Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 29-11-2024
Exécuté par Belette (02-12-2024 16:54:10) Run:3
Exécuté depuis C:\Users\Belette\OneDrive\Bureau
Profils chargés: Belette
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\ProgramData\AuthenticMessaging\PinbDisc\MickVWzbjRb284.dll
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction
HKU\S-1-5-21-2051906324-2869483229-801820330-1001\...\Run: [Web Companion] => C:\Users\Belette\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe [3427032 2024-02-29] (Lavasoft Software Canada Inc. -> Lavasoft)
HKU\S-1-5-21-2051906324-2869483229-801820330-1001\...\Run: [EPSDNMON] => "" (Pas de fichier)
Task: {919020F4-C765-4802-874E-8FB83BFEBAEA} - System32\Tasks\Microsoft\microsoft-windows-apin => C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe [58864 2022-06-25] (Microsoft Corporation -> Microsoft Corporation) -> C:\ProgramData\AuthenticMessaging\PinbDisc\C:\ProgramData\AuthenticMessaging\PinbDisc\MickVWzbjRb284.dll /U
Edge HomePage: Default -> hxxps://
Edge DefaultSearchURL: Default -> hxxps://find.fnavigate-now.com/results.aspx?d=070823&n=0670&q={searchTerms}&gd=RD1002836&searchsource=69
Edge DefaultSearchKeyword: Default -> yahoosearch
CHR HomePage: Default -> hxxps://
CHR StartupUrls: Default -> "hxxps://"
CHR HomePage: Profile 1 -> hxxps://
CHR StartupUrls: Profile 1 -> "hxxps://"
CHR DefaultSearchURL: Profile 1 -> hxxps://websearcher-red.com/search?dd=a3h3a2FaSUNZUltNRVpQF0FOXVNfQAtaVltBR15UXUFEFyQqMRYiMAQaNAMsIgsnHScZTB0mCSo1IT0QXDQ2OVEZThAqPi45MjIgODk2LgYiPEc7JTQ6AC4%3D&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> websearcher-red.com
CHR DefaultNewTabURL: Profile 1 -> hxxps://websearcher-red.com/nt?dd=a3h3a2FaSUNZUltNRVpQF0FOXVNfQAtaVltBR15UXUFEFyQqMRYiMAQaNAMsIgsnHScZTB0mCSo1IT0QXDQ2OVEZThAqPi45MjIgODk2LgYiPEc7JTQ6AC4%3D
CHR HomePage: Profile 3 -> hxxps://
CHR StartupUrls: Profile 3 -> "hxxps://"
CHR DefaultSearchURL: Profile 3 -> hxxps://websearcher-red.com/search?dd=a3h3a2FaSUNZUltNRVpQF0FOXVNfQAtaVltBR15UXUFEFyQqMRYiMAQaNAMsIgsnHScZTB0mCSo1IT0QXDQ2OVEZThAqPi45MjIgODk2LgYiPEc7JTQ6AC4%3D&q={searchTerms}
CHR DefaultSearchKeyword: Profile 3 -> websearcher-red.com
CHR DefaultNewTabURL: Profile 3 -> hxxps://websearcher-red.com/nt?dd=a3h3a2FaSUNZUltNRVpQF0FOXVNfQAtaVltBR15UXUFEFyQqMRYiMAQaNAMsIgsnHScZTB0mCSo1IT0QXDQ2OVEZThAqPi45MjIgODk2LgYiPEc7JTQ6AC4%3D
IE trusted site: HKU\S-1-5-21-2051906324-2869483229-801820330-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{9DF37BAC-11D5-4EFD-AEFF-03200C1C98B2}] => (Allow) C:\Program Files\Fortect\MainService.exe => Pas de fichier
FirewallRules: [{97A68AAC-5D1F-4BC5-8DC1-384DCB7127E1}] => (Allow) C:\Program Files\Fortect\MainService.exe => Pas de fichier
FirewallRules: [{6F09EA85-329C-4E34-B0EE-54C4940F374A}] => (Allow) C:\Program Files\Fortect\MainService.exe => Pas de fichier
FirewallRules: [{2DEE11BF-5D2A-4804-9723-AA5BA9226767}] => (Allow) C:\Program Files\Fortect\MainService.exe => Pas de fichier
C:\ProgramData\AuthenticMessaging
C:\Users\Belette\AppData\Roaming\Lavasoft
EmptyTemp:
End::
*****************
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
========================= File: C:\ProgramData\AuthenticMessaging\PinbDisc\MickVWzbjRb284.dll ========================
"C:\ProgramData\AuthenticMessaging\PinbDisc\MickVWzbjRb284.dll" => non trouvé(e)
====== Fin de File: ======
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => impossible à supprimer, clé était peut-être protégé(e)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => non trouvé(e)
HKLM\SOFTWARE\Policies\Microsoft\MRT => non trouvé(e)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => non trouvé(e)
"HKU\S-1-5-21-2051906324-2869483229-801820330-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => non trouvé(e)
"HKU\S-1-5-21-2051906324-2869483229-801820330-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSDNMON" => non trouvé(e)
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{919020F4-C765-4802-874E-8FB83BFEBAEA}" => non trouvé(e)
"C:\WINDOWS\System32\Tasks\Microsoft\microsoft-windows-apin" => non trouvé(e)
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\microsoft-windows-apin" => non trouvé(e)
"Edge HomePage" => non trouvé(e)
"Edge DefaultSearchURL" => non trouvé(e)
"Edge DefaultSearchKeyword" => non trouvé(e)
"Chrome HomePage" => supprimé(es) avec succès
"Chrome StartupUrls" => non trouvé(e)
"Chrome HomePage" => non trouvé(e)
"Chrome StartupUrls" => non trouvé(e)
"Chrome DefaultSearchURL" => non trouvé(e)
"Chrome DefaultSearchKeyword" => non trouvé(e)
"Chrome DefaultNewTabURL" => non trouvé(e)
"Chrome HomePage" => non trouvé(e)
"Chrome StartupUrls" => non trouvé(e)
"Chrome DefaultSearchURL" => non trouvé(e)
"Chrome DefaultSearchKeyword" => non trouvé(e)
"Chrome DefaultNewTabURL" => non trouvé(e)
HKU\S-1-5-21-2051906324-2869483229-801820330-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DF37BAC-11D5-4EFD-AEFF-03200C1C98B2}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97A68AAC-5D1F-4BC5-8DC1-384DCB7127E1}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F09EA85-329C-4E34-B0EE-54C4940F374A}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DEE11BF-5D2A-4804-9723-AA5BA9226767}" => non trouvé(e)
"C:\ProgramData\AuthenticMessaging" => non trouvé(e)
"C:\Users\Belette\AppData\Roaming\Lavasoft" => non trouvé(e)
=========== EmptyTemp: ==========
FlushDNS => terminé(e)
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13653616 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 879474743 B
Firefox => 0 B
Opera => 292806 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6813 B
systemprofile32 => 6813 B
LocalService => 2970753 B
NetworkService => 4636475 B
Exécuté par Belette (02-12-2024 16:54:10) Run:3
Exécuté depuis C:\Users\Belette\OneDrive\Bureau
Profils chargés: Belette
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\ProgramData\AuthenticMessaging\PinbDisc\MickVWzbjRb284.dll
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction
HKU\S-1-5-21-2051906324-2869483229-801820330-1001\...\Run: [Web Companion] => C:\Users\Belette\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe [3427032 2024-02-29] (Lavasoft Software Canada Inc. -> Lavasoft)
HKU\S-1-5-21-2051906324-2869483229-801820330-1001\...\Run: [EPSDNMON] => "" (Pas de fichier)
Task: {919020F4-C765-4802-874E-8FB83BFEBAEA} - System32\Tasks\Microsoft\microsoft-windows-apin => C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe [58864 2022-06-25] (Microsoft Corporation -> Microsoft Corporation) -> C:\ProgramData\AuthenticMessaging\PinbDisc\C:\ProgramData\AuthenticMessaging\PinbDisc\MickVWzbjRb284.dll /U
Edge HomePage: Default -> hxxps://
Edge DefaultSearchURL: Default -> hxxps://find.fnavigate-now.com/results.aspx?d=070823&n=0670&q={searchTerms}&gd=RD1002836&searchsource=69
Edge DefaultSearchKeyword: Default -> yahoosearch
CHR HomePage: Default -> hxxps://
CHR StartupUrls: Default -> "hxxps://"
CHR HomePage: Profile 1 -> hxxps://
CHR StartupUrls: Profile 1 -> "hxxps://"
CHR DefaultSearchURL: Profile 1 -> hxxps://websearcher-red.com/search?dd=a3h3a2FaSUNZUltNRVpQF0FOXVNfQAtaVltBR15UXUFEFyQqMRYiMAQaNAMsIgsnHScZTB0mCSo1IT0QXDQ2OVEZThAqPi45MjIgODk2LgYiPEc7JTQ6AC4%3D&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> websearcher-red.com
CHR DefaultNewTabURL: Profile 1 -> hxxps://websearcher-red.com/nt?dd=a3h3a2FaSUNZUltNRVpQF0FOXVNfQAtaVltBR15UXUFEFyQqMRYiMAQaNAMsIgsnHScZTB0mCSo1IT0QXDQ2OVEZThAqPi45MjIgODk2LgYiPEc7JTQ6AC4%3D
CHR HomePage: Profile 3 -> hxxps://
CHR StartupUrls: Profile 3 -> "hxxps://"
CHR DefaultSearchURL: Profile 3 -> hxxps://websearcher-red.com/search?dd=a3h3a2FaSUNZUltNRVpQF0FOXVNfQAtaVltBR15UXUFEFyQqMRYiMAQaNAMsIgsnHScZTB0mCSo1IT0QXDQ2OVEZThAqPi45MjIgODk2LgYiPEc7JTQ6AC4%3D&q={searchTerms}
CHR DefaultSearchKeyword: Profile 3 -> websearcher-red.com
CHR DefaultNewTabURL: Profile 3 -> hxxps://websearcher-red.com/nt?dd=a3h3a2FaSUNZUltNRVpQF0FOXVNfQAtaVltBR15UXUFEFyQqMRYiMAQaNAMsIgsnHScZTB0mCSo1IT0QXDQ2OVEZThAqPi45MjIgODk2LgYiPEc7JTQ6AC4%3D
IE trusted site: HKU\S-1-5-21-2051906324-2869483229-801820330-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{9DF37BAC-11D5-4EFD-AEFF-03200C1C98B2}] => (Allow) C:\Program Files\Fortect\MainService.exe => Pas de fichier
FirewallRules: [{97A68AAC-5D1F-4BC5-8DC1-384DCB7127E1}] => (Allow) C:\Program Files\Fortect\MainService.exe => Pas de fichier
FirewallRules: [{6F09EA85-329C-4E34-B0EE-54C4940F374A}] => (Allow) C:\Program Files\Fortect\MainService.exe => Pas de fichier
FirewallRules: [{2DEE11BF-5D2A-4804-9723-AA5BA9226767}] => (Allow) C:\Program Files\Fortect\MainService.exe => Pas de fichier
C:\ProgramData\AuthenticMessaging
C:\Users\Belette\AppData\Roaming\Lavasoft
EmptyTemp:
End::
*****************
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
========================= File: C:\ProgramData\AuthenticMessaging\PinbDisc\MickVWzbjRb284.dll ========================
"C:\ProgramData\AuthenticMessaging\PinbDisc\MickVWzbjRb284.dll" => non trouvé(e)
====== Fin de File: ======
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => impossible à supprimer, clé était peut-être protégé(e)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => non trouvé(e)
HKLM\SOFTWARE\Policies\Microsoft\MRT => non trouvé(e)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => non trouvé(e)
"HKU\S-1-5-21-2051906324-2869483229-801820330-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => non trouvé(e)
"HKU\S-1-5-21-2051906324-2869483229-801820330-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSDNMON" => non trouvé(e)
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{919020F4-C765-4802-874E-8FB83BFEBAEA}" => non trouvé(e)
"C:\WINDOWS\System32\Tasks\Microsoft\microsoft-windows-apin" => non trouvé(e)
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\microsoft-windows-apin" => non trouvé(e)
"Edge HomePage" => non trouvé(e)
"Edge DefaultSearchURL" => non trouvé(e)
"Edge DefaultSearchKeyword" => non trouvé(e)
"Chrome HomePage" => supprimé(es) avec succès
"Chrome StartupUrls" => non trouvé(e)
"Chrome HomePage" => non trouvé(e)
"Chrome StartupUrls" => non trouvé(e)
"Chrome DefaultSearchURL" => non trouvé(e)
"Chrome DefaultSearchKeyword" => non trouvé(e)
"Chrome DefaultNewTabURL" => non trouvé(e)
"Chrome HomePage" => non trouvé(e)
"Chrome StartupUrls" => non trouvé(e)
"Chrome DefaultSearchURL" => non trouvé(e)
"Chrome DefaultSearchKeyword" => non trouvé(e)
"Chrome DefaultNewTabURL" => non trouvé(e)
HKU\S-1-5-21-2051906324-2869483229-801820330-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DF37BAC-11D5-4EFD-AEFF-03200C1C98B2}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97A68AAC-5D1F-4BC5-8DC1-384DCB7127E1}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F09EA85-329C-4E34-B0EE-54C4940F374A}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DEE11BF-5D2A-4804-9723-AA5BA9226767}" => non trouvé(e)
"C:\ProgramData\AuthenticMessaging" => non trouvé(e)
"C:\Users\Belette\AppData\Roaming\Lavasoft" => non trouvé(e)
=========== EmptyTemp: ==========
FlushDNS => terminé(e)
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13653616 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 879474743 B
Firefox => 0 B
Opera => 292806 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6813 B
systemprofile32 => 6813 B
LocalService => 2970753 B
NetworkService => 4636475 B