Posté le 14 janvier 2020
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Pas de fichier
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Pas de fichier
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Pas de fichier
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Pas de fichier
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Pas de fichier
AlternateDataStreams: C:\WINDOWS\system32\desktop.ini:WIN64 [38]
AlternateDataStreams: C:\WINDOWS\win.ini:WINDOWS [33]
AlternateDataStreams: C:\ProgramData\WUuXcW.theme:NTOSCHK [28]
IE trusted site: HKU\S-1-5-21-672838544-1472897398-3264222040-1001\...\fretex.fr -> hxxps://www.google.fretex.fr
FirewallRules: [UDP Query User{4677E2C6-B3EE-4107-9A08-126FA833789D}C:\program files\windowsapps\deezer.62021768415af_4.2.5.0_x86__q7m17pa7q8kj0\app\deezer.exe] => (Block) C:\program files\windowsapps\deezer.62021768415af_4.2.5.0_x86__q7m17pa7q8kj0\app\deezer.exe Pas de fichier
FirewallRules: [TCP Query User{8BBCFCD5-A59E-4162-8BB7-FF2085E58F0F}C:\program files\windowsapps\deezer.62021768415af_4.2.5.0_x86__q7m17pa7q8kj0\app\deezer.exe] => (Block) C:\program files\windowsapps\deezer.62021768415af_4.2.5.0_x86__q7m17pa7q8kj0\app\deezer.exe Pas de fichier
FirewallRules: [UDP Query User{7DFD07C7-C01D-4B49-AA41-D762D8945149}C:\program files\windowsapps\deezer.62021768415af_4.1.1.0_x86__q7m17pa7q8kj0\app\deezer.exe] => (Block) C:\program files\windowsapps\deezer.62021768415af_4.1.1.0_x86__q7m17pa7q8kj0\app\deezer.exe Pas de fichier
FirewallRules: [TCP Query User{C9A7A877-6055-431B-A785-A40980255A5D}C:\program files\windowsapps\deezer.62021768415af_4.1.1.0_x86__q7m17pa7q8kj0\app\deezer.exe] => (Block) C:\program files\windowsapps\deezer.62021768415af_4.1.1.0_x86__q7m17pa7q8kj0\app\deezer.exe Pas de fichier
FirewallRules: [TCP Query User{6F2B9BFA-CAFE-4EB2-A741-2751E5C57C85}C:\users\jean-michel\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\jean-michel\appdata\local\amazon music\amazon music helper.exe Pas de fichier
FirewallRules: [UDP Query User{BCD202BC-A978-4096-A852-4C0D86DD52C6}C:\users\jean-michel\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\jean-michel\appdata\local\amazon music\amazon music helper.exe Pas de fichier
FirewallRules: [{5A424B17-A091-4694-9AA7-BE4C57F641FD}] => (Allow) C:\KOPLAYER\KOPLAYER.exe Pas de fichier
FirewallRules: [{E2364CB2-7C92-4C62-AA00-4E74A77E9DF5}] => (Allow) C:\KOPLAYER\KOPLAYER.exe Pas de fichier
FirewallRules: [{A16B182A-9FD6-46A8-8EE8-D3A0778F881C}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe Pas de fichier
FirewallRules: [{E9B21AC9-6D6C-4F7E-A635-5500F440C257}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe Pas de fichier
FirewallRules: [{6AFE9E3F-0E1B-4042-A7DD-4AE35F0FF964}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation) [Fichier non signé]
FirewallRules: [{C0E10FAD-9675-49DE-B39E-4611A9E5E30C}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation) [Fichier non signé]
FirewallRules: [{CAC0A7D2-3037-425C-A6A1-60E1016FBA97}] => (Allow) C:\Users\jean-michel\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [Fichier non signé]
FirewallRules: [TCP Query User{DB3C31DD-87EE-411E-A221-685168C38476}C:\users\jean-michel\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\jean-michel\appdata\local\amazon music\amazon music helper.exe Pas de fichier
FirewallRules: [UDP Query User{2E5E2840-66ED-41E6-9909-BE24026FBC2C}C:\users\jean-michel\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\jean-michel\appdata\local\amazon music\amazon music helper.exe Pas de fichier
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-672838544-1472897398-3264222040-1001\...\Policies\Explorer: [NoDrives] 00000007
HKU\S-1-5-21-672838544-1472897398-3264222040-1001\...\MountPoints2: {0f584da7-4925-11e8-afa8-00dbdf3b0e47} - "E:\OnePlus_setup.exe" /s
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-10-18]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Pas de fichier)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {34CB9A38-4A26-4438-80E3-EA849F06C31F} - System32\Tasks\Secured Yahoo Powered folem => C:\Windows\system32\wscript.exe "C:\ProgramData\{00C0C5A3-8A82-4F65-0C44-D12796065AE9}\mono.txt" "68747470733a2f2f6464756b6d716c2e636f6d" "433a5c50726f6772616d446174615c7b30304330433541332d384138322d344636352d304334342d4431323739363036354145397d5c6e6972656461" "433a5c50726f6772616d446174615c7b30304330433541332d384138322d344636352d (l'élément de données a 84 caractères en plus). <==== ATTENTION
Task: {D16979BA-A5D5-42E4-8FA4-1583660E0761} - System32\Tasks\{3783A945-DE0B-B17B-B32F-282C66FB83A6} => C:\Users\JEAN-M~1\AppData\Roaming\Hodohod\SyncTask.exe <==== ATTENTION
Task: {EA429C37-D1A5-4391-9B50-D3E500D31977} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {F068CC37-1EC3-4CD4-8F68-C489705B9378} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\jean-michel\Downloads\esetonlinescanner_fra.exe [8173880 2020-01-13] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {F11D7235-A4D7-4BD8-98DD-1192188949F0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\jean-michel\Downloads\esetonlinescanner_fra.exe [8173880 2020-01-13] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: C:\WINDOWS\Tasks\Secured Yahoo Powered folem.job => Wscript.exe C:\ProgramData\{00C0C5A3-8A82-4F65-0C44-D12796065AE9}\mono.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\{3783A945-DE0B-B17B-B32F-282C66FB83A6}.job => C:\Users\JEAN-M~1\AppData\Roaming\Hodohod\SyncTask.exe <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {9F5670C0-C6F2-4316-B7BB-DB06F513D5A6} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_chtengin_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutByC0AyC0A0CtA0DyC0ByC0CtAyE0CyBtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyBzy0B0CtC0CzytBtGyEzz0DtAtGtAyB0DzztGtCzy0FyDtG0EyDtByCtB0DtB0DzyyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FzzyBzz0E0A0CtGtAzztD0DtGyEzyzz0AtGzztByByEtG0F0F0EtCyD0E0AyByDtC0F0A2QtN0A0LzuyE%26cr%3D1835882507%26a%3Dwbf_chtengin_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adsrch_16_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByCyCtB0Dzz0DyDtC0CyDtDtAyE0CyBtN0D0Tzu0StCyByEtBtN1L2XzutAtFtByEtFtByDtFyDyEtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBtD0CyBtDyE0DzztGyDyDzy0CtG0FtBtD0AtGyEtBtDtBtGyB0CyEtDyB0CtByD0FtCyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FzzyBzz0E0A0CtGtAzztD0DtGyEzyzz0AtGzztByByEtG0F0F0EtCyD0E0AyByDtC0F0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEyDtA%26cr%3D1061530492%26a%3Dwncy_adsrch_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {9F5670C0-C6F2-4316-B7BB-DB06F513D5A6} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_chtengin_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutByC0AyC0A0CtA0DyC0ByC0CtAyE0CyBtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyBzy0B0CtC0CzytBtGyEzz0DtAtGtAyB0DzztGtCzy0FyDtG0EyDtByCtB0DtB0DzyyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FzzyBzz0E0A0CtGtAzztD0DtGyEzyzz0AtGzztByByEtG0F0F0EtCyD0E0AyByDtC0F0A2QtN0A0LzuyE%26cr%3D1835882507%26a%3Dwbf_chtengin_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9F5670C0-C6F2-4316-B7BB-DB06F513D5A6} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_chtengin_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutByC0AyC0A0CtA0DyC0ByC0CtAyE0CyBtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyBzy0B0CtC0CzytBtGyEzz0DtAtGtAyB0DzztGtCzy0FyDtG0EyDtByCtB0DtB0DzyyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FzzyBzz0E0A0CtGtAzztD0DtGyEzyzz0AtGzztByByEtG0F0F0EtCyD0E0AyByDtC0F0A2QtN0A0LzuyE%26cr%3D1835882507%26a%3Dwbf_chtengin_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adsrch_16_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByCyCtB0Dzz0DyDtC0CyDtDtAyE0CyBtN0D0Tzu0StCyByEtBtN1L2XzutAtFtByEtFtByDtFyDyEtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBtD0CyBtDyE0DzztGyDyDzy0CtG0FtBtD0AtGyEtBtDtBtGyB0CyEtDyB0CtByD0FtCyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FzzyBzz0E0A0CtGtAzztD0DtGyEzyzz0AtGzztByByEtG0F0F0EtCyD0E0AyByDtC0F0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEyDtA%26cr%3D1061530492%26a%3Dwncy_adsrch_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {9F5670C0-C6F2-4316-B7BB-DB06F513D5A6} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_chtengin_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutByC0AyC0A0CtA0DyC0ByC0CtAyE0CyBtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyBzy0B0CtC0CzytBtGyEzz0DtAtGtAyB0DzztGtCzy0FyDtG0EyDtByCtB0DtB0DzyyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0FzzyBzz0E0A0CtGtAzztD0DtGyEzyzz0AtGzztByByEtG0F0F0EtCyD0E0AyByDtC0F0A2QtN0A0LzuyE%26cr%3D1835882507%26a%3Dwbf_chtengin_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-672838544-1472897398-3264222040-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-672838544-1472897398-3264222040-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL =
SearchScopes: HKU\S-1-5-21-672838544-1472897398-3264222040-1001 -> {12132D03-3466-47F9-92AE-89F61C89E017} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-672838544-1472897398-3264222040-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2020-01-13] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
S3 TTDrv; C:\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation) [Fichier non signé]
C:\KOPLAYER
2020-01-13 16:58 - 2020-01-13 16:58 - 000003836 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-01-13 16:58 - 2020-01-13 16:58 - 000003394 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-01-13 16:41 - 2020-01-13 16:41 - 000000782 _____ C:\Users\jean-michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-01-13 16:41 - 2020-01-13 16:41 - 000000683 _____ C:\Users\jean-michel\Desktop\ESET Online Scanner.lnk
2020-01-13 16:41 - 2020-01-13 16:41 - 000000000 ____D C:\Users\jean-michel\AppData\Local\ESET
2020-01-13 16:40 - 2020-01-13 16:40 - 008173880 _____ (ESET spol. s r.o.) C:\Users\jean-michel\Downloads\esetonlinescanner_fra.exe
2019-12-24 17:22 - 2019-12-24 19:59 - 000000000 ____D C:\ProgramData\ZohoMeeting
2019-12-24 17:21 - 2019-12-24 19:59 - 000000000 ____D C:\Program Files (x86)\ZohoMeeting
2019-12-24 17:21 - 2019-12-24 17:22 - 000000000 ____D C:\Users\jean-michel\AppData\Local\ZohoMeeting
2019-12-24 17:21 - 2019-12-24 17:21 - 000855056 _____ (ZOHO Corporation) C:\Users\jean-michel\Downloads\ZA_Connect.exe
2019-12-24 13:18 - 2019-12-24 13:18 - 000000000 ____D C:\Users\jean-michel\AppData\Local\Splashtop
2019-12-24 13:14 - 2020-01-13 18:04 - 000000000 ____D C:\ProgramData\Splashtop
2019-12-24 13:13 - 2019-12-09 16:09 - 000311216 _____ (Splashtop Inc.) C:\WINDOWS\system32\SRCredentialProvider.dll
2019-12-24 13:12 - 2019-12-24 13:12 - 031907808 _____ (Splashtop Inc.) C:\Users\jean-michel\Downloads\Splashtop_Streamer_Win_INSTALLER_v3.3.6.0.exe
2019-12-24 12:12 - 2019-12-24 12:16 - 000000000 ____D C:\Users\jean-michel\AppData\Local\TeamViewer
2019-12-24 12:08 - 2019-12-24 12:08 - 026367048 _____ (TeamViewer Germany GmbH) C:\Users\jean-michel\Downloads\TeamViewer_Setup.exe
2019-12-24 12:12 - 2017-10-17 17:43 - 000000000 ____D C:\Users\jean-michel\AppData\Roaming\TeamViewer
2017-04-03 16:00 - 2017-04-03 16:00 - 000000034 _____ () C:\ProgramData\PWg8uYut.dat
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
cmd: DISM /Online /Cleanup-image /Restorehealth
cmd: sfc /scannow
hosts:
emptytemp:
end::



x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.