any Audio Converter
2016-04-12 14:39 - 2007-10-23 04:07 - 00000000 ___HD C:\Documents and Settings\Default User
2016-04-12 02:48 - 2007-10-23 02:30 - 00000000 ___HD C:\Documents and Settings\priver\Modèles
2016-04-03 23:15 - 2007-10-23 03:21 - 00002561 _____ C:\Documents and Settings\priver\Bureau\Microsoft Word 2010.lnk
2016-04-03 15:26 - 2007-10-23 04:01 - 00000000 ____D C:\WINDOWS\Network Diagnostic
2016-03-27 09:16 - 2007-10-23 02:30 - 00000000 ___RD C:\Documents and Settings\priver\Favoris
2016-03-27 07:48 - 2007-10-23 04:10 - 00776082 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-27 07:48 - 2002-09-07 00:00 - 00367896 _____ C:\WINDOWS\system32\perfh00C.dat
2016-03-27 07:48 - 2002-09-07 00:00 - 00048700 _____ C:\WINDOWS\system32\perfc00C.dat

==================== Fichiers à la racine de certains dossiers =======

2014-10-11 06:55 - 2014-10-11 06:55 - 6326656 ____C (Tonec Inc.) C:\Program Files\idman621build11.exe
2016-04-17 02:43 - 2016-04-17 02:43 - 0005120 _____ () C:\Documents and Settings\priver\Application Data\GiftBag.db
2014-10-11 07:39 - 2015-06-06 01:33 - 0013312 ____C () C:\Documents and Settings\priver\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-26 09:42 - 2016-04-26 09:42 - 0000000 ____H () C:\Documents and Settings\All Users\Application Data\cm-lock
2016-04-12 14:34 - 2016-04-12 14:34 - 4454296 _____ ((c) PC Cleaners Inc) C:\Documents and Settings\All Users\Application Data\pclunst.exe

Certains fichiers dans TEMP:
====================
C:\Documents and Settings\priver\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\priver\Local Settings\Temp\QQPCMgr_Setup.exe


==================== Bamital & volsnap =================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\explorer.exe
[2010-11-11 00:44] - [2010-11-11 00:44] - 2566144 ____A (Microsoft Corporation) 99D471D9BD7A68F9617A5637B0183A55

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

==================== Fin de FRST.txt ============================

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !