Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats de correction de Farbar Recovery Scan Tool (x86) Version:04-05-2016
Exécuté par priver (2016-05-05 18:19:33) Run:3
Exécuté depuis C:\Documents and Settings\priver\Bureau
Profils chargés: priver (Profils disponibles: priver)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
start
CloseProcesses:
CreateRestorePoint:
RemoveProxy:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {47e34488-f828-11e5-8151-001bb9b527fa} - E:\RECYCLER\SuZzWmE.exe
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {8b64e926-fda2-11e5-8160-001bb9b527fa} - E:\RECYCLER\FkCxPqN.exe
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\Documents and Settings\priver\Menu Démarrer\Programmes\Démarrage\Download.lnk [2015-02-14]
ShortcutTarget: Download.lnk -> C:\Documents and Settings\All Users\Application Data\{67cce07f-dc8e-ac80-67cc-ce07fdc881ff}\Download.exe (Pas de fichier)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP
hxxp://www.01men.com/
URLSearchHook: [S-1-5-21-1708537768-484763869-1606980848-1003] ATTENTION => URLSearchHook par défaut est absent
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL =
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1606980848-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1606980848-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
FF Extension: Pas de nom - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2015-09-04] [non signé]
CHR StartupUrls: Default -> "hxxp://www.hohosearch.com/?mode=nnnb&ptid=isr&uid=700AF31965BC1BE439649CF6DEED878D&v=20160415&ts=AHEqA3UpAXUtC0.."
CHR Profile: C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-17]
CHR Extension: (Google Docs) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Search and Replace) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bldchfkhmnkoimaciljpilanilmbnofo [2015-07-26] [UpdateUrl: hxxps://mynamedomain.koko/00] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION
CHR Extension: (Recherche Google) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10]
CHR HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
"d51a71667b27960" => service n'a pas pu être déverrouillé. <===== ATTENTION
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 SstrprSrv; "C:\Program Files\Sosition\SstrprSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
U5 d51a71667b27960; C:\Windows\System32\Drivers\d51a71667b27960.sys [86656 2015-10-02] () <===== ATTENTION Necurs Rootkit?
S4 IntelIde; pas de ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [Fichier non signé]
U1 WS2IFSL; pas de ImagePath
EmptyTemp:
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
reboot:
end
*****************
Processus fermé avec succès.
Error: (0) Impossible de créer un point de restauration.
========= RemoveProxy: =========
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valeur supprimé(es) avec succès
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valeur supprimé(es) avec succès
========= Fin de RemoveProxy: =========
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => valeur non trouvé(e).
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => valeur non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47e34488-f828-11e5-8151-001bb9b527fa} => clé non trouvé(e).
HKCR\CLSID\{47e34488-f828-11e5-8151-001bb9b527fa} => clé non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b64e926-fda2-11e5-8160-001bb9b527fa} => clé non trouvé(e).
HKCR\CLSID\{8b64e926-fda2-11e5-8160-001bb9b527fa} => clé non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => valeur non trouvé(e).
C:\Documents and Settings\priver\Menu Démarrer\Programmes\Démarrage\Download.lnk => non trouvé(e).
C:\Documents and Settings\All Users\Application Data\{67cce07f-dc8e-ac80-67cc-ce07fdc881ff}\Download.exe => non trouvé(e).
HKLM\SOFTWARE\Policies\Google => clé non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => clé non trouvé(e).
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valeur restauré(es) avec succès
hxxp://www.01men.com/ => Erreur: Pas de correction automatique trouvée pour cet élément.
Impossible de restaurer Par défaut URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur restauré(es) avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e).
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e).
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur non trouvé(e).
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur non trouvé(e).
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur supprimé(es) avec succès
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e).
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e).
C:\Program Files\Java\jre6\lib\deploy\jqs\ff => non trouvé(e).
Chrome StartupUrls => non trouvé(e).
========================= CHR Profile: C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default ========================
"CHR ProC:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default" => non trouvé(e).
====== Fin de File: ======
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bldchfkhmnkoimaciljpilanilmbnofo <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia <==== ATTENTION => non trouvé(e).
HKLM\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi => clé non trouvé(e).
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => clé non trouvé(e).
"C:\Program Files\Internet Download Manager\IDMGCExt.crx" => non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi => clé non trouvé(e).
"d51a71667b27960" => service n'a pas pu être déverrouillé. <===== ATTENTION => Erreur: Pas de correction automatique trouvée pour cet élément.
gupdatem => service non trouvé(e).
MozillaMaintenance => service non trouvé(e).
SstrprSrv => service non trouvé(e).
d51a71667b27960 => service impossible à supprimer
IntelIde => service non trouvé(e).
UnlockerDriver5 => service non trouvé(e).
WS2IFSL => service non trouvé(e).
========= netsh winsock reset all =========
Le catalogue Winsock a �t� r�initialis� correctement.
Vous devez red�marrer l'ordinateur afin de finaliser la r�initialisation.
========= Fin de CMD: =========
========= ipconfig /flushdns =========
Configuration IP de Windows
========= Fin de CMD: =========
C:\Windows\System32\Drivers\etc\hosts => déplacé(es) avec succès
Hosts restauré(es) avec succès.
EmptyTemp: => 13.4 MB données temporaires supprimées.
Le système a dû redémarrer.
==== Fin de Fixlog 18:19:46 ====
Exécuté par priver (2016-05-05 18:19:33) Run:3
Exécuté depuis C:\Documents and Settings\priver\Bureau
Profils chargés: priver (Profils disponibles: priver)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
start
CloseProcesses:
CreateRestorePoint:
RemoveProxy:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {47e34488-f828-11e5-8151-001bb9b527fa} - E:\RECYCLER\SuZzWmE.exe
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {8b64e926-fda2-11e5-8160-001bb9b527fa} - E:\RECYCLER\FkCxPqN.exe
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\Documents and Settings\priver\Menu Démarrer\Programmes\Démarrage\Download.lnk [2015-02-14]
ShortcutTarget: Download.lnk -> C:\Documents and Settings\All Users\Application Data\{67cce07f-dc8e-ac80-67cc-ce07fdc881ff}\Download.exe (Pas de fichier)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP
hxxp://www.01men.com/
URLSearchHook: [S-1-5-21-1708537768-484763869-1606980848-1003] ATTENTION => URLSearchHook par défaut est absent
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL =
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1606980848-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1606980848-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
FF Extension: Pas de nom - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2015-09-04] [non signé]
CHR StartupUrls: Default -> "hxxp://www.hohosearch.com/?mode=nnnb&ptid=isr&uid=700AF31965BC1BE439649CF6DEED878D&v=20160415&ts=AHEqA3UpAXUtC0.."
CHR Profile: C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-17]
CHR Extension: (Google Docs) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Search and Replace) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bldchfkhmnkoimaciljpilanilmbnofo [2015-07-26] [UpdateUrl: hxxps://mynamedomain.koko/00] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION
CHR Extension: (Recherche Google) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10]
CHR HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
"d51a71667b27960" => service n'a pas pu être déverrouillé. <===== ATTENTION
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 SstrprSrv; "C:\Program Files\Sosition\SstrprSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
U5 d51a71667b27960; C:\Windows\System32\Drivers\d51a71667b27960.sys [86656 2015-10-02] () <===== ATTENTION Necurs Rootkit?
S4 IntelIde; pas de ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [Fichier non signé]
U1 WS2IFSL; pas de ImagePath
EmptyTemp:
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
reboot:
end
*****************
Processus fermé avec succès.
Error: (0) Impossible de créer un point de restauration.
========= RemoveProxy: =========
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valeur supprimé(es) avec succès
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valeur supprimé(es) avec succès
========= Fin de RemoveProxy: =========
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => valeur non trouvé(e).
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => valeur non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47e34488-f828-11e5-8151-001bb9b527fa} => clé non trouvé(e).
HKCR\CLSID\{47e34488-f828-11e5-8151-001bb9b527fa} => clé non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b64e926-fda2-11e5-8160-001bb9b527fa} => clé non trouvé(e).
HKCR\CLSID\{8b64e926-fda2-11e5-8160-001bb9b527fa} => clé non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => valeur non trouvé(e).
C:\Documents and Settings\priver\Menu Démarrer\Programmes\Démarrage\Download.lnk => non trouvé(e).
C:\Documents and Settings\All Users\Application Data\{67cce07f-dc8e-ac80-67cc-ce07fdc881ff}\Download.exe => non trouvé(e).
HKLM\SOFTWARE\Policies\Google => clé non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => clé non trouvé(e).
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valeur restauré(es) avec succès
hxxp://www.01men.com/ => Erreur: Pas de correction automatique trouvée pour cet élément.
Impossible de restaurer Par défaut URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur restauré(es) avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e).
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e).
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur non trouvé(e).
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur non trouvé(e).
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur supprimé(es) avec succès
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e).
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e).
C:\Program Files\Java\jre6\lib\deploy\jqs\ff => non trouvé(e).
Chrome StartupUrls => non trouvé(e).
========================= CHR Profile: C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default ========================
"CHR ProC:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default" => non trouvé(e).
====== Fin de File: ======
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bldchfkhmnkoimaciljpilanilmbnofo <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => non trouvé(e).
C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia <==== ATTENTION => non trouvé(e).
HKLM\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi => clé non trouvé(e).
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => clé non trouvé(e).
"C:\Program Files\Internet Download Manager\IDMGCExt.crx" => non trouvé(e).
HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi => clé non trouvé(e).
"d51a71667b27960" => service n'a pas pu être déverrouillé. <===== ATTENTION => Erreur: Pas de correction automatique trouvée pour cet élément.
gupdatem => service non trouvé(e).
MozillaMaintenance => service non trouvé(e).
SstrprSrv => service non trouvé(e).
d51a71667b27960 => service impossible à supprimer
IntelIde => service non trouvé(e).
UnlockerDriver5 => service non trouvé(e).
WS2IFSL => service non trouvé(e).
========= netsh winsock reset all =========
Le catalogue Winsock a �t� r�initialis� correctement.
Vous devez red�marrer l'ordinateur afin de finaliser la r�initialisation.
========= Fin de CMD: =========
========= ipconfig /flushdns =========
Configuration IP de Windows
========= Fin de CMD: =========
C:\Windows\System32\Drivers\etc\hosts => déplacé(es) avec succès
Hosts restauré(es) avec succès.
EmptyTemp: => 13.4 MB données temporaires supprimées.
Le système a dû redémarrer.
==== Fin de Fixlog 18:19:46 ====