Posté le 9 septembre 2017
Télécharger | Reposter | Largeur fixe

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [vnlgp] => C:\Users\Laura\AppData\Roaming\vnlgp\vnlgp.exe [1555968 2017-05-06] ()
HKLM\...\RunOnce: [OMEWPRODUCT_TPPA5] => C:\Program Files (x86)\ShutdownTime\4EU28ATJAWX9ZHO.exe [259584 2017-09-09] (OAE4AFPW)
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [3318272 2017-09-05] () <==== ATTENTION
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [msiql] => C:\Users\Laura\AppData\Local\Temp\00007291\msiql.exe [2072576 2017-09-09] () <==== ATTENTION
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [2cgvl4hv0lh] => C:\Users\Laura\AppData\Roaming\zqc2uha1nm1\13ntyeghwu4.exe [7168 2017-09-09] ()
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [RK714EOJVV70PYQ] => C:\Program Files\8AXLPQM0M9\8AXLPQM0M.exe [1246208 2017-09-09] (OAE4AFPW)
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [xigcbnr1pwt] => C:\Users\Laura\AppData\Roaming\2tut4pmvtgy\hnmbgwbvige.exe [7168 2017-09-09] ()
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [zzfalyroyzp] => C:\Users\Laura\AppData\Roaming\iypyuaijvyc\ge5d0uunazi.exe [7168 2017-09-09] ()
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [r5ma5r5gzjw] => C:\Users\Laura\AppData\Roaming\4no4ieiedt2\ctvuc1ithgh.exe [7168 2017-09-09] ()
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [SHMMQOPASH78R1V] => C:\Program Files\57K5LTYD57\U40KWG3YP.exe [1246208 2017-09-09] (OAE4AFPW)
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [ZKA8QRLTMW2G25K] => C:\Program Files\344HHNXI9Q\344HHNXI9.exe [1246208 2017-09-09] (OAE4AFPW)
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [ssn] => C:\Users\Laura\AppData\Roaming\ssn\saveup.exe [24576 2017-08-24] ()
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [CrimsonRiver] => C:\WINDOWS\rss\csrss.exe [4837888 2017-09-09] () <==== ATTENTION
HKU\S-1-5-21-473576776-879531922-258701867-1001\...\Run: [CloudNet] => C:\Users\Laura\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [776704 2017-09-09] (EpicNet Inc.)
ShellExecuteHooks: Pas de nom - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\Users\Laura\AppData\Roaming\tmp546.dat [1952256 2017-08-25] ()
GroupPolicy: Restriction - Windows Defender
BHO: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\QYERbvxRHIE\toLzyNQq.dll [2017-09-09] ()
BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\QYERbvxRHIE\kZgUnAb.dll [2017-09-09] ()
FF user.js: detected! => C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\qxqtascq.default\user.js [2017-07-12]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-09-09]
R2 TMService; C:\Program Files (x86)\WindowsTM\TMService.exe [242344 2017-09-09] (Smart Software, Inc.)
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-03-07] ()
R2 WinDefender; C:\WINDOWS\windefender.exe [3430912 2017-09-09] () [Fichier non signé]
U2 wtmkussrv; C:\Windows\SysWow64\wtmkussrv.dll [462848 2017-09-09] () [Fichier non signé]
U1 LanmaMaster; C:\WINDOWS\system32\drivers\lanmamaster.sys [1489512 2017-07-12] () [Fichier non signé]
U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.)
2017-09-09 09:44 - 2017-09-09 09:44 - 000000000 ____D C:\Users\Laura\AppData\Roaming\EpicNet Inc
2017-09-09 09:43 - 2017-09-09 09:43 - 003430912 _____ C:\WINDOWS\windefender.exe
2017-09-09 09:43 - 2017-09-09 09:43 - 000009352 _____ C:\WINDOWS\system32\Drivers\Winmon.sys
2017-09-09 09:43 - 2017-09-09 09:43 - 000000000 ____D C:\WINDOWS\rss
2017-09-09 09:43 - 2017-09-09 09:43 - 000000000 ____D C:\Users\Laura\AppData\Local\Geckofx
2017-09-09 09:42 - 2017-09-09 09:42 - 000000000 ____D C:\Users\Laura\AppData\Roaming\4no4ieiedt2
2017-09-09 09:42 - 2017-09-09 09:42 - 000000000 ____D C:\Program Files\57K5LTYD57
2017-09-09 09:42 - 2017-09-09 09:42 - 000000000 ____D C:\Program Files\344HHNXI9Q
2017-09-09 09:41 - 2017-09-09 10:42 - 000002656 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-09-09 09:41 - 2017-09-09 10:42 - 000000324 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-09-09 09:41 - 2017-09-09 09:42 - 000000000 ____D C:\Users\Laura\AppData\Roaming\ssn
2017-09-09 09:41 - 2017-09-09 09:41 - 000003506 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-09-09 09:41 - 2017-09-09 09:41 - 000003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-09-09 09:41 - 2017-09-09 09:41 - 000003270 _____ C:\WINDOWS\System32\Tasks\csrss
2017-09-09 09:41 - 2017-09-09 09:41 - 000001593 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC???.lnk
2017-09-09 09:41 - 2017-09-09 09:41 - 000001581 _____ C:\Users\Public\Desktop\UC???.lnk
2017-09-09 09:41 - 2017-09-09 09:41 - 000000488 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-09-09 09:41 - 2017-09-09 09:41 - 000000000 ____D C:\Users\Laura\AppData\Roaming\iypyuaijvyc
2017-09-09 09:41 - 2017-09-09 09:41 - 000000000 ____D C:\Users\Laura\AppData\Roaming\BrowserModule
2017-09-09 09:41 - 2017-09-09 09:41 - 000000000 ____D C:\Users\Laura\AppData\Roaming\2tut4pmvtgy
2017-09-09 09:41 - 2017-09-09 09:41 - 000000000 ____D C:\Users\Laura\AppData\Local\UCBrowser
2017-09-09 09:41 - 2017-09-09 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC???
2017-09-09 09:41 - 2017-09-09 09:41 - 000000000 ____D C:\ProgramData\Microleaves
2017-09-09 09:40 - 2017-09-09 09:41 - 000000000 ____D C:\Program Files (x86)\UCBrowser
2017-09-09 09:40 - 2017-09-09 09:40 - 000016852 _____ C:\WINDOWS\System32\Tasks\CSS Toolbar Business
2017-09-09 09:40 - 2017-09-09 09:40 - 000000000 ____D C:\Users\Laura\AppData\Roaming\zqc2uha1nm1
2017-09-09 09:40 - 2017-09-09 09:40 - 000000000 ____D C:\Program Files\8AXLPQM0M9
2017-09-09 09:40 - 2017-09-09 09:40 - 000000000 ____D C:\Program Files (x86)\ShutdownTime
2017-09-09 09:39 - 2017-09-09 09:47 - 000000000 ____D C:\ProgramData\Cache
2017-09-09 09:39 - 2017-09-09 09:40 - 000000000 ____D C:\Users\Laura\AppData\Roaming\UCChannel
2017-09-09 09:39 - 2017-09-09 09:39 - 001847296 _____ C:\Users\Laura\AppData\Local\po.db
2017-09-09 09:39 - 2017-09-09 09:39 - 000462848 _____ C:\WINDOWS\SysWOW64\wtmkussrv.dll
2017-09-09 09:39 - 2017-09-09 09:39 - 000140800 _____ C:\Users\Laura\AppData\Local\installer.dat
2017-09-09 09:39 - 2017-09-09 09:39 - 000011568 _____ C:\Users\Laura\AppData\Local\InstallationConfiguration.xml
2017-09-09 09:39 - 2017-09-09 09:39 - 000003674 _____ C:\WINDOWS\System32\Tasks\FastDataX Task
2017-09-09 09:39 - 2017-09-09 09:39 - 000003214 _____ C:\WINDOWS\System32\Tasks\TnqpiRJoXWMCwN
2017-09-09 09:39 - 2017-09-09 09:39 - 000002864 _____ C:\WINDOWS\System32\Tasks\uuxHwpnMkRCRpJh2
2017-09-09 09:39 - 2017-09-09 09:39 - 000002640 _____ C:\WINDOWS\System32\Tasks\uuxHwpnMkRCRpJh
2017-09-09 09:39 - 2017-09-09 09:39 - 000001326 _____ C:\Users\Public\Desktop\Download Setup activati...lnk
2017-09-09 09:39 - 2017-09-09 09:39 - 000000320 _____ C:\WINDOWS\Tasks\uuxHwpnMkRCRpJh.job
2017-09-09 09:39 - 2017-09-09 09:39 - 000000290 __RSH C:\ProgramData\ntuser.pol
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\WindowsTM
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\ProgramData\e3ed4246-5371-1
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\ProgramData\e3ed4246-38e3-0
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\Program Files (x86)\WindowsTM
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\Program Files (x86)\thzXuJvjU
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\Program Files (x86)\QYERbvxRHIE
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\Program Files (x86)\GXZiGyYLSHyU2
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\Program Files (x86)\FastDataX
2017-09-09 09:39 - 2017-09-09 09:39 - 000000000 ____D C:\Program Files (x86)\dCHHaxjOpqUn
2017-09-09 09:39 - 2017-08-25 23:33 - 001952256 ___SH C:\Users\Laura\AppData\Roaming\tmp546.dat
2017-09-09 09:38 - 2017-09-09 10:44 - 000000000 ____D C:\Program Files (x86)\YeaDesktop
2017-09-09 09:38 - 2017-09-09 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop
2017-09-09 09:38 - 2017-09-09 09:38 - 000003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2017-09-09 09:38 - 2017-09-09 09:38 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2017-09-09 09:38 - 2017-09-09 09:38 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2017-09-09 09:38 - 2017-09-09 09:38 - 000003272 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2017-09-09 09:38 - 2017-09-09 09:38 - 000000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2017-09-09 09:38 - 2017-09-09 09:38 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2017-09-09 09:38 - 2017-09-09 09:38 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2017-09-09 09:38 - 2017-09-09 09:38 - 000000382 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-09-09 09:38 - 2017-09-09 09:38 - 000000000 ____D C:\Users\Laura\AppData\Roaming\vnlgp
2017-09-09 09:38 - 2017-09-09 09:38 - 000000000 ____D C:\Users\Laura\AppData\Roaming\Microleaves
2017-09-09 09:38 - 2017-09-09 09:38 - 000000000 ____D C:\Users\Laura\AppData\Local\AdvinstAnalytics
2017-09-09 09:38 - 2017-09-09 09:38 - 000000000 ____D C:\Program Files (x86)\Microleaves
2017-09-09 09:37 - 2017-09-09 09:38 - 000003640 _____ C:\WINDOWS\System32\Tasks\PPI Update
2017-09-09 09:37 - 2017-09-09 09:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2017-09-09 09:34 - 2017-09-09 09:34 - 001834932 _____ C:\Users\Laura\Downloads\Microsoft Toolkit Final pass 123456.rar
C:\Program Files (x86)\WindowsTM
C:\Program Files (x86)\UCBrowser
C:\Program Files (x86)\Microleaves
C:\Program Files\CSS Toolbar Business
C:\Program Files (x86)\GXZiGyYLSHyU2
C:\Program Files (x86)\FastDataX
C:\Program Files (x86)\thzXuJvjU
C:\Users\Laura\AppData\Roaming\vnlgp
C:\WINDOWS\rss
C:\WINDOWS\windefender.exe
C:\Windows\SysWow64\wtmkussrv.dll
Task: {0357F978-1DDF-4865-BD64-9BC2AA72A7B8} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-09-09] (UC Web Inc.)
Task: {1250E7DC-7177-401C-B95E-FBFF7ADF5B5F} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc)
Task: {149D4CD6-E5DB-4F56-BBA5-799264DB8E0C} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD)
Task: {4DDD2319-FC76-4BE1-958F-F61EF001D87A} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD)
Task: {57E85B4C-DA2E-4965-B970-DBE6C32C6A72} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [2017-09-09] ()
Task: {611AB405-778E-4D13-8820-A18D0B89EF38} - System32\Tasks\PPI Update => C:\WINDOWS\explorer.exe "hxxp://windowsdefender.site/download/download.php?mn=9996"
Task: {654B0617-94A1-4781-B696-FBB2709D3317} - System32\Tasks\CSS Toolbar Business => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\CSS Toolbar Business\CSS Toolbar Business.dll",hPvuDuq
Task: {66F4677C-0519-43E3-9197-7F81A5F7CCE2} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc)
Task: {70831FA9-AFD3-48CA-B624-428D423CB6AE} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves)
Task: {8535BFC5-9D57-4C36-8D1A-BE5FD8298D5F} - System32\Tasks\TnqpiRJoXWMCwN => rundll32 "C:\Program Files (x86)\GXZiGyYLSHyU2\qdwzOtgMzaant.dll",#1
Task: {9B21F565-EBA4-42CA-8723-70A1A3F8A300} - System32\Tasks\FastDataX Task => C:\Program Files (x86)\FastDataX\fastdatax.exe [2017-09-08] ()
Task: {A72A8DCE-BB09-407E-857E-BC8280CE7207} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD)
Task: {A998F928-6748-449F-BE37-B547EB6CAAA4} - System32\Tasks\uuxHwpnMkRCRpJh => rundll32 "C:\Program Files (x86)\thzXuJvjU\dztMan.dll",#1
Task: {D8E40382-AE79-4D76-9B8C-EAC2E377FF8B} - System32\Tasks\uuxHwpnMkRCRpJh2 => rundll32 "C:\Program Files (x86)\thzXuJvjU\dztMan.dll",#1
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\uuxHwpnMkRCRpJh.job => C:\Program Files (x86)\thzXuJvjU\dztMan.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://pop.yeawindows.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://pop.yeawindows.com/
FirewallRules: [{7634DA03-1B8C-46C4-93AA-C101ED9E575F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{0F899C79-0A12-4A78-9009-68E03D11CA51}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{EAD3907C-D08A-4571-8765-9C801AAF3E5E}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{9F022EB1-8F43-4BAA-9BBA-A4BDDF8BE297}] => (Allow) ?????????????????????
FirewallRules: [{E6AC4C6D-10A9-44EB-ADD5-3566DD6D6136}] => (Allow) ??????????????????????e
FirewallRules: [{7596D2BB-4F3C-49EC-864E-C7F566C7CD85}] => (Allow) C:\WINDOWS\rss\csrss.exe
FirewallRules: [{BCBBDA93-8BE8-4EC6-8324-8AD01B9FA8EE}] => (Allow) C:\Users\Laura\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
Hosts:
EmptyTemp:
End::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.