Posté le 29 décembre 2020
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
virustotal: C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1346413929-3406811653-1628182793-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{5CFD20E4-956E-4220-8A3B-99C4C5DE05C1}] => (Allow) C:\Users\HP\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier
FirewallRules: [TCP Query User{56805CEA-0B4E-4603-A1ED-7975A2DB210A}C:\laragon\bin\apache\httpd-2.4.35-win32-vc15\bin\httpd.exe] => (Allow) C:\laragon\bin\apache\httpd-2.4.35-win32-vc15\bin\httpd.exe => Pas de fichier
FirewallRules: [UDP Query User{B6B60D1C-80F3-4D40-ADDE-B8395203339E}C:\laragon\bin\apache\httpd-2.4.35-win32-vc15\bin\httpd.exe] => (Allow) C:\laragon\bin\apache\httpd-2.4.35-win32-vc15\bin\httpd.exe => Pas de fichier
FirewallRules: [TCP Query User{D6644907-93C3-4CBC-8B70-ED458EA0B095}C:\laragon\bin\apache\httpd-2.4.25-win32-vc14\bin\httpd.exe] => (Allow) C:\laragon\bin\apache\httpd-2.4.25-win32-vc14\bin\httpd.exe => Pas de fichier
FirewallRules: [UDP Query User{1243EF17-BA3D-41AB-AB86-4943E4D66EA7}C:\laragon\bin\apache\httpd-2.4.25-win32-vc14\bin\httpd.exe] => (Allow) C:\laragon\bin\apache\httpd-2.4.25-win32-vc14\bin\httpd.exe => Pas de fichier
FirewallRules: [TCP Query User{46F96CA4-323E-4DEF-A9E2-71E301A6A316}C:\laragon\bin\mysql\mariadb-10.2.3-win32\bin\mysqld.exe] => (Allow) C:\laragon\bin\mysql\mariadb-10.2.3-win32\bin\mysqld.exe => Pas de fichier
FirewallRules: [UDP Query User{269BB72E-BAB7-4E09-A8CF-27A2CA1D4158}C:\laragon\bin\mysql\mariadb-10.2.3-win32\bin\mysqld.exe] => (Allow) C:\laragon\bin\mysql\mariadb-10.2.3-win32\bin\mysqld.exe => Pas de fichier
C:\Program Files (x86)\Lavasoft
HKU\S-1-5-21-1346413929-3406811653-1628182793-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8442464 2020-12-18] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-1346413929-3406811653-1628182793-1001\...\Run: [Chromium] => "c:\users\hp\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-1346413929-3406811653-1628182793-1001\...\Run: [SearcherBar] => C:\WINDOWS\system32\mshta.exe [14848 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1346413929-3406811653-1628182793-1001\...\Run: [uTorrent] => C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe [2146776 2020-12-28] (BitTorrent Inc -> BitTorrent Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\3hdoebeb.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT171101&iDate=2020-05-02 06:17:06&bName=
FF NewTab: Mozilla\Firefox\Profiles\3hdoebeb.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT171101&iDate=2020-05-02 06:17:06&bName=
FF Homepage: Mozilla\Firefox\Profiles\4swv9lkt.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT171101&iDate=2020-05-02 06:17:06&bName=
FF NewTab: Mozilla\Firefox\Profiles\4swv9lkt.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT171101&iDate=2020-05-02 06:17:06&bName=
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\4swv9lkt.default-release\searchplugins\Search Now.xml [2020-12-18]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29280 2020-12-18] (LAVASOFT SOFTWARE CANADA INC -> )
S3 MpKsl49945996; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2EAB0D8C-342E-4FB7-898D-E57CBACF4C63}\MpKslDrv.sys [X]
virustotal: C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-28 15:14 - 2020-11-18 14:35 - 000000000 ____D C:\Users\HP\AppData\Local\chromium
2020-12-28 10:13 - 2020-11-18 11:33 - 000000000 ____D C:\ProgramData\KMSAuto
2020-12-22 14:01 - 2020-09-22 12:57 - 000000000 ____D C:\Users\HP\Desktop\ACTIVATION WINDOWS
2020-12-28 10:39 - 2020-12-28 10:39 - 000000000 ____D C:\SearcherBar
cmd: cscript %windir%\System32\slmgr.vbs /dli
emptytemp:
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.