Start:: CloseProcesses: CreateRestorePoint:...

Posté le 17 novembre 2020
Télécharger | Reposter | Largeur fixe

Start::
CloseProcesses:
CreateRestorePoint:
Removeproxy:
Hosts:
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-930400344-1600436398-98965620-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-930400344-1600436398-98965620-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\123simsen.com -> www.123simsen.com
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [270]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Pas de fichier
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Pas de fichier
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Pas de fichier
Task: {26B8501C-2CA7-4F8F-9D3D-80146A766AFC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [109360 2020-10-27] (ESET, spol. s r.o. -> ESET)
2020-10-27 10:29 - 2020-07-10 14:52 - 000109360 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2020-10-23 22:49 - 2014-05-22 16:59 - 000000000 ____D C:\ProgramData\Temp
2020-11-14 19:00 - 2020-11-14 19:00 - 000000000 ____D C:\Users\Eset\ESET
2020-11-14 18:28 - 2020-11-14 19:22 - 000000000 ____D C:\Users\Eset
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
cmd: sfc /scannow
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
cmd: netsh winsock reset
Emptytemp:
End::