Résultats de correction de Farbar Recovery Scan Tool (x86) Version:04-05-2016 Exécuté par priver (2016-05-05 18:19:33) Run:3 Exécuté depuis C:\Documents and Settings\priver\Bureau Profils chargés: priver (Profils disponibles: priver) Mode d'amorçage: Normal ============================================== fixlist contenu: ***************** start CloseProcesses: CreateRestorePoint: RemoveProxy: HKLM\...\Run: [] => [X] HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {47e34488-f828-11e5-8151-001bb9b527fa} - E:\RECYCLER\SuZzWmE.exe HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\MountPoints2: {8b64e926-fda2-11e5-8160-001bb9b527fa} - E:\RECYCLER\FkCxPqN.exe HKU\S-1-5-21-1708537768-484763869-1606980848-1003\...\Policies\Explorer: [NoInstrumentation] 1 Startup: C:\Documents and Settings\priver\Menu Démarrer\Programmes\Démarrage\Download.lnk [2015-02-14] ShortcutTarget: Download.lnk -> C:\Documents and Settings\All Users\Application Data\{67cce07f-dc8e-ac80-67cc-ce07fdc881ff}\Download.exe (Pas de fichier) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP hxxp://www.01men.com/ URLSearchHook: [S-1-5-21-1708537768-484763869-1606980848-1003] ATTENTION => URLSearchHook par défaut est absent SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {4FC1B895-E129-4345-B101-CF4EF5EF80C8} URL = SearchScopes: HKU\S-1-5-21-1708537768-484763869-1606980848-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKU\S-1-5-21-1708537768-484763869-1606980848-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0ByDtByB0F0AtAzztAzztN0D0Tzu0StCyDyCzztN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyDzz0EtAyBzyyEtGyC0DyBzytGtCyDtD0CtGtAtA0FtAtGtCtA0FzztA0D0C0FzzyD0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0B0EyCtA0E0A0FtGyB0B0BtCtGyEtA0F0DtG0A0CyDtCtGyC0ByEtDzy0E0EyB0DyB0FyD2QtN0A0LzuyE%26cr%3D1905026766%26a%3Dwbf_ir_16_15%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} FF Extension: Pas de nom - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2015-09-04] [non signé] CHR StartupUrls: Default -> "hxxp://www.hohosearch.com/?mode=nnnb&ptid=isr&uid=700AF31965BC1BE439649CF6DEED878D&v=20160415&ts=AHEqA3UpAXUtC0.." CHR Profile: C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-17] CHR Extension: (Google Docs) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Drive) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Search and Replace) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bldchfkhmnkoimaciljpilanilmbnofo [2015-07-26] [UpdateUrl: hxxps://mynamedomain.koko/00] <==== ATTENTION CHR Extension: (YouTube) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION CHR Extension: (Recherche Google) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION CHR Extension: (Google Wallet) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Gmail) - C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== ATTENTION CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-10] CHR HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx "d51a71667b27960" => service n'a pas pu être déverrouillé. <===== ATTENTION S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X] S2 SstrprSrv; "C:\Program Files\Sosition\SstrprSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X] U5 d51a71667b27960; C:\Windows\System32\Drivers\d51a71667b27960.sys [86656 2015-10-02] () <===== ATTENTION Necurs Rootkit? S4 IntelIde; pas de ImagePath U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [Fichier non signé] U1 WS2IFSL; pas de ImagePath EmptyTemp: CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: reboot: end ***************** Processus fermé avec succès. Error: (0) Impossible de créer un point de restauration. ========= RemoveProxy: ========= HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valeur supprimé(es) avec succès HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valeur supprimé(es) avec succès ========= Fin de RemoveProxy: ========= HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => valeur non trouvé(e). HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => valeur non trouvé(e). HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47e34488-f828-11e5-8151-001bb9b527fa} => clé non trouvé(e). HKCR\CLSID\{47e34488-f828-11e5-8151-001bb9b527fa} => clé non trouvé(e). HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b64e926-fda2-11e5-8160-001bb9b527fa} => clé non trouvé(e). HKCR\CLSID\{8b64e926-fda2-11e5-8160-001bb9b527fa} => clé non trouvé(e). HKU\S-1-5-21-1708537768-484763869-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => valeur non trouvé(e). C:\Documents and Settings\priver\Menu Démarrer\Programmes\Démarrage\Download.lnk => non trouvé(e). C:\Documents and Settings\All Users\Application Data\{67cce07f-dc8e-ac80-67cc-ce07fdc881ff}\Download.exe => non trouvé(e). HKLM\SOFTWARE\Policies\Google => clé non trouvé(e). HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => clé non trouvé(e). HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valeur restauré(es) avec succès hxxp://www.01men.com/ => Erreur: Pas de correction automatique trouvée pour cet élément. Impossible de restaurer Par défaut URLSearchHook. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur restauré(es) avec succès HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e). HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e). HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur non trouvé(e). HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur non trouvé(e). HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur non trouvé(e). HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur supprimé(es) avec succès HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e). HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => clé non trouvé(e). C:\Program Files\Java\jre6\lib\deploy\jqs\ff => non trouvé(e). Chrome StartupUrls => non trouvé(e). ========================= CHR Profile: C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default ======================== "CHR ProC:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default" => non trouvé(e). ====== Fin de File: ====== C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => non trouvé(e). C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <==== ATTENTION => non trouvé(e). C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <==== ATTENTION => non trouvé(e). C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bldchfkhmnkoimaciljpilanilmbnofo <==== ATTENTION => non trouvé(e). C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo <==== ATTENTION => non trouvé(e). C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf <==== ATTENTION => non trouvé(e). C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => non trouvé(e). C:\Documents and Settings\priver\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia <==== ATTENTION => non trouvé(e). HKLM\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi => clé non trouvé(e). HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => clé non trouvé(e). "C:\Program Files\Internet Download Manager\IDMGCExt.crx" => non trouvé(e). HKU\S-1-5-21-1708537768-484763869-1606980848-1003\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi => clé non trouvé(e). "d51a71667b27960" => service n'a pas pu être déverrouillé. <===== ATTENTION => Erreur: Pas de correction automatique trouvée pour cet élément. gupdatem => service non trouvé(e). MozillaMaintenance => service non trouvé(e). SstrprSrv => service non trouvé(e). d51a71667b27960 => service impossible à supprimer IntelIde => service non trouvé(e). UnlockerDriver5 => service non trouvé(e). WS2IFSL => service non trouvé(e). ========= netsh winsock reset all ========= Le catalogue Winsock a ‚t‚ r‚initialis‚ correctement. Vous devez red‚marrer l'ordinateur afin de finaliser la r‚initialisation. ========= Fin de CMD: ========= ========= ipconfig /flushdns ========= Configuration IP de Windows ========= Fin de CMD: ========= C:\Windows\System32\Drivers\etc\hosts => déplacé(es) avec succès Hosts restauré(es) avec succès. EmptyTemp: => 13.4 MB données temporaires supprimées. Le système a dû redémarrer. ==== Fin de Fixlog 18:19:46 ====