start:: CreateRestorePoint: CloseProcesses:...

Posté le 10 mai 2020
Télécharger | Reposter | Largeur fixe

start::
CreateRestorePoint:
CloseProcesses:
Hosts:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0A8FB828-D6B4-4CDF-B95D-3F30B592E325} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {0D683A3C-1107-4FF7-857D-1B87B5F92038} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
C:\Program Files (x86)\Spybot - Search & Destroy 2
Task: {163AAA39-96DE-42E5-BD4A-81B00DFF4EC0} - System32\Tasks\{7154C5C0-4D56-2F12-EA3B-0B53B1B75401} => C:\Users\user\AppData\Roaming\Sinogedagemu\neturabu.exe [396800 2013-04-28] (Gocusacugomu Software) [Fichier non signé]
C:\Users\user\AppData\Roaming\Sinogedagemu
Task: {4B91BB73-C821-4C66-B3BF-516E99FD05E4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {61723EEB-9A9A-4233-951B-F71B4509CA6B} - System32\Tasks\Getimolu\{24436D1F-BD22-7628-10FA-0F54AE35284D} => C:\Users\user\AppData\Local\Fadohafe\Getimolu.exe [2135552 2013-05-04] () [Fichier non signé]
C:\Users\user\AppData\Local\Fadohafe
Task: {9C7517BB-DA15-4FA2-B18A-15B4734CCEDB} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: C:\WINDOWS\Tasks\{7154C5C0-4D56-2F12-EA3B-0B53B1B75401}.job => C:\Users\user\AppData\Roaming\SINOGE~1\neturabu.exe
C:\Users\user\AppData\Roaming\SINOGE~1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsfrmtfctr_18_39_01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzz0B0C0D0B0C0BtBtByDzy0A0C0BtN0D0Tzu0StByEyDzztN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyB0CyE0E0B0EzztGtCyByE0CtG0F0DtAzztGyByD0E0DtGtC0DyByCtAzzzz0FtAtCyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtBtBtDzy1OyDtDtGtAtCtB1OtGyE1R1PzztGzytD1SyEtG1QtC1RyDzz1PtD1OtAtB1Tzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtAyByByBzzyCtCyC%26cr%3D2011962915%26a%3Dwbf_fsfrmtfctr_18_39_01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-3729127741-2505899406-761736858-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://r.orange.fr/r/Oodc_oi_promoHP?ref=O_OI_defaultPage_IEe64_w10e64_promoHP
SearchScopes: HKU\S-1-5-21-3729127741-2505899406-761736858-1001 -> DefaultScope {6533ECB9-F4B1-4E4D-ADE8-58F078B0B16A} URL = hxxp://www.nav-fr.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3729127741-2505899406-761736858-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-5b69a414bec04c7d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3729127741-2505899406-761736858-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_auwei_19_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzz0B0C0D0B0C0BtBtByDzy0A0C0BtN0D0Tzu0StByCyCyBtN1L2XzuyEtFyDtCtFtDtFzztCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCtD0CtCzyzy0A0FtGtBtBtA0CtGzytByCtDtGyByB0FzytGyCyE0E0ByByByEzz0Azzzy0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtBtBtDzy1OyDtDtGtAtCtB1OtGyE1R1PzztGzytD1SyEtG1QtC1RyDzz1PtD1OtAtB1Tzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyDyDzzyEtBtCyEtC%26cr%3D1491073016%26a%3Dwcg_auwei_19_16%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3729127741-2505899406-761736858-1001 -> {6533ECB9-F4B1-4E4D-ADE8-58F078B0B16A} URL = hxxp://www.nav-fr.com/search?q={searchTerms}
Edge HomeButtonPage: HKU\S-1-5-21-3729127741-2505899406-761736858-1001 -> hxxp://www.nav-fr.com/
Edge Notifications: HKU\S-1-5-21-3729127741-2505899406-761736858-1001 -> hxxps://smsmms.orange.fr; hxxps://store.dji.com; hxxps://silehingetoft.info; hxxps://mail.google.com
FF Homepage: Mozilla\Firefox\Profiles\vl46264j.default -> hxxp://www.nav-fr.com/
FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - => non trouvé(e)
FF HKU\S-1-5-21-3729127741-2505899406-761736858-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => non trouvé(e)
CHR StartupUrls: Default -> "hxxp://www.nav-fr.com/"
CHR NewTab: Default -> Active:"chrome-extension://hppemobdikemkbmccnjbilolonmpaljl/index.html"
CHR DefaultSearchURL: Default -> hxxp://www.nav-fr.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> sm
CHR DefaultSuggestURL: Default -> hxxp://srchbar.com/?s={searchTerms}
CHR HKLM\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKLM\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb]
CHR HKU\S-1-5-21-3729127741-2505899406-761736858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKU\S-1-5-21-3729127741-2505899406-761736858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKU\S-1-5-21-3729127741-2505899406-761736858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-3729127741-2505899406-761736858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb]
CHR HKLM-x32\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKLM-x32\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb]
CHR HKLM-x32\...\Chrome\Extension: [onghofjobpgcdeeifjfbcfepkchnenoh]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
2020-05-08 00:04 - 2019-11-18 19:54 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers1: [DAP_ShredMenu] -> {BED4C38B-F765-45AC-8C56-613F76BBF43E} => -> Pas de fichier
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers4: [DAP_ShredMenu] -> {BED4C38B-F765-45AC-8C56-613F76BBF43E} => -> Pas de fichier
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA [252]
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
SystemRestore: On
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
cmd: DISM /Online /Cleanup-image /Restorehealth
EmptyTemp:
cmd: ipconfig /flushdns
end::