Posté le 4 septembre 2017
Télécharger | Reposter | Largeur fixe

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-244263343-3243090114-2902271346-1001\...\Run: [Gameo] => C:\Users\Isabelle\AppData\Roaming\Gameo\gameo.exe [42482176 2015-07-04] ()
HKU\S-1-5-21-244263343-3243090114-2902271346-1001\...\Run: [GoogleChromeAutoLaunch_033F6DDD5FDC6964612C605131FB5C38] => C:\Users\Isabelle\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1447046514&from=mych123&uid=st1000lm014-1ej164-sshd_w77135v0&z=a219c48359d78931dcc3cc3gfz4z8mcefzbq9wdg8t
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450281506&from=zzgbkk123&uid=st1000lm014-1ej164-sshd_w77135v0&z=89bc5f2f6f79cd3459ce50bg8z6w3e2o3b3g4w5g5o&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_ggbg_15_36&cd=2XzuyEtN2Y1L1Qzu0D0AyD0D0EtB0D0CtBzz0CzytA0CyDyCtN0D0Tzu0StCtAyEyEtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEyDtA0DyDyBzytBtG0B0EtA0EtGyEyEtB0CtG0B0D0F0FtGtCyByEyDzy0A0Bzz0EyByDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCtDyDzzzyyD0FtG0ByCzztAtGyE0BtCtDtGzzyBtC0AtG0FyC0BtDyB0CyB0AtD0ByEyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyBtB&cr=849109705&ir=
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450281506&from=zzgbkk123&uid=st1000lm014-1ej164-sshd_w77135v0&z=89bc5f2f6f79cd3459ce50bg8z6w3e2o3b3g4w5g5o&q={searchTerms}
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450281506&from=zzgbkk123&uid=st1000lm014-1ej164-sshd_w77135v0&z=89bc5f2f6f79cd3459ce50bg8z6w3e2o3b3g4w5g5o&q={searchTerms}
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450281506&from=zzgbkk123&uid=st1000lm014-1ej164-sshd_w77135v0&z=89bc5f2f6f79cd3459ce50bg8z6w3e2o3b3g4w5g5o&q={searchTerms}
SearchScopes: HKLM-x32 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKU\S-1-5-21-244263343-3243090114-2902271346-1001 -> OldSearch URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_ggbg_15_36&cd=2XzuyEtN2Y1L1Qzu0D0AyD0D0EtB0D0CtBzz0CzytA0CyDyCtN0D0Tzu0StCtAyEyEtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEyDtA0DyDyBzytBtG0B0EtA0EtGyEyEtB0CtG0B0D0F0FtGtCyByEyDzy0A0Bzz0EyByDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtCtDyDzzzyyD0FtG0ByCzztAtGyE0BtCtDtGzzyBtC0AtG0FyC0BtDyB0CyB0AtD0ByEyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyBtB&cr=849109705&ir=
SearchScopes: HKU\S-1-5-21-244263343-3243090114-2902271346-1001 -> {17B3C782-9790-4E4C-A766-ECC324ED4156} URL =
SearchScopes: HKU\S-1-5-21-244263343-3243090114-2902271346-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-244263343-3243090114-2902271346-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKU\S-1-5-21-244263343-3243090114-2902271346-1001 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKU\S-1-5-21-244263343-3243090114-2902271346-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKU\S-1-5-21-244263343-3243090114-2902271346-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL =
CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1462303914&from=86490503&uid=st1000lm014-1ej164-sshd_w77135v0&z=a817007c44124abc28a8dc3g5z4q5occ8e0cft3g6q"
CHR HKLM\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-244263343-3243090114-2902271346-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [49152 2015-09-06] () [Fichier non signé]
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
S2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer1017.exe [236816 2015-10-09] (MustangService)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
2015-09-01 00:21 - 2015-11-26 08:58 - 000000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Program Files (x86)\Elex-tech
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Uniblue
C:\Program Files (x86)\CinemaPlus_1.3dV31.08
C:\Program Files (x86)\WordFly_1.10.0.28
C:\Program Files (x86)\OLBPre
C:\ProgramData\{3D3CD5FF-6DBE-0479-DC38-74FB0CBAA775}
C:\Users\Isabelle\AppData\Roaming\Gameo
C:\Users\Isabelle\AppData\Local\Chromium
C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys
C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys
Task: {21DFF186-158D-4F9C-B716-6CBA21C9F677} - System32\Tasks\PC-Mechanic Startup => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-11-04] (Uniblue Systems Limited)
Task: {33A326A6-99F4-4FA5-A322-88D840379893} - System32\Tasks\8f0fcab5-7039-457e-93bf-fecc1fc825a8-1-6 => C:\Program Files (x86)\CinemaPlus_1.3dV31.08\8f0fcab5-7039-457e-93bf-fecc1fc825a8-1-6.exe [2015-09-01] (CinemaPlus_1.3dV31.08)
Task: {3FEDD8E7-C630-4307-B035-76B444F2D237} - System32\Tasks\8f0fcab5-7039-457e-93bf-fecc1fc825a8-1-7 => C:\Program Files (x86)\CinemaPlus_1.3dV31.08\8f0fcab5-7039-457e-93bf-fecc1fc825a8-1-7.exe [2015-09-01] (CinemaPlus_1.3dV31.08)
Task: {64FADF2C-1F64-4548-91E4-1A194FA971F5} - System32\Tasks\8f0fcab5-7039-457e-93bf-fecc1fc825a8-5_user => C:\Program Files (x86)\CinemaPlus_1.3dV31.08\8f0fcab5-7039-457e-93bf-fecc1fc825a8-5.exe [2015-09-01] (CinemaPlus_1.3dV31.08)
Task: {73AAC483-FEFE-4064-A8CC-4C97CA81B3EA} - System32\Tasks\8f0fcab5-7039-457e-93bf-fecc1fc825a8-5 => C:\Program Files (x86)\CinemaPlus_1.3dV31.08\8f0fcab5-7039-457e-93bf-fecc1fc825a8-5.exe [2015-09-01] (CinemaPlus_1.3dV31.08)
Task: {8ADEE8F4-8F90-482D-B515-10351C17DD5F} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF)
Task: {A121BB6B-4821-4068-B5A6-C2FA998449F6} - System32\Tasks\Palikan soti => "wscript.exe" "C:\ProgramData\{3D3CD5FF-6DBE-0479-DC38-74FB0CBAA775}\2.0.1.9\solo.txt" "433a2f50726f6772616d446174612f7b33443343443546462d364442452d303437392d444333382d3734464230434241413737357d2f322e302e312e392f736f74692e646c6c" "687474703a2f2f73616f2e6b616e72712e636f6d2f" "--IsErIk" "//E:jscript"
Task: {B28F4303-3980-4C34-8F7C-8050CF951898} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe
Task: {BD1052E3-2FE7-44C6-A261-5D9248899541} - System32\Tasks\PC-Mechanic Maintenance => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-11-04] (Uniblue Systems Limited)
Task: {CC6437D6-B7F4-44FC-A248-9467048C63E4} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files (x86)\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF)
Task: C:\WINDOWS\Tasks\8f0fcab5-7039-457e-93bf-fecc1fc825a8-1-6.job => C:\Program Files (x86)\CinemaPlus_1.3dV31.08\8f0fcab5-7039-457e-93bf-fecc1fc825a8-1-6.exe
Task: C:\WINDOWS\Tasks\8f0fcab5-7039-457e-93bf-fecc1fc825a8-1-7.job => C:\Program Files (x86)\CinemaPlus_1.3dV31.08\8f0fcab5-7039-457e-93bf-fecc1fc825a8-1-7.exe
Task: C:\WINDOWS\Tasks\8f0fcab5-7039-457e-93bf-fecc1fc825a8-5.job => C:\Program Files (x86)\CinemaPlus_1.3dV31.08\8f0fcab5-7039-457e-93bf-fecc1fc825a8-5.exe
Task: C:\WINDOWS\Tasks\8f0fcab5-7039-457e-93bf-fecc1fc825a8-5_user.job => C:\Program Files (x86)\CinemaPlus_1.3dV31.08\8f0fcab5-7039-457e-93bf-fecc1fc825a8-5.exe
Task: C:\WINDOWS\Tasks\PC-Mechanic Maintenance.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\WINDOWS\Tasks\PC-Mechanic Startup.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
ShortcutWithArgument: C:\Users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall\StormFall.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1444486618&pid=etc10&uid=f5d6d813-171d-40fc-a19a-626551ed4e17
ShortcutWithArgument: C:\Users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sparta\Sparta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1444486618&pid=etc10&uid=f5d6d813-171d-40fc-a19a-626551ed4e17
IE trusted site: HKU\S-1-5-21-244263343-3243090114-2902271346-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{5D0A1F3A-BD22-4F34-ADEE-4309EB695EE1}] => (Allow) C:\Users\Isabelle\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{F3A29805-EE61-4171-9F8C-F604C53B1E76}] => (Allow) C:\Users\Isabelle\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{5510EE93-DD73-48A8-83A5-743E993C3782}] => (Allow) C:\Users\Isabelle\AppData\Local\Chromium\Application\chrome.exe
cmd: netsh winsock reset
EmptyTemp:
End::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.