Posté le 11 novembre 2017
Télécharger | Reposter | Largeur fixe

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [gplyra] => C:\Users\Tom\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] ()
HKU\S-1-5-21-2262163235-2200346753-1188830764-1001\...\Run: [RYQKRPUBNO.exe] => C:\Program Files\Uninstall Information\ISMLBRVMAG\RYQKRPUBNO.exe
GroupPolicy: Restriction - Chrome
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gobbnicjoijcfndfmmfjnfgldgcnjibl
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
2017-11-10 12:45 - 2017-11-10 13:55 - 000000000 ____D C:\ProgramData\4580073c8b4b4ee4a3f6dc8c5d91b160
2017-11-10 12:45 - 2017-11-10 13:52 - 000000000 ____D C:\ProgramData\64c9f1c37c5347488b933b8e197ea0ef
2017-11-10 12:45 - 2017-11-10 12:57 - 000000000 ____D C:\ProgramData\cb42f67f0ddd4a4a97ddb810c9e476d3
2017-11-10 12:45 - 2017-11-10 12:55 - 000000000 ____D C:\Program Files (x86)\ZfJRwqLPhIE
2017-11-10 12:45 - 2017-11-10 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-11-10 12:45 - 2017-11-10 12:49 - 000000000 ____D C:\Program Files (x86)\zTWnHlzwjSUn
2017-11-10 12:45 - 2017-11-10 12:45 - 000024278 _____ C:\WINDOWS\System32\Tasks\{0E050947-0B04-0F7E-7A11-0B79780B110A}
2017-11-10 12:45 - 2017-11-10 12:45 - 000004066 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_IX
2017-11-10 12:45 - 2017-11-10 12:45 - 000004018 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_WV
2017-11-10 12:45 - 2017-11-10 12:45 - 000004018 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_LD
2017-11-10 12:45 - 2017-11-10 12:45 - 000004018 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HK
2017-11-10 12:45 - 2017-11-10 12:45 - 000003676 _____ C:\WINDOWS\System32\Tasks\SystemHealer Task
2017-11-10 12:45 - 2017-11-10 12:45 - 000003214 _____ C:\WINDOWS\System32\Tasks\zjwPaeaadZaNwF
2017-11-10 12:45 - 2017-11-10 12:45 - 000000000 ____D C:\Users\Tom\AppData\Roaming\System Healer
2017-11-10 12:45 - 2017-11-10 12:45 - 000000000 ____D C:\Users\Tom\AppData\Roaming\gplyra
2017-11-10 12:45 - 2017-11-10 12:45 - 000000000 ____D C:\Users\Tom\AppData\Local\0be98c50eb1144dc8a2ad4e6a57e03fb
2017-11-10 12:45 - 2017-11-10 12:45 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-11-10 12:45 - 2017-11-10 12:45 - 000000000 ____D C:\ProgramData\Microleaves
2017-11-10 12:45 - 2017-11-10 12:45 - 000000000 ____D C:\ProgramData\582e1fb6-6317-1
2017-11-10 12:45 - 2017-11-10 12:45 - 000000000 ____D C:\ProgramData\582e1fb6-5fb5-0
2017-11-10 12:45 - 2017-11-10 12:45 - 000000000 ____D C:\Program Files (x86)\JIdcnntTvnKU2
2017-11-10 12:44 - 2017-11-10 12:55 - 000000000 ____D C:\Program Files (x86)\driverupdaterplus
2017-11-10 12:44 - 2017-11-10 12:48 - 000000000 ____D C:\Program Files\RunBooster
2017-11-10 12:44 - 2017-11-10 12:44 - 000037552 _____ (Basil) C:\WINDOWS\system32\Drivers\WinDivert64.sys
2017-11-10 12:44 - 2017-11-10 12:44 - 000004348 _____ C:\WINDOWS\System32\Tasks\RunBoosterUpdateTask
2017-11-10 12:44 - 2017-11-10 12:44 - 000004086 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_FC
2017-11-10 12:44 - 2017-11-10 12:44 - 000002052 _____ C:\WINDOWS\System32\Tasks\1gVQOeD6gw
2017-11-10 12:44 - 2017-11-10 12:44 - 000000103 _____ C:\WINDOWS\SysWOW64\del.bat
2017-11-10 12:43 - 2017-11-10 12:58 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2017-11-10 12:43 - 2017-11-10 12:49 - 000000000 ____D C:\Program Files (x86)\K8QwhMaS0i
2017-11-10 12:43 - 2017-11-10 12:47 - 000000000 ____D C:\Users\Tom\AppData\Local\AppTrailers
2017-11-10 12:43 - 2017-11-10 12:44 - 000000002 _____ C:\END
2017-11-10 12:43 - 2017-11-10 12:43 - 000003718 _____ C:\WINDOWS\System32\Tasks\{1E67D1B3-E736-8D06-73C5-37E6447F9F02}
2017-11-10 12:43 - 2017-11-10 12:43 - 000000000 ____D C:\ProgramData\e637c572-6581-1
2017-11-10 12:43 - 2017-11-10 12:43 - 000000000 ____D C:\ProgramData\e637c572-1b33-0
2017-11-10 12:42 - 2017-11-10 12:58 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Interstatnogui
2017-11-10 12:42 - 2017-11-10 12:48 - 000000000 ____D C:\Users\Tom\AppData\Local\AdService
2017-11-10 12:42 - 2017-11-10 12:43 - 000930816 _____ C:\Users\Tom\AppData\Local\po.db
2017-11-10 12:42 - 2017-11-10 12:42 - 000140800 _____ C:\Users\Tom\AppData\Local\installer.dat
2017-11-10 12:42 - 2017-11-10 12:42 - 000011568 _____ C:\Users\Tom\AppData\Local\InstallationConfiguration.xml
2017-11-10 12:42 - 2017-11-10 12:42 - 000003780 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade
2017-11-10 12:42 - 2017-11-10 12:42 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microleaves
2017-11-10 12:42 - 2017-11-10 12:42 - 000000000 ____D C:\Users\Tom\AppData\Local\AdvinstAnalytics
2017-11-10 12:42 - 2017-11-10 12:42 - 000000000 ____D C:\Program Files (x86)\SoftUpgrade
2017-11-10 12:41 - 2017-11-10 12:50 - 000003286 _____ C:\WINDOWS\System32\Tasks\0386a2a260ef8211925082c2cfde4d62
2017-11-10 12:41 - 2017-11-10 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-11-10 12:41 - 2017-11-10 12:46 - 000031449 _____ C:\WINDOWS\d6c620f2b501d2c1e61f698f8d4e064b.ps1
2017-11-10 12:41 - 2017-11-10 12:46 - 000003476 _____ C:\WINDOWS\System32\Tasks\d6c620f2b501d2c1e61f698f8d4e064b
2017-11-09 21:00 - 2017-11-09 21:00 - 000000000 ____D C:\Users\Tom\AppData\Local\Tempzxpsign1dbd9e033585fa14
2017-11-09 20:55 - 2017-11-09 20:55 - 000000000 ____D C:\Users\Tom\AppData\Local\Tempzxpsigncf2d4cecd4451b8a
2017-11-09 20:04 - 2017-11-09 20:04 - 000000000 ____D C:\Users\Tom\AppData\Local\Tempzxpsignb8655eb8866af2ff
2017-11-09 19:52 - 2017-11-09 19:52 - 000000000 ____D C:\Users\Tom\AppData\Local\Tempzxpsign384e75d54e625674
2017-11-09 18:32 - 2017-11-09 18:32 - 000000000 ____D C:\Users\Tom\AppData\Local\Tempzxpsignead9867e35851a33
2017-11-09 14:59 - 2017-11-09 14:59 - 000444416 _____ C:\WINDOWS\80735ca52203f4774e2bb3506ca50443.exe
2017-11-09 14:59 - 2017-11-09 14:59 - 000037158 _____ C:\WINDOWS\uninstaller.dat
C:\Program Files\Uninstall Information\ISMLBRVMAG
C:\PROGRA~2\FASTDA~1
C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE
Task: {17A13118-3AFF-415F-8A23-52D84198AB4C} - System32\Tasks\GoogleUpdateSecurityTaskMachine_WV => C:\ProgramData\4580073c8b4b4ee4a3f6dc8c5d91b160\chipset.exe exec hide EEMJFOBIQY.cmd
Task: {2D7FB667-E9A1-41DD-BBD7-D66711FCD9C0} - System32\Tasks\RunBoosterUpdateTask => C:\Program Files\RunBooster\RunBoosterUpdateTask64.exe
Task: {2F344095-6D97-415D-B2B1-6AD9153A51DB} - System32\Tasks\d6c620f2b501d2c1e61f698f8d4e064b => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\WINDOWS\d6c620f2b501d2c1e61f698f8d4e064b.ps1"
Task: {429C8468-CF61-4E2B-833E-26ECF5346D10} - System32\Tasks\SystemHealer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE
Task: {6AEF79FC-765E-41E8-A6BC-0C391CDF45A1} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2017-09-20] ()
Task: {75936542-CF16-4745-8210-ADAAF52768D8} - System32\Tasks\1gVQOeD6gw => C:\Program Files (x86)\K8QwhMaS0i\updengine.exe
Task: {7DE2C4A6-43E2-4C33-8A4D-0459F1818E58} - System32\Tasks\0386a2a260ef8211925082c2cfde4d62 => sc start 0386a2a260ef8211925082c2cfde4d62
Task: {9C3668A0-B835-469B-B057-1CAFC7543303} - System32\Tasks\zjwPaeaadZaNwF => rundll32 "C:\Program Files (x86)\JIdcnntTvnKU2\OLCCnTHfaCkhf.dll",#1
Task: {9ED28C47-D005-448E-87BC-4F2B43B65AF3} - System32\Tasks\{0E050947-0B04-0F7E-7A11-0B79780B110A} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ACAAIAAgACAAOwAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUAbgBjAGUA (the data entry has 9904 more characters).
Task: {AAA04848-1F01-4428-A8C3-F70DB4A8E55D} - System32\Tasks\GoogleUpdateSecurityTaskMachine_FC => C:\Users\Tom\AppData\Local\Temp\27177703350448a8ba613bda48f3facf\chipset.exe exec hide YUBZESACZC.cmd
Task: {AB220EAF-1933-4E39-81D2-87A5091348FA} - System32\Tasks\GoogleUpdateSecurityTaskMachine_IX => C:\Users\Tom\AppData\Local\0be98c50eb1144dc8a2ad4e6a57e03fb\chipset.exe exec hide QKPCHGSUTP.cmd
Task: {F2E12F64-4BD0-4D8A-A5A6-9B733CE4DCC8} - System32\Tasks\GoogleUpdateSecurityTaskMachine_LD => C:\ProgramData\cb42f67f0ddd4a4a97ddb810c9e476d3\chipset.exe exec hide IVHUWBFJME.cmd
Task: {F4AE42C0-9C35-4D30-B962-B578A2E63386} - System32\Tasks\{1E67D1B3-E736-8D06-73C5-37E6447F9F02} => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
Hosts:
EmptyTemp:
End::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.