Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Exécuté par sysko (administrateur) sur DESKTOP-ADTKIA9 (23-06-2017 19:15:38)
Exécuté depuis C:\Users\sysko\Desktop
Profils chargés: sysko (Profils disponibles: sysko)
Platform: Windows 10 Pro Version 1607 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Edge)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(Microsoft Corporation) C:\Windows\syswow64\svchost.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Windows\MultiSessions\1612262\Session.exe
() C:\Windows\syswow64\Policies\161011\Policies.exe
() C:\Program Files\Simple Driver Updater\AUCY5UGZRDFXM\q-F_N0GdPA.exe
(Microsoft Corporation) C:\Windows\syswow64\svchost.exe
() C:\Windows\VisualUtilities\168201\VisualUtilities.exe
() C:\Windows\WinEssentials\169131\WinEssentials.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(PW9N) C:\Program Files (x86)\1h5rb43x1qr\2ZY260GE1D25OUI.exe
(PW9N) C:\Program Files (x86)\pskeb1bjyoy\305B2U4UPPV5XYF.exe
() C:\Users\sysko\AppData\Roaming\dpgim4ijfoa\ecaisss3as4.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Users\sysko\AppData\Roaming\dpgim4ijfoa\ecaisss3as4.exe
(Microsoft Corporation) C:\Windows\syswow64\explorer.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
(Microsoft Corporation) C:\Windows\syswow64\svchost.exe
(Microsoft Corporation) C:\Windows\syswow64\svchost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Windows\SysSecure\16.9.17.5\SysSecure.exe
(GZOO) C:\Program Files\82ML4GKYKL\82ML4GKYK.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(PhantomJS) C:\Windows\MultiSessions\1612262\phantomjs.exe
(PhantomJS) C:\Windows\MultiSessions\1612262\phantomjs.exe
(PhantomJS) C:\Windows\MultiSessions\1612262\phantomjs.exe
(PhantomJS) C:\Windows\MultiSessions\1612262\phantomjs.exe
(PhantomJS) C:\Windows\MultiSessions\1612262\phantomjs.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM\...\Run: [gplyra] => C:\Users\sysko\AppData\Roaming\gplyra\gplyra.exe <===== ATTENTION
HKLM\...\RunOnce: [OMEWPRODUCT_M7BWS] => C:\Program Files (x86)\1h5rb43x1qr\2ZY260GE1D25OUI.exe [340480 2017-06-22] (PW9N) <===== ATTENTION
HKLM\...\RunOnce: [OMEWPRODUCT_YDUEZ] => C:\Program Files (x86)\pskeb1bjyoy\305B2U4UPPV5XYF.exe [340480 2017-06-22] (PW9N) <===== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\...\Run: [swqzmxyziwx] => C:\Users\sysko\AppData\Roaming\dpgim4ijfoa\ecaisss3as4.exe [8192 2017-06-23] ()
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\...\Run: [WBM8XVNY90C17SH] => C:\Program Files\82ML4GKYKL\82ML4GKYK.exe [1040384 2017-06-23] (GZOO)
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\...\RunOnce: [R1dDAJ0eKJl.exe] => C:\ProgramData\54542497619444478918ae49c233f590\R1dDAJ0eKJl.exe [836608 2017-06-22] () <===== ATTENTION
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\...\RunOnce: [FNu91hkKscSL.exe] => C:\ProgramData\2494e81bae9e4d499cc775e4b5e5780c\FNu91hkKscSL.exe [836608 2017-06-22] () <===== ATTENTION
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\...\Policies\Explorer\Run: [Event Monitor] => C:\Users\sysko\AppData\Roaming\Microsoft\gusgbasb\igcdtdjw.exe [153600 2016-07-16] ()
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [bHHXaGhX0k7bS.exe] => C:\WINDOWS\system32\config\systemprofile\AppData\Local\a51bb34f00704b90b7c3fe3562a0ea4f\bHHXaGhX0k7bS.exe [216576 2017-05-26] ()
HKU\S-1-5-18\...\Run: [JPr0FvYk3F.exe] => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\e143b198701948388e65b8a66b1fd0e1\JPr0FvYk3F.exe [230912 2017-05-30] ()
HKLM\...\Providers\jtoh6w85: C:\Program Files (x86)\Zuwdomshedert Module\local64spl.dll [309248 2017-05-19] () <===== ATTENTION
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellExecuteHooks: Pas de nom - {5A0B8270-3920-11E7-AC6D-64006A5CFC23} - -> Pas de fichier
ShellExecuteHooks: Pas de nom - {91B83DD8-392A-11E7-92B8-64006A5CFC23} - -> Pas de fichier
ShellExecuteHooks: Pas de nom - {06CAA012-392D-11E7-B83C-64006A5CFC23} - -> Pas de fichier
ShellExecuteHooks: Pas de nom - {7ACC857A-392D-11E7-BE41-64006A5CFC23} - -> Pas de fichier
ShellExecuteHooks: Pas de nom - {9D4C6EFA-3930-11E7-908F-64006A5CFC23} - -> Pas de fichier
ShellExecuteHooks: Pas de nom - {7A593C30-45A3-11E7-95D6-64006A5CFC23} - C:\Users\sysko\AppData\Roaming\Pevghtbuhers\Clersok.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\sysko\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\sysko\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\sysko\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\sysko\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\sysko\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll -> Pas de fichier
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

AutoConfigURL: [S-1-5-21-2978784861-3490948099-3467900155-1001] => hxxp://unstopweb.biz/wpad.dat?d1341123fe3069c8da12cc82b606a08431452660
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 202.171.64.28 202.171.64.29
Tcpip\..\Interfaces\{e89ee844-82e6-4a17-a7d1-948765851cff}: [DhcpNameServer] 202.171.64.28 202.171.64.29
ManualProxies: 0hxxp://unstopweb.biz/wpad.dat?d1341123fe3069c8da12cc82b606a08431452660

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1496225845&z=fe1944850d34464654b9a00gfzat7qdo6o8webdz0q&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1496225845&z=fe1944850d34464654b9a00gfzat7qdo6o8webdz0q&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1496225845&z=fe1944850d34464654b9a00gfzat7qdo6o8webdz0q&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1496225845&z=fe1944850d34464654b9a00gfzat7qdo6o8webdz0q&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1496225845&z=fe1944850d34464654b9a00gfzat7qdo6o8webdz0q&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pesonal-spage.com/sall2/
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1496225845&z=fe1944850d34464654b9a00gfzat7qdo6o8webdz0q&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1496225845&z=fe1944850d34464654b9a00gfzat7qdo6o8webdz0q&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2978784861-3490948099-3467900155-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1496225845&z=fe1944850d34464654b9a00gfzat7qdo6o8webdz0q&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073&q={searchTerms}
BHO: YoutubeAdBlock -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} -> C:\Program Files (x86)\YubeAlckIE\tSaleQS.dll [2017-06-23] ()
BHO-x32: YoutubeAdBlock -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} -> C:\Program Files (x86)\YubeAlckIE\k_PPQz4.dll [2017-06-23] ()
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-17] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-17] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2978784861-3490948099-3467900155-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-22] (Google Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495448404&z=8b30984c16fa16e7bf73271gczetew6z7zfb7zbeem&from=che0812&uid=HFS128G3AMNB-2200A_EI3CN075013CF0073
HKU\.DEFAULT\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Fanlook\Application\chrome.exe (Google Inc.) <==== ATTENTION
HKU\S-1-5-21-2978784861-3490948099-3467900155-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Baglook\Application\chrome.exe (Google Inc.) <==== ATTENTION
HKU\S-1-5-18\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Fanlook\Application\chrome.exe (Google Inc.) <==== ATTENTION

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 BIT; C:\ProgramData\BIT\BIT.dll [1812992 2017-05-31] (TODO: <公司名>) [Fichier non signé] <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [98456 2017-05-19] () <==== ATTENTION
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373152 2016-01-06] (Intel Corporation)
R2 Policies; C:\WINDOWS\SysWOW64\Policies\161011\Policies.exe [14848 2016-10-22] () [Fichier non signé]
R2 Recover; C:\Program Files\Simple Driver Updater\AUCY5UGZRDFXM\q-F_N0GdPA.exe [60416 2017-05-19] () [Fichier non signé]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation)
R2 Sessions; C:\WINDOWS\MultiSessions\1612262\Session.exe [15872 2016-12-26] () [Fichier non signé]
R2 swpsvr; C:\ProgramData\Microsoft\Windows\system\appidsvr.dll [103936 2017-05-18] (TODO: ) [Fichier non signé] <==== ATTENTION
R3 SysSecure; C:\WINDOWS\SysSecure\16.9.17.5\SysSecure.exe [10752 2016-09-17] () [Fichier non signé]
S2 tw4169859; C:\ProgramData\tw4169859.exe [353480 2017-05-19] ()
R2 VisualUtilities; C:\WINDOWS\VisualUtilities\168201\VisualUtilities.exe [11776 2016-08-20] () [Fichier non signé]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 wiasvc; C:\ProgramData\Microsoft\Windows\Image\capCADF.tmp:ad [212994 ] () [Fichier non signé] <==== ATTENTION <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
R2 WinEssentials; C:\WINDOWS\WinEssentials\169131\WinEssentials.exe [12288 2016-09-12] () [Fichier non signé]
R2 WinSAPSvc; C:\Users\sysko\AppData\Roaming\WinSAPSvc\WinSAP.dll [1886720 2017-05-31] () [Fichier non signé] <==== ATTENTION
S2 CSHMDR; C:\Users\sysko\AppData\Local\CSHMDR\Snare.dll [X] <==== ATTENTION
S2 snare; C:\Users\sysko\AppData\Local\snare\Snare.dll [X] <==== ATTENTION
S2 terana; C:\Users\sysko\AppData\Local\terana\terana.dll [X] <==== ATTENTION

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-19] (REALiX(tm))
R3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)
R1 MpKsl10659881; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B98FC785-2645-4B79-8CB2-5D448A002912}\MpKsl10659881.sys [44928 2017-06-23] (Microsoft Corporation)
S1 MpKsl9cf63795; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B98FC785-2645-4B79-8CB2-5D448A002912}\MpKsl9cf63795.sys [44928 2017-06-22] () [Fichier non signé]
S1 MpKslc5c4e97d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B98FC785-2645-4B79-8CB2-5D448A002912}\MpKslc5c4e97d.sys [44928 2017-06-23] () [Fichier non signé]
R3 mwlu97w8; C:\WINDOWS\System32\drivers\mwlu97w8x64.sys [1602560 2014-05-29] (Marvell Semiconductors, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42088 2016-10-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42600 2016-10-05] (Synaptics Incorporated)
S3 SurfaceTouchCover; C:\WINDOWS\System32\drivers\SurfaceTouchCover.sys [37992 2013-08-09] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R4 WinDivert1.1; C:\WINDOWS\SysSecure\16.9.17.5\WinDivert64.sys [38064 2015-07-28] (Basil)
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== ATTENTION

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2084-03-16 12:53 - 2017-06-22 14:31 - 00000000 ____D C:\Program Files\Common Files
2017-06-23 19:15 - 2017-06-23 19:15 - 00026542 _____ C:\Users\sysko\Desktop\FRST.txt
2017-06-23 19:15 - 2017-06-23 19:15 - 00000000 ____D C:\FRST
2017-06-23 19:07 - 2017-06-23 19:08 - 02439680 _____ (Farbar) C:\Users\sysko\Desktop\FRST64.exe
2017-06-23 15:50 - 2017-06-23 15:50 - 00000000 ____D C:\Program Files (x86)\Navilog1
2017-06-23 15:46 - 2017-06-23 15:50 - 00000000 ____D C:\Program Files\82ML4GKYKL
2017-06-23 15:46 - 2017-06-23 15:48 - 00000132 _____ C:\ProgramData\log.binb
2017-06-23 15:46 - 2017-06-23 15:46 - 00000000 ____D C:\Users\sysko\AppData\Roaming\dpgim4ijfoa
2017-06-23 15:26 - 2017-06-23 15:25 - 64025992 _____ (Malwarebytes ) C:\Users\sysko\Desktop\mb3-setup-1878.1878-3.1.2.1733-10139.exe
2017-06-23 14:17 - 2017-06-23 14:18 - 00000000 ____D C:\Program Files (x86)\YubeAlckU
2017-06-23 14:17 - 2017-06-23 14:17 - 00000000 ____D C:\Program Files (x86)\YubeAlckUn
2017-06-23 14:17 - 2017-06-23 14:17 - 00000000 ____D C:\Program Files (x86)\YubeAlckIE
2017-06-23 14:14 - 2017-06-23 14:14 - 00930816 _____ C:\Users\sysko\AppData\Local\test_db_cara.db
2017-06-23 14:14 - 2017-06-23 14:14 - 00140800 _____ C:\Users\sysko\AppData\Local\installer.dat
2017-06-23 14:14 - 2017-06-23 14:14 - 00011568 _____ C:\Users\sysko\AppData\Local\InstallationConfiguration.xml
2017-06-23 14:12 - 2017-06-23 14:20 - 00000000 ____D C:\Program Files\X8UHV4E4DS
2017-06-23 14:09 - 2017-06-23 14:09 - 00000000 ____D C:\Users\sysko\AppData\Roaming\pcjsgm0kd3z
2017-06-23 14:08 - 2017-06-23 15:50 - 00000000 ____D C:\Navilog1
2017-06-23 14:06 - 2017-06-23 14:06 - 00000000 ____D C:\Users\sysko\AppData\Roaming\Macromedia
2017-06-23 14:06 - 2017-06-23 14:06 - 00000000 ____D C:\Users\sysko\AppData\Roaming\Adobe
2017-06-23 14:05 - 2017-06-23 14:07 - 00000000 ____D C:\Program Files\LP2V96JGHH
2017-06-23 14:05 - 2017-06-23 14:05 - 00000000 ____D C:\Users\sysko\AppData\Local\VirtualStore
2017-06-23 14:04 - 2017-06-23 14:04 - 00000020 ___SH C:\Users\sysko\ntuser.ini
2017-06-23 14:04 - 2017-06-23 14:04 - 00000000 ____D C:\Users\sysko\AppData\Roaming\45yvvfxqbbq
2017-06-23 14:03 - 2017-06-23 14:02 - 00260562 _____ C:\Users\sysko\Desktop\Navilog1.exe
2017-06-23 13:52 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Local\MicrosoftEdge
2017-06-23 11:17 - 2017-06-23 11:18 - 00000000 ____D C:\Program Files\VEQL13QUTP
2017-06-23 11:17 - 2017-06-23 11:17 - 00000000 ____D C:\Users\sysko\AppData\Roaming\inn141gl15b
2017-06-23 11:13 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\0rzansvwm4y
2017-06-23 11:10 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\p2j0gpxkdlt
2017-06-23 11:10 - 2017-06-23 11:10 - 00000000 ____D C:\Program Files\4VVSX9AM2W
2017-06-23 09:51 - 2017-06-23 09:52 - 00000000 ____D C:\Program Files\E64I3BU15K
2017-06-23 09:50 - 2017-06-23 09:52 - 00000000 ____D C:\Program Files\P3KQ60SQ4N
2017-06-23 09:49 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\oqk303kg1yd
2017-06-23 09:48 - 2017-06-23 09:53 - 00000000 ____D C:\Program Files\DGJARPOD68
2017-06-23 09:48 - 2017-06-23 09:52 - 00000000 ____D C:\Program Files\G2SMLQI1MB
2017-06-23 09:46 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\nocpzqdr5lu
2017-06-23 09:46 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\jsmj4m3p1fx
2017-06-23 09:45 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\ggdle1q5jbd
2017-06-23 09:39 - 2017-06-23 09:43 - 00000000 ____D C:\Program Files\L1J5RV8DE0
2017-06-23 09:37 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\qhj10o2abna
2017-06-23 09:37 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\kjlswcms5ch
2017-06-23 09:37 - 2017-06-23 09:41 - 00000000 ____D C:\Program Files\3QYDBWFJOA
2017-06-23 09:16 - 2017-06-23 09:18 - 00000000 ____D C:\Program Files\00XDLU0CJC
2017-06-23 09:15 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\umcwkyzni30
2017-06-23 09:13 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\msnanob3uzk
2017-06-23 09:12 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\lom4fnrfai4
2017-06-23 09:12 - 2017-06-23 09:12 - 00000000 ____D C:\Program Files\ZPIA6J5JYK
2017-06-23 09:04 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\cce3qhf4z0y
2017-06-23 09:04 - 2017-06-23 09:09 - 00000000 ____D C:\Program Files\LB49TCYLXS
2017-06-23 09:04 - 2017-06-23 09:08 - 00000000 ____D C:\Program Files\S79LLWNN2N
2017-06-23 09:01 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\f5hnl3nhmhf
2017-06-23 09:00 - 2017-06-23 14:05 - 00000000 ____D C:\Users\sysko\AppData\LocalLow\uTorrent
2017-06-23 09:00 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\ebskkhua4yp
2017-06-23 09:00 - 2017-06-23 09:01 - 00000000 ____D C:\Program Files\4UCJIDK49H
2017-06-22 19:46 - 2017-06-23 08:07 - 00000000 ____D C:\Program Files\L2MZ998YLT
2017-06-22 19:44 - 2017-06-22 19:50 - 00000000 ____D C:\Program Files\IDO8BS51VC
2017-06-22 19:40 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\hclzuwzktwj
2017-06-22 19:40 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\f2desinoknb
2017-06-22 16:46 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\eyzclj31sao
2017-06-22 16:46 - 2017-06-22 16:52 - 00000000 ____D C:\Program Files\EYQPNXWCZ5
2017-06-22 16:46 - 2017-06-22 16:52 - 00000000 ____D C:\Program Files\5TTNXF1UTX
2017-06-22 16:45 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\jlmmut1y1iw
2017-06-22 16:08 - 2017-06-23 14:05 - 00000000 ____D C:\Users\sysko\AppData\Roaming\IeServ
2017-06-22 16:04 - 2017-06-22 16:08 - 00000000 ____D C:\Program Files\T9LGLNASA3
2017-06-22 16:03 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\cuw45f5z3im
2017-06-22 16:00 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\gx2achywol4
2017-06-22 15:33 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\tbwgwcqpw2l
2017-06-22 15:33 - 2017-06-22 15:36 - 00000000 ____D C:\Program Files\DLQXZDC2RK
2017-06-22 15:33 - 2017-06-22 15:35 - 00000000 ____D C:\Program Files\XGBG3MQFZS
2017-06-22 15:32 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\vndcct2rckl
2017-06-22 15:26 - 2017-06-22 15:26 - 00000000 ____D C:\Program Files\HG7UG9TPXI
2017-06-22 15:25 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\wh4r3jyiwkm
2017-06-22 15:25 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\cnrdjkt2xfr
2017-06-22 15:25 - 2017-06-22 15:29 - 00000000 ____D C:\Program Files (x86)\pskeb1bjyoy
2017-06-22 15:25 - 2017-06-22 15:28 - 00000000 ____D C:\Program Files (x86)\AVBoost
2017-06-22 15:25 - 2017-06-22 15:26 - 00000000 ____D C:\Program Files\P33U3UBO4I
2017-06-22 15:25 - 2017-06-22 15:26 - 00000000 ____D C:\Program Files\NDATUYG0DO
2017-06-22 15:24 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\bjgg0mzmbwh
2017-06-22 15:24 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\31p1tv1ctws
2017-06-22 15:24 - 2017-06-22 15:25 - 00000000 ____D C:\Program Files\TQQWVJZYEL
2017-06-22 15:17 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\w4rcvtvhdyx
2017-06-22 15:16 - 2017-06-22 15:24 - 00000000 ____D C:\Program Files (x86)\1h5rb43x1qr
2017-06-22 15:16 - 2017-06-22 15:23 - 00000000 ____D C:\Program Files\4YTTM72LWR
2017-06-22 15:14 - 2017-06-23 13:52 - 00000000 ____D C:\Users\sysko\AppData\Roaming\q4dv0njosvz
2017-06-22 15:12 - 2017-06-22 15:12 - 00001273 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefох.lnk
2017-06-22 15:12 - 2017-06-22 15:12 - 00001268 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Chrоmе.lnk
2017-06-22 15:12 - 2017-06-22 15:12 - 00001185 ___RS C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2017-06-22 15:12 - 2017-06-22 15:12 - 00001180 ___RS C:\Users\Public\Desktop\Gоoglе Chrоmе.lnk
2017-06-22 14:46 - 2017-06-22 14:47 - 00000000 ____D C:\ProgramData\820b04d971b240c6af3a391e9d5493eb
2017-06-22 14:23 - 2017-06-22 14:23 - 00000000 ____D C:\ProgramData\54542497619444478918ae49c233f590
2017-06-22 11:40 - 2017-06-22 11:41 - 00000000 ____D C:\ProgramData\2494e81bae9e4d499cc775e4b5e5780c
2017-06-21 19:44 - 2017-06-21 19:44 - 00000000 ____D C:\ProgramData\79ed722139524418b4053b357ca387dd
2017-06-20 15:16 - 2017-06-20 15:16 - 00000000 ____D C:\WINDOWS\VisualUtilities
2017-06-20 07:31 - 2017-06-20 07:31 - 00000000 ____D C:\WINDOWS\WinEssentials
2017-06-19 10:11 - 2017-06-19 10:11 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-06-17 07:39 - 2017-06-17 07:39 - 00000000 ____D C:\WINDOWS\SysSecure
2017-06-08 08:00 - 2017-06-08 08:01 - 00000000 ____D C:\ProgramData\8d23be481b15415bb872f7d2c6f61ba3
2017-06-04 01:15 - 2017-06-04 01:15 - 00000000 ____D C:\Program Files (x86)\Fipoph Module
2017-06-04 01:15 - 2017-06-04 01:15 - 00000000 ____D C:\Program Files (x86)\Biweghtnebety
2017-06-01 18:44 - 2017-06-01 18:44 - 00002153 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-01 18:44 - 2017-06-01 18:44 - 00002083 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-01 18:44 - 2017-06-01 18:44 - 00000000 ____D C:\Program Files (x86)\Fanlook
2017-06-01 16:50 - 2017-06-01 16:50 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-30 20:22 - 2017-05-30 20:22 - 00000000 ___HD C:\$GetCurrent
2017-05-30 20:21 - 2017-05-31 06:22 - 00000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à niveau de Windows 10.lnk
2017-05-30 16:54 - 2017-06-23 09:10 - 00000140 _____ C:\WINDOWS\Reimage.ini
2017-05-30 12:56 - 2017-05-30 15:40 - 00000000 ____D C:\ProgramData\iolo
2017-05-30 12:56 - 2017-05-30 12:56 - 00074703 _____ C:\WINDOWS\SysWOW64\mfc45.dat
2017-05-30 12:56 - 2017-05-30 12:56 - 00000000 ____D C:\Program Files (x86)\iolo
2017-05-30 12:42 - 2017-05-30 12:42 - 00000000 ____D C:\ProgramData\DumpFiles
2017-05-30 12:40 - 2017-05-30 12:40 - 00000000 ____D C:\Temp
2017-05-30 11:03 - 2017-05-30 11:03 - 00152160 _____ (Alfa System Programming) C:\WINDOWS\system32\Drivers\defset.sys
2017-05-30 11:03 - 2017-05-30 11:03 - 00139488 _____ (Alfa System Programming) C:\WINDOWS\SysWOW64\defset.sys
2017-05-30 08:49 - 2017-06-09 23:13 - 00000000 ____D C:\Program Files\Defraggler
2017-05-30 08:49 - 2017-05-30 08:49 - 00001732 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-05-30 08:49 - 2017-05-30 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-05-30 07:46 - 2017-06-20 08:35 - 00000830 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-30 07:46 - 2017-05-30 07:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-30 07:46 - 2017-05-30 07:46 - 00000000 ____D C:\Program Files\CCleaner
2017-05-28 13:07 - 2017-05-31 21:29 - 00000000 ____D C:\Program Files (x86)\BJBMD
2017-05-28 13:03 - 2017-05-28 13:03 - 00000000 ____D C:\Pipisy
2017-05-26 14:22 - 2017-06-22 14:34 - 00335424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-26 08:40 - 2017-05-26 08:42 - 00000000 ____D C:\ProgramData\2388aeee62744b7fbe39f86b30a188de
2017-05-26 00:08 - 2017-05-26 01:18 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-05-26 00:08 - 2017-05-26 00:08 - 00000000 ____D C:\ProgramData\IDM
2017-05-25 22:47 - 2017-05-25 22:47 - 00000000 ____D C:\Cosusp
2017-05-25 14:36 - 2017-05-25 14:36 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-25 14:13 - 2017-06-23 14:17 - 00004054 __RSH C:\ProgramData\ntuser.pol
2017-05-25 02:13 - 2017-05-25 02:13 - 00000000 _____ C:\WINDOWS\SysWOW64\3333
2017-05-25 02:13 - 2017-05-25 02:13 - 00000000 _____ C:\WINDOWS\SysWOW64\2222
2017-05-25 02:13 - 2017-05-25 02:13 - 00000000 _____ C:\WINDOWS\SysWOW64\1111
2017-05-24 13:36 - 2017-06-01 16:51 - 00000000 ____D C:\Program Files\UNP

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-06-23 17:30 - 2017-05-16 12:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-23 15:51 - 2017-05-16 22:18 - 03925020 _____ C:\WINDOWS\system32\perfh00C.dat
2017-06-23 15:51 - 2017-05-16 22:18 - 01060708 _____ C:\WINDOWS\system32\perfc00C.dat
2017-06-23 15:51 - 2017-05-16 12:32 - 07621392 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-23 15:46 - 2017-05-19 13:09 - 00005485 _____ C:\ProgramData\log.ewbt
2017-06-23 15:46 - 2017-05-19 13:09 - 00000128 _____ C:\ProgramData\log.ewbb
2017-06-23 15:46 - 2017-05-16 12:25 - 00000000 ____D C:\Users\sysko
2017-06-23 15:45 - 2017-05-22 08:49 - 00000000 ____D C:\Users\sysko\AppData\Roaming\uTorrent
2017-06-23 15:45 - 2017-05-19 14:14 - 00003549 _____ C:\ServiceLog.txt
2017-06-23 15:45 - 2017-05-16 12:23 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-23 15:45 - 2017-05-16 12:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-23 14:05 - 2017-05-16 12:30 - 00000000 ____D C:\Users\sysko\AppData\Local\Packages
2017-06-23 14:04 - 2017-05-16 12:30 - 00000000 ____D C:\Users\sysko\AppData\Local\ConnectedDevicesPlatform
2017-06-23 14:03 - 2017-05-16 22:09 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-06-23 13:51 - 2017-05-16 12:47 - 00000000 ____D C:\Users\sysko\AppData\Local\Comms
2017-06-23 11:15 - 2017-05-16 22:14 - 00000000 ____D C:\WINDOWS\INF
2017-06-23 08:06 - 2017-05-23 18:13 - 00004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D8065016-EAEB-4A65-A25C-232F9D59460C}
2017-06-22 15:17 - 2017-05-20 10:26 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-06-22 14:43 - 2017-05-22 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-06-22 14:43 - 2017-05-18 08:15 - 00000000 ____D C:\ProgramData\Autodesk
2017-06-22 14:42 - 2017-05-22 11:53 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-06-22 14:42 - 2017-05-22 11:53 - 00000000 ____D C:\Program Files\Autodesk
2017-06-22 14:31 - 2017-05-16 22:15 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-06-21 20:13 - 2017-05-19 06:18 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-21 16:46 - 2017-02-10 09:52 - 00000000 ____D C:\Windows10Upgrade
2017-06-21 16:45 - 2017-05-23 17:34 - 00000000 ____D C:\Program Files (x86)\AIMP Classic
2017-06-20 15:46 - 2017-05-16 22:10 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-20 15:46 - 2017-05-16 15:10 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-20 15:46 - 2017-05-16 15:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-20 12:55 - 2017-05-16 22:15 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-20 12:55 - 2017-05-16 22:15 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-20 08:34 - 2017-05-22 08:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-20 07:22 - 2017-05-16 22:15 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-19 12:15 - 2017-05-23 20:47 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-19 10:14 - 2017-05-16 22:15 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-19 10:12 - 2017-05-16 22:15 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-19 10:11 - 2017-05-16 22:15 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-09 08:28 - 2017-05-16 22:21 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-04 01:14 - 2017-05-16 12:23 - 00000000 ____D C:\Program Files\Intel
2017-06-03 17:36 - 2017-05-16 21:52 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 17:36 - 2017-05-16 21:52 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 05:49 - 2017-05-22 14:15 - 00000000 ____D C:\Program Files (x86)\Ferfoward_
2017-05-31 21:28 - 2017-05-20 08:50 - 00000000 ____D C:\Users\sysko\AppData\Roaming\WinSAPSvc
2017-05-31 21:13 - 2017-05-20 08:46 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-05-31 20:22 - 2017-05-20 08:30 - 00000000 ____D C:\Program Files\jtoh6w85
2017-05-31 15:30 - 2017-05-16 15:13 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-26 13:34 - 2017-05-16 22:21 - 00000000 ____D C:\Windows.old
2017-05-26 07:23 - 2017-05-23 20:58 - 00002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-05-25 14:42 - 2017-05-20 09:50 - 00000000 ____D C:\WINDOWS\system32\log
2017-05-25 14:13 - 2017-05-16 22:15 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-05-24 21:24 - 2017-05-19 07:24 - 00000000 ____D C:\ProgramData\boost_interprocess

==================== Fichiers à la racine de certains dossiers =======

2017-06-23 14:14 - 2017-06-23 14:14 - 0011568 _____ () C:\Users\sysko\AppData\Local\InstallationConfiguration.xml
2017-06-23 14:14 - 2017-06-23 14:14 - 0140800 _____ () C:\Users\sysko\AppData\Local\installer.dat
2017-06-23 14:14 - 2017-06-23 14:14 - 0930816 _____ () C:\Users\sysko\AppData\Local\test_db_cara.db
2017-05-16 12:23 - 2017-05-16 12:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-06-23 15:46 - 2017-06-23 15:48 - 0000132 _____ () C:\ProgramData\log.binb
2017-05-19 13:09 - 2017-06-23 15:46 - 0000128 _____ () C:\ProgramData\log.ewbb
2017-05-19 13:09 - 2017-06-23 15:46 - 0005485 _____ () C:\ProgramData\log.ewbt
2017-05-19 06:21 - 2017-05-19 06:21 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2017-05-19 13:09 - 2017-05-19 13:09 - 0353480 _____ () C:\ProgramData\tw4169859.exe

Fichiers à déplacer ou supprimer:
====================
C:\Program Files (x86)\1h5rb43x1qr\2ZY260GE1D25OUI.exe
C:\Program Files (x86)\pskeb1bjyoy\305B2U4UPPV5XYF.exe
C:\ProgramData\54542497619444478918ae49c233f590\R1dDAJ0eKJl.exe
C:\ProgramData\2494e81bae9e4d499cc775e4b5e5780c\FNu91hkKscSL.exe
C:\ProgramData\tw4169859.exe


Certains fichiers dans TEMP:
====================
2017-06-23 14:11 - 2017-06-23 14:14 - 3137536 _____ (TODO: ) C:\Users\sysko\AppData\Local\Temp\linker.exe
2017-06-23 14:17 - 2017-06-23 14:17 - 2383613 _____ () C:\Users\sysko\AppData\Local\Temp\ytab_m_1_big.exe

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2017-06-23 12:19

==================== Fin de FRST.txt ============================