start:: CreateRestorePoint: CloseProcesses:...

Posté le 29 décembre 2019
Télécharger | Reposter | Largeur fixe

start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-4127795105-617385963-3491686816-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
BootExecute: autocheck autochk * ?????
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {23989751-729E-4E49-8AF5-10A79842EC68} - System32\Tasks\{0AE7A8A4-DB46-4A71-9EB1-0328D19108A5} => C:\Windows\system32\pcalua.exe -a "C:\Users\iloa\AppData\Local\Temp\Temp1_IVT_BlueSoleil_10.0.497.0.zip\BlueSoleil 10.0.497.0\install\setup.exe" <==== ATTENTION
Task: {E027243C-1134-43A4-8031-37228F677265} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4127795105-617385963-3491686816-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=
SearchScopes: HKLM -> DefaultScope la valeur est absente
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente
SearchScopes: HKU\S-1-5-21-4127795105-617385963-3491686816-1000 -> {2A23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-4127795105-617385963-3491686816-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=
SearchScopes: HKU\S-1-5-21-4127795105-617385963-3491686816-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-4127795105-617385963-3491686816-1000 -> Pas de nom - {C500C267-63BF-451F-8797-4D720C9A2ED9} - Pas de fichier
FF ProfilePath: C:\Users\iloa\AppData\Roaming\Mozilla\Firefox\Profiles\sz4v0i0e.Utilisateur par dÃƒÂ©faut [non trouvé(e)] <==== ATTENTION
FF ProfilePath: C:\Users\iloa\AppData\Roaming\Mozilla\Firefox\Profiles\dumvfiis.Utilisateur par dÃƒÆ’Ã‚Â©faut [non trouvé(e)] <==== ATTENTION
FF HomepageOverride: Mozilla\Firefox\Profiles\oke3gm6c.default-release-1570266485524 -> Disabled: web@3753c687-a0c6-4cd1-b8ff-bab3c76b1236
FF NewTabOverride: Mozilla\Firefox\Profiles\oke3gm6c.default-release-1570266485524 -> Disabled: web@3753c687-a0c6-4cd1-b8ff-bab3c76b1236
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\iloa\AppData\Roaming\Mozilla\Firefox\Profiles\oke3gm6c.default-release-1570266485524\Extensions\sp@avast.com.xpi
FF Extension: (Avast Online Security) - C:\Users\iloa\AppData\Roaming\Mozilla\Firefox\Profiles\oke3gm6c.default-release-1570266485524\Extensions\wrc@avast.com.xpi [2019-12-16]
FF Extension: (Search Manager) - C:\Users\iloa\AppData\Roaming\Mozilla\Firefox\Profiles\oke3gm6c.default-release-1570266485524\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23}.xpi
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2018-12-07] <==== ATTENTION (Pointe vers un fichier *.cfg)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-11-30] <==== ATTENTION (Pointe vers un fichier *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2018-12-07] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-11-30] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKU\S-1-5-21-4127795105-617385963-3491686816-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
S2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4471400 2019-10-26] (Digital Communications Inc. -> Digital Communications Inc) <==== ATTENTION
S2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [248936 2019-08-28] (Digital Communications Inc. -> Digital Communications Inc) <==== ATTENTION
S1 SEGURAZOKD; C:\Program Files (x86)\Segurazo\SegurazoKD.sys [84768 2019-09-23] (Digital Communications Inc. -> Digital Communications Inc)
U3 aswbdisk; pas de ImagePath
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]
2019-12-29 18:43 - 2019-10-26 08:18 - 000000000 ____D C:\Program Files (x86)\Segurazo
2019-12-04 16:55 - 2019-12-04 16:55 - 000000000 _____ () C:\Users\iloa\AppData\Local\{7CF7AEA9-AB8E-44FA-A217-86EB02159D5F}
Segurazo Realtime Protection Lite (HKLM-x32\...\Segurazo) (Version: 1.0.14.9 - Digital Communications Inc) <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => -> Pas de fichier
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Pas de fichier
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [260]
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 [280]
AlternateDataStreams: C:\ProgramData\Temp:798A3728 [262]
AlternateDataStreams: C:\ProgramData\Temp:93DE1838 [286]
AlternateDataStreams: C:\ProgramData\Temp:93EB7685 [272]
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE [132]
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [258]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
EmptyTemp:
cmd: ipconfig /flushdns
end::