Format du document : text/plain
Prévisualisation
Résultats de correction de Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
Exécuté par Primael (2016-05-26 11:13:21) Run:1
Exécuté depuis C:\Users\Primael\Desktop
Profils chargés: Primael (Profils disponibles: Primael)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CloseProcesses:
CreateRestorePoint:
hosts:
cmd: sfc /scannow
Cmd: del %temp% /s/f/q
[-HKU\S-1-5-21-800940424-3997634671-1375518831-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserAir]
2016-05-26 08:49 - 2016-05-26 08:49 - 00000000 ____D C:\Users\Primael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2016-05-26 08:48 - 2016-05-26 08:49 - 00000000 ____D C:\Users\Primael\AppData\Local\BrowserAir
Task: {23A2E7F4-E381-4B1A-923F-8466A506C45C} - System32\Tasks\IBUpd2 => C:\Users\Primael\AppData\Local\BrowserAir\47.0.0.5\updater.exe
FirewallRules: [{8C365FEE-2703-4F86-8199-E665A7E41CB6}] => (Allow) C:\Users\Primael\AppData\Local\BrowserAir\Application\BrowserAir.exe
Task: {1EA37374-4DCD-4147-9A48-4C65D7F7A22C} - System32\Tasks\tasklist => c:\programdata\setup_qg00.exe
Task: {A159D10E-A389-46BA-A667-1DCA5D477758} - \SMW_P
Task: {F4113733-B06F-4498-BBAC-60E721F7C002} - System32\Tasks\{11701A59-8724-7EC8-0139-2760B8CFCD54} => C:\Users\Primael\AppData\Local\{27071~1\UNINST~1.EXE
Task: {F4113733-B06F-4498-BBAC-60E721F7C002} - System32\Tasks\{11701A59-8724-7EC8-0139-2760B8CFCD54} => C:\Users\Primael\AppData\Local\{27071~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\{11701A59-8724-7EC8-0139-2760B8CFCD54}.job
ShortcutWithArgument: C:\Users\Primael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=g5pzftpbl0cshmobp,3cb85f4e-785d-4524-854c-8a5d3ee7f60c,
ShortcutWithArgument: C:\Users\Primael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=g5pzftpbl0cshmobp,3cb85f4e-785d-4524-854c-8a5d3ee7f60c,
ShortcutWithArgument: C:\Users\Primael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www-searching.com/?prd=set_epe&s=g5pzftpbl0cshmobp,3cb85f4e-785d-4524-854c-8a5d3ee7f60c,"
ShortcutWithArgument: C:\Users\Primael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search (2).lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-searching.com/?prd=set_epe&s=g5pzftpbl0cshmobp,3cb85f4e-785d-4524-854c-8a5d3ee7f60c,
ShortcutWithArgument: C:\Users\Primael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=g5pzftpbl0cshmobp,3cb85f4e-785d-4524-854c-8a5d3ee7f60c,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=g5pzftpbl0cshmobp,3cb85f4e-785d-4524-854c-8a5d3ee7f60c,
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=g5pzftpbl0cshmobp,3cb85f4e-785d-4524-854c-8a5d3ee7f60c,
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-800940424-3997634671-1375518831-1001\...\Run: [QGuan00] => c:\programdata\setup_qg00.exe
c:\programdata\setup_qg00.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction
SearchScopes: HKU\S-1-5-21-800940424-3997634671-1375518831-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=g5pzftpbl0cshmobp,3cb85f4e-785d-4524-854c-8a5d3ee7f60c,&site=shyosie&prd=setgo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-800940424-3997634671-1375518831-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=g5pzftpbl0cshmobp,3cb85f4e-785d-4524-854c-8a5d3ee7f60c,&site=shyosie&prd=setgo&q={searchTerms}
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=g5pzftpbl0cshmobp,3cb85f4e-785d-4524-854c-8a5d3ee7f60c,
FF Homepage: about:home
FF SearchPlugin: C:\Users\Primael\AppData\Roaming\Mozilla\Firefox\Profiles\z3bj3rpo.default\searchplugins\smod.xml
FF Extension: Pas de nom - C:\Users\Primael\AppData\Roaming\Mozilla\Firefox\Profiles\z3bj3rpo.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
S2 Sefhiwhh; "C:\Users\Primael\AppData\Roaming\AsocmDeodyso\Kuvbav.exe" -cms
C:\Users\Primael\AppData\Roaming\AsocmDeodyso
S2 Thevshhostsrv; "C:\Program Files (x86)\Thevsh\Thevshhostsrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
C:\Program Files (x86)\Thevsh
S2 Wadush; "C:\Users\Primael\AppData\Roaming\JejwikOkeippe\Laurea.exe" -cms
C:\Users\Primael\AppData\Roaming\JejwikOkeippe
C:\WINDOWS\system32\sepg
C:\WINDOWS\system32\vojm
C:\ProgramData\RandomDelJiheReg.exe
C:\Program Files (x86)\Phenuther
C:\Program Files (x86)\Zmghtnaduse
C:\Users\Primael\AppData\LocalLow\Company
D C:\Program Files\Radnoc
C:\Program Files (x86)\FastWeb
C:\WINDOWS\system32\bi3.exe
*****************
Processus fermé avec succès.
Le Point de restauration a été créé avec succès.
C:\Windows\System32\Drivers\etc\hosts => déplacé(es) avec succès
Hosts restauré(es) avec succès.
========= sfc /scannow =========