Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 11-11-2020
Exécuté par droopy (14-11-2020 11:44:57) Run:1
Exécuté depuis C:\Users\droopy\Desktop
Profils chargés: droopy
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************
closeprocesses:
createrestorepoint:
HKU\S-1-5-21-847398224-3266564336-1598762257-1001\...\Run: [cacaoweb] => C:\Users\droopy\AppData\Roaming\cacaoweb\cacaoweb.exe [567192 2020-10-27] (CACAOWEB Ltd -> )
HKU\S-1-5-21-847398224-3266564336-1598762257-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8160856 2020-10-27] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
FF NewTab: Mozilla\Firefox\Profiles\59qx6eqf.default -> hxxps://securesearch.org/homepage?hp=2&pId=LU150701WEBDIRECT&iDate=2020-10-27 02:35:26&bName=
FF Homepage: Mozilla\Firefox\Profiles\hh00q9yx.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=LU150701WEBDIRECT&iDate=2020-10-27 02:35:26&bName=
FF NewTab: Mozilla\Firefox\Profiles\hh00q9yx.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=LU150701WEBDIRECT&iDate=2020-10-27 02:35:26&bName=
FF Extension: (cacaoweb) - C:\Users\droopy\AppData\Roaming\Mozilla\Firefox\Profiles\hh00q9yx.default-release\Extensions\cacaoweb@cacaoweb.org [2020-11-07] [] [non signé]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-10-27] (LAVASOFT SOFTWARE CANADA INC -> )
2020-10-27 15:35 - 2020-10-27 15:35 - 000000000 ____D C:\Users\droopy\AppData\Roaming\Lavasoft
2020-10-27 15:35 - 2020-10-27 15:35 - 000000000 ____D C:\Users\droopy\AppData\Local\Lavasoft
2020-10-27 15:35 - 2020-10-27 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-10-27 15:34 - 2020-10-27 15:34 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-10-27 15:33 - 2020-10-27 15:33 - 000512624 _____ (Lavasoft) C:\Users\droopy\Downloads\WcInstaller.exe
2020-10-27 15:33 - 2020-10-27 15:33 - 000000000 ____D C:\ProgramData\Lavasoft
2020-10-27 15:30 - 2020-11-07 10:49 - 000567192 _____ C:\Users\droopy\Desktop\cacaoweb.exe
2020-10-27 15:30 - 2020-10-27 15:30 - 000567192 _____ C:\Users\droopy\Downloads\cacaoweb.exe
2020-10-27 15:30 - 2020-10-27 15:30 - 000000000 ____D C:\Users\droopy\AppData\Roaming\cacaoweb
HKU\S-1-5-21-847398224-3266564336-1598762257-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=LU150701WEBDIRECT&iDate=2020-10-27 02:35:26&bName=
SearchScopes: HKU\S-1-5-21-847398224-3266564336-1598762257-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
IE trusted site: HKU\S-1-5-21-847398224-3266564336-1598762257-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [TCP Query User{9B3F5E86-5016-4A82-8DCF-EBB8CF60DE2D}C:\users\droopy\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\droopy\appdata\roaming\cacaoweb\cacaoweb.exe (CACAOWEB Ltd -> )
FirewallRules: [UDP Query User{8CCFF253-6808-4B33-B35C-81F72FC16B55}C:\users\droopy\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\droopy\appdata\roaming\cacaoweb\cacaoweb.exe (CACAOWEB Ltd -> )
VirusTotal: C:\Users\droopy\AppData\Local\kl.dll;C:\Users\droopy\AppData\Roaming\Microsoft\Windows\dllcache\icacls.exe
emptytemp:

*****************

Processus fermé avec succès.
Le Point de restauration a été créé avec succès.
"HKU\S-1-5-21-847398224-3266564336-1598762257-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cacaoweb" => supprimé(es) avec succès
"HKU\S-1-5-21-847398224-3266564336-1598762257-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => supprimé(es) avec succès
"Firefox newtab" => supprimé(es) avec succès
"Firefox homepage" => supprimé(es) avec succès
"Firefox newtab" => supprimé(es) avec succès
"C:\Users\droopy\AppData\Roaming\Mozilla\Firefox\Profiles\hh00q9yx.default-release\Extensions\cacaoweb@cacaoweb.org" => non trouvé(e)
WCAssistantService => service non trouvé(e).
"C:\Users\droopy\AppData\Roaming\Lavasoft" => non trouvé(e)
"C:\Users\droopy\AppData\Local\Lavasoft" => non trouvé(e)
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft" => non trouvé(e)
"C:\Program Files (x86)\Lavasoft" => non trouvé(e)
C:\Users\droopy\Downloads\WcInstaller.exe => déplacé(es) avec succès
"C:\ProgramData\Lavasoft" => non trouvé(e)
C:\Users\droopy\Desktop\cacaoweb.exe => déplacé(es) avec succès
C:\Users\droopy\Downloads\cacaoweb.exe => déplacé(es) avec succès
C:\Users\droopy\AppData\Roaming\cacaoweb => déplacé(es) avec succès
HKU\S-1-5-21-847398224-3266564336-1598762257-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => valeur restauré(es) avec succès
HKU\S-1-5-21-847398224-3266564336-1598762257-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B} => supprimé(es) avec succès
HKU\S-1-5-21-847398224-3266564336-1598762257-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9B3F5E86-5016-4A82-8DCF-EBB8CF60DE2D}C:\users\droopy\appdata\roaming\cacaoweb\cacaoweb.exe" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8CCFF253-6808-4B33-B35C-81F72FC16B55}C:\users\droopy\appdata\roaming\cacaoweb\cacaoweb.exe" => supprimé(es) avec succès
VirusTotal: C:\Users\droopy\AppData\Local\kl.dll => https://www.virustotal.com/gui/file/6c3b60837c66fc3ac3923da362984b0f3c8f8be4da3256b22878649f4c82390d/detection/f-6c3b60837c66fc3ac3923da362984b0f3c8f8be4da3256b22878649f4c82390d-1495973223
"VirusTotal: C:\Users\droopy\AppData\Roaming\Microsoft\Windows\dllcache\icacls.exe" => non trouvé(e)

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8437274 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 19464 B
Edge => 9636837 B
Chrome => 0 B
Firefox => 64957215 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2404 B
droopy => 3846243 B

RecycleBin => 187015031 B
EmptyTemp: => 268.2 MB données temporaires supprimées.

================================


Le système a dû redémarrer.

==== Fin 2 Fixlog 11:46:18 ====