Posté le 13 novembre 2020
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhioihinfh [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
virustotal: D:\arcai.com\netcut_windows.exe
virustotal: D:\arcai.com\aips.exe
HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87ljpnzjx0q1ocegikmov46002720¶m1=y6bdVFVIsvuYsgEClQfz8FCk56r1czorzh7M4B1S%2FdsZ34DDAXeg1Om3dA%2F1oPEPvmHtHCuu0an26g2fS7TEXHb8p5ZRrmIWw4ICaf1JNp%2BH%2BEFFXsNLz9EUfuat4543C9DCjWT%2FFQhk%2BcOM8viFFTTsbTSHZdJK8EQyBNnTE3KcSZZihDi11D70iontLvN0zGGZG7lL5y8WIRE0HKf85MDZg2Ip1VrSGBJJDwXwmc1lOheqo1xBPFlnwW6SOb14E4eY%2B0mabNtGiPXAgIVW94rMFb2zsGduRvt07RRzo9p%2FeGQpEs%2FqpV2LJzCY9a%2BTrp3j0Jt2t8RZDVyNVtrAsBqRzGJx1QBsza%2BPsAYSP9zqRC1sC2nJhQ533Bf11cHTNQ4l1H9anBOcQ2AIPFDVAEUEEXlwP%2Fgcx2PRwjSFr58%3D
SearchScopes: HKU\S-1-5-21-3149319448-1153329180-2899815915-1001 -> {2A23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-3149319448-1153329180-2899815915-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87ljpnzjx0q1ocegikmov46002720¶m1=y6bdVFVIsvuYsgEClQfz8FCk56r1czorzh7M4B1S%2FdsZ34DDAXeg1Om3dA%2F1oPEPvmHtHCuu0an26g2fS7TEXDXLvCqZp0Gd%2FaJ5HqFn1lDEs5AWl9h2vWBm1F%2BfbudGaKYOQhpEym7u42xPIWsPCIe6qaCxcGti1OTRYslryw14XWyFbuSTVMPo7KzY5XdQjJnVe3rdsKL807CtqfcSjVx3o6LbN6FASJZIVAeu0MEdzNparRdMa82Zwmv2YghSMag2gkGTfUxdTEnvaW6JOy1cu6pnKWU7%2Bj8X0kUOUnjg7x0OU6nTtH5m9kDHh%2FVzuASjHqSTNX5g8GcRk55rhMcOa1OvxJr3VyDfgqf9e6yp3FtNtEiX%2Fuqyogj5azcsGqDxJbrs3yhNlIEUFjijAA%3D%3D&p={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-11-13] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-11-13] (McAfee, LLC -> McAfee, LLC)
IE trusted site: HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\...\sharepoint.com -> hxxps://ggefstudentteacher-files.sharepoint.com
HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\...\StartupApproved\Run: => "Chromium"
FirewallRules: [UDP Query User{42E22F07-7D22-44D3-893B-B99F74678BA5}C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe] => (Allow) C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe => No File
FirewallRules: [TCP Query User{11088FFB-7BE9-450C-B657-AC9E660C3D05}C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe] => (Allow) C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe => No File
FirewallRules: [{4B254B99-15CA-46DE-B574-1F208CA8780F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{7F05D802-E113-40D4-817E-7AAC0E9F5492}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5102C40B-63B1-458E-A1D1-84FD56111A51}] => (Allow) C:\Windows\KMS-R@1n.exe => No File
FirewallRules: [{810F76B2-2FA8-4D07-8951-068D7E87D7C7}] => (Allow) C:\Windows\KMS-R@1n.exe => No File
FirewallRules: [TCP Query User{8CC2F295-113B-48D4-A10A-6E19E76CEAE1}E:\overwatch\overwatch.exe] => (Allow) E:\overwatch\overwatch.exe => No File
FirewallRules: [UDP Query User{0180B4C2-5E6A-4E24-803F-3BD06F2ADD4B}E:\overwatch\overwatch.exe] => (Allow) E:\overwatch\overwatch.exe => No File
FirewallRules: [TCP Query User{200DCD3B-5A95-4DA0-916A-3EA4FF5873E9}C:\program files (x86)\tt\riing plus rgb tt premium edition\tt riing plus rgb.exe] => (Allow) C:\program files (x86)\tt\riing plus rgb tt premium edition\tt riing plus rgb.exe => No File
FirewallRules: [UDP Query User{6561106B-059F-4E19-A706-30BC7FA690A2}C:\program files (x86)\tt\riing plus rgb tt premium edition\tt riing plus rgb.exe] => (Allow) C:\program files (x86)\tt\riing plus rgb tt premium edition\tt riing plus rgb.exe => No File
FirewallRules: [TCP Query User{9C18CFFE-C1EA-4959-896D-8D62FBF03EE8}C:\program files\epic games\ue_4.18\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.18\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [UDP Query User{34E19AB8-24FE-4039-95C1-FE705D004EA8}C:\program files\epic games\ue_4.18\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.18\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [TCP Query User{8C2D0FD2-D0CC-4562-AA21-57D60FC343A0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{E9950113-A763-4166-9961-6252B3E3E784}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{40F5E222-5A93-4768-92F5-1B347E4DE511}C:\program files (x86)\tt\riing plus rgb tt premium edition\tt riing plus rgb.exe] => (Allow) C:\program files (x86)\tt\riing plus rgb tt premium edition\tt riing plus rgb.exe => No File
FirewallRules: [UDP Query User{625DA114-55DE-4FB3-BC5D-10196287B122}C:\program files (x86)\tt\riing plus rgb tt premium edition\tt riing plus rgb.exe] => (Allow) C:\program files (x86)\tt\riing plus rgb tt premium edition\tt riing plus rgb.exe => No File
FirewallRules: [TCP Query User{C6496203-9258-456D-B9F9-67B92A01C5FA}E:\overwatch\overwatch.exe] => (Allow) E:\overwatch\overwatch.exe => No File
FirewallRules: [UDP Query User{CBA0223F-2797-4014-B010-26F00C78E1DC}E:\overwatch\overwatch.exe] => (Allow) E:\overwatch\overwatch.exe => No File
FirewallRules: [TCP Query User{7184897E-2F72-4BEC-AF46-9ACE82B9E9B1}E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [UDP Query User{1B1829AB-3060-4C05-A1CC-01AD70B05CB3}E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E947ECC7-6886-4DC2-A2D5-8311476206E8}E:\overwatch test\overwatch.exe] => (Allow) E:\overwatch test\overwatch.exe => No File
FirewallRules: [UDP Query User{8BF572AD-DE77-4DC9-B055-D794E23C9E38}E:\overwatch test\overwatch.exe] => (Allow) E:\overwatch test\overwatch.exe => No File
FirewallRules: [TCP Query User{A32BFD16-2FFA-4648-BDFE-704256FD7CC7}C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe] => (Block) C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe => No File
FirewallRules: [UDP Query User{55FC8732-1311-4C14-9FAD-B223318A9927}C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe] => (Block) C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe => No File
FirewallRules: [{567FB962-5E61-4246-AD2E-F788E9EFCDA7}] => (Allow) C:\Users\intel\AppData\Local\Programs\Opera\67.0.3575.53\opera.exe => No File
FirewallRules: [{CCA2AFD5-636B-47C7-8FA6-A2893FBCCD14}] => (Allow) C:\Users\intel\AppData\Local\Programs\Opera\68.0.3618.173\opera.exe => No File
FirewallRules: [TCP Query User{3793DB90-7AC1-44C0-B41C-6FEB5AFF8162}E:\portal\portal 2\portal2.exe] => (Allow) E:\portal\portal 2\portal2.exe => No File
FirewallRules: [UDP Query User{D73FA12B-3720-4DD6-9C91-571F93EDD289}E:\portal\portal 2\portal2.exe] => (Allow) E:\portal\portal 2\portal2.exe => No File
FirewallRules: [{3E82F1D1-944B-4FC8-A323-3A227CEE28F7}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe => No File
FirewallRules: [{7F2F21CC-EA37-4BDC-990A-B3724D38FE39}] => (Allow) D:\UNITYD\UNITY\Unity Hub.exe => No File
FirewallRules: [TCP Query User{7E0B7D6B-F6A7-4C14-8894-C489BFAB15EA}C:\program files\tt\tt rgb plus\tt rgb plus.exe] => (Allow) C:\program files\tt\tt rgb plus\tt rgb plus.exe => No File
FirewallRules: [UDP Query User{431ADDF8-18D7-4A39-9142-F742B0C42107}C:\program files\tt\tt rgb plus\tt rgb plus.exe] => (Allow) C:\program files\tt\tt rgb plus\tt rgb plus.exe => No File
FirewallRules: [{09891258-C1B9-4D2E-8DF5-CBAF5A3E9A5E}] => (Block) C:\Program Files (x86)\Overwolf\0.149.2.30\OverwolfBrowser.exe => No File
FirewallRules: [{9E025C41-0CE0-4AAB-8799-1C26A882D809}] => (Block) C:\Program Files (x86)\Overwolf\0.149.2.30\OverwolfBrowser.exe => No File
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\...\Run: [Chromium] => "c:\users\intel\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {20F12925-93E3-46B7-93C9-EAD92716FF87} - System32\Tasks\ChromiumUpdateTaskMachineCore => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [100352 2020-07-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {48613FCB-6757-4548-9FA2-A5C091211150} - System32\Tasks\ChromiumUpdateTaskMachineUA => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [100352 2020-07-02] (Chromium.) [File not signed] <==== ATTENTION
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nhook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nhook.exe
Task: {7B7D93E3-BEB5-45A0-9DAE-BD7D1A8CD487} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {8AFCF648-ED30-458F-9843-107B23F81EFC} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate
Edge HomeButtonPage: HKU\S-1-5-21-3149319448-1153329180-2899815915-1001 -> hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87ljpnzjx0q1ocegikmov46002720¶m1=y6bdVFVIsvuYsgEClQfz8FCk56r1czorzh7M4B1S%2FdsZ34DDAXeg1Om3dA%2F1oPEPvmHtHCuu0an26g2fS7TEXB%2F9a7TOYmoJVRmk73hGw1hiiEGbV7hui1VbYAkrCO%2F8b8EjnNUV%2F3p6epJQTnmDQjeKCXdMJx1fNJjjjOJA%2BPuKE9IXo9uCwL3CdrJkRJ8L8azybawPGEDgjkjB7Z5c6D8wGemaEj4959wRkTWCodDc%2Bv6yLUPitYsLOKvKbzvQ13Be4m2svSx3tqgCwUDQA6lbZtN%2BIw2J80CH6NHpwaQGyrwa1mG0cBsisOo9ogQBRDStzjnaBk6hJYwB9Fp1aYvDL8viy3DJsE6vqxmlWUo9dtOkSH9sYy6AXtNdoC1KOGr4imUDyLRMcqbkciHsQA%3D%3D
Edge HomePage: Default -> hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87ljpnzjx0q1ocegikmov46002720¶m1=y6bdVFVIsvuYsgEClQfz8FCk56r1czorzh7M4B1S%2FdsZ34DDAXeg1Om3dA%2F1oPEPvmHtHCuu0an26g2fS7TEXPDQ2XwcoCZAbUmiktC%2BXu0Uy2PRiTsqmDHntb1hJWQuNUAgzIWDXNXC6sQ4GyjxC2g1FOZZZmbND5JXwwfJE25qquDS3To796%2BSi4bE3OBEJo5SgNqe7gcXCeZXP%2BwJ5CJOtjToeArRdoCtB4ohYsPBmOJz%2BQ84W7Osu3Ky5XJdZCJ575TVj2q5ZvUZyOC9RICHAfl%2FU3XHR%2Ba4mzXZZ0ClSzCJzc0Wwq46FqeTSI8qpCYibyYWeWzQXvE10%2BzNOcc7WHcdyeGkdA6%2FmwWY3Ay4yx9%2BG5ClxyO6wCaqKYt7LRhKyaxSt%2FvR%2F57XzKx854q4fc%2BHF2vc6GVYR99QGtI%3D
Edge StartupUrls: Default -> "hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87ljpnzjx0q1ocegikmov46002720¶m1=y6bdVFVIsvuYsgEClQfz8FCk56r1czorzh7M4B1S%2FdsZ34DDAXeg1Om3dA%2F1oPEPvmHtHCuu0an26g2fS7TEXCEWc0baVvr1x91OF0zG2sp%2FUpiuOGsOc46kzkKTZiXmFg49rAMN7CArh9xn16n6satIfCQSkWQxafWWxWfNCwalYatRCKWGAMKJDrjbHX6Ji4Pf4gGEdeDJrkxPGnKQEkYHAttgfbmFu7Yw8TCoDFI00YcjH9C%2BsK8TF2T3PhZPbAl%2BeFmQ%2Be1PDXzK11PE0xUgyabQqGM%2B8zJgyUgqkEk1lqQN2ffJXBLqAQdyrHjewZ34JikWrBZ3b35O2zOfgIM5G89sPTDREmpovJCb%2B1lCHZU%2BHjPdVCM%2B%2B03QRgnDUtTR3kPBzTLBgRVbHYvl4Q%3D%3D"
Edge DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87ljpnzjx0q1ocegikmov46002720¶m1=y6bdVFVIsvuYsgEClQfz8FCk56r1czorzh7M4B1S%2FdsZ34DDAXeg1Om3dA%2F1oPEPvmHtHCuu0an26g2fS7TEXJjSdsHtCQsyMM4XrJUdOVO6k0DgPgyFVgmf848lj9h7Dyo52wn6qDmC4kRCtQfQq4RfpaIbhD2JG7RkzWRq9iYligK0vIatGNUfvJN20r7%2FZq1AlQkyYTL4S7eV9qgGq8ZkOE3iKPrk6FMmcxQcTtz3NGVcoucSwqE83qy60eiCV51vYLRXlLndpLv2DJ3t4ZQmZfNfdThkcFStKdMLQRkuCXepYzm3E1yjaOnMOFD5VUQzzTVXwMaP8UidOIKka%2BHC1l2t18iPo0YM4aVgPHZpU5zeMawvVNsM8vLNS0MT5gJ8bkfVr%2B%2FN86QDDBdTdQ%3D%3D&p={searchTerms}
Edge DefaultSearchKeyword: Default -> search.yahoo.com
Edge DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-07-02] (Chromium.) [File not signed]
FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-07-02] (Chromium.) [File not signed]
CHR HKLM\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]
CHR HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock]
CHR HKU\S-1-5-21-3149319448-1153329180-2899815915-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
S2 chromium; C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [100352 2020-07-02] (Chromium.) [File not signed] <==== ATTENTION
S3 chromiumm; C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [100352 2020-07-02] (Chromium.) [File not signed] <==== ATTENTION
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [956760 2020-11-13] (McAfee, LLC -> McAfee, LLC)
C:\Program Files (x86)\Chromium
cmd: slmgr /dlv
emptytemp:
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.