start:: CreateRestorePoint: CloseProcesses:...

Posté le 1 décembre 2019
Télécharger | Reposter | Largeur fixe

start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKU\S-1-5-21-423253196-1020727028-3598377169-1001\...\Run: [cacaoweb] => C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe [568624 2018-01-18]
Task: {11871A11-4BCB-4AA8-BA19-5446F12ADECE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier
Task: {152B8B1F-8133-4C50-8472-8DA4930CD13D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier
Task: {27C94FD3-3832-47FC-A959-2818484407D7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Pas de fichier
Task: {319BC08A-5345-47BF-94F3-AB80FE371FC8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier
Task: {36F57FC6-F465-4268-8224-92B045DF0CD2} - System32\Tasks\UserRisksAdjudgingV2 => rundll32.exe BotanistsPincushions.dll,main 7 1
Task: {3ACE302C-682E-4B4D-B3DA-13B7F73CB188} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier
Task: {4CC3A7FE-13FB-413E-A70A-3B981BBFDF51} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Pas de fichier
Task: {6E67451B-AF87-40C2-A6BE-81E7ED0B49C5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier
Task: {7631343B-AF5A-46AD-BE18-E9733CDABCE5} - \WPD\SqmUpload_S-1-5-21-423253196-1020727028-3598377169-1001 -> Pas de fichier
Task: {A53B4596-0929-475A-AB67-131FF68FB152} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier
Task: {BA2FBD55-4698-4839-A9F0-E18ACF0E423D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier
Task: {C39C8D94-CB27-400B-B1A2-CC5B5CC1B3F0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Pas de fichier
Task: {C43835CD-B579-4CFF-91A7-9BD9B889340A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier
Task: {CDA08964-3C93-465E-9630-CEB0C34860FB} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier
Task: {CEFAFE46-33B9-44E8-B00E-DA3BFD3D4CD5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier
Task: {E27775FE-DA2B-420A-BD14-6603D119822D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier
Task: {E3F614A7-6124-49F0-A9F3-AC9EB5AE7000} - \McAfee\McAfee Idle Detection Task -> Pas de fichier
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=
SearchScopes: HKU\S-1-5-21-423253196-1020727028-3598377169-1001 -> DefaultScope {D4BC514F-4CB9-4605-875B-A72F9B62A6F9} URL =
SearchScopes: HKU\S-1-5-21-423253196-1020727028-3598377169-1001 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=
SearchScopes: HKU\S-1-5-21-423253196-1020727028-3598377169-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=
SearchScopes: HKU\S-1-5-21-423253196-1020727028-3598377169-1001 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=
SearchScopes: HKU\S-1-5-21-423253196-1020727028-3598377169-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=
SearchScopes: HKU\S-1-5-21-423253196-1020727028-3598377169-1001 -> {D4BC514F-4CB9-4605-875B-A72F9B62A6F9} URL =
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKU\S-1-5-21-423253196-1020727028-3598377169-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp]
2019-12-01 16:38 - 2016-06-20 20:48 - 000000000 ___DC C:\Users\User\AppData\Roaming\cacaoweb
2016-10-28 21:58 - 2016-10-28 21:58 - 000383488 ____C () C:\Users\User\AppData\Roaming\Setup82779.exe
2017-12-17 21:35 - 2017-12-17 21:35 - 000000052 ____C () C:\Users\User\AppData\Local\6sh6sh6sh6
CustomCLSID: HKU\S-1-5-21-423253196-1020727028-3598377169-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\FileSyncShell.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-423253196-1020727028-3598377169-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\FileSyncShell.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-423253196-1020727028-3598377169-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\FileSyncShell.dll => Pas de fichier
AlternateDataStreams: C:\Users\User\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
EmptyTemp:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
end::