Posté le 7 janvier 2021
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-3471130438-1486898144-3269703206-1001_Classes\CLSID\{CF6B297C-0DA3-4b41-AA25-2C54B562224E}\InprocServer32 -> D:\PSIM12.0.3_StudentX64\PSimShEx.dll => Pas de fichier
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\mouhc\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\mouhc\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\mouhc\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\mouhc\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\mouhc\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\mouhc\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\mouhc\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
HKU\S-1-5-21-3471130438-1486898144-3269703206-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3471130438-1486898144-3269703206-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://fr.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.0.1.6294_u_ds
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-08] (Comodo Security Solutions, Inc. -> COMODO)
C:\Program Files (x86)\COMODO
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-08] (Comodo Security Solutions, Inc. -> COMODO)
HKU\S-1-5-21-3471130438-1486898144-3269703206-1001\...\Run: [mouhc] => explorer.exe hxxp://sd-steam.info <==== ATTENTION
HKU\S-1-5-21-3471130438-1486898144-3269703206-1001\...\Winlogon: [Shell] C:\Users\mouhc\AppData\Roaming\Unpacker\Unpacker.exe [287912960 2020-09-03] (Unpacker) [Fichier non signé] <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {10F10DE3-DA94-4838-9038-0CCA8DC12EC9} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {29688C86-1009-4B63-BEBD-53884FC55F8E} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {44B8E5AB-CCC6-4D03-B25F-FE15D1167F3B} - System32\Tasks\SoundBass => C:\Users\mouhc\AppData\Roaming\Unpacker\Unpacker.exe [287912960 2020-09-03] (Unpacker) [Fichier non signé] <==== ATTENTION
Task: {66B7404E-5A62-4405-B6D8-14A45DE93D3E} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {6EC9940B-94A0-4BD7-AD3E-3383A5D30A61} - System32\Tasks\mouhc => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v mouhc /t REG_SZ /d "explorer.exe http://sd-steam.info" <==== ATTENTION
Task: {E457DFB2-AC79-405F-9659-E926010B424B} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghFdQwBBwhEEhhGcQoMTA1JFlYOIVgBURRAFFQUJlgPUVhGRAQFIk0FA1oDB0VXfV5bFElXTwhuL1ddGG8YSlxNJw=="
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
S2 SystemServices; C:\Program Files\qemu\SystemServices.exe [122368 2020-01-08] () [Fichier non signé] <==== ATTENTION
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-08] (Comodo Security Solutions, Inc. -> COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (Comodo Security Solutions, Inc. -> COMODO)
C:\WINDOWS\system32\winlogui.exe
C:\WINDOWS\system32\StartupCheckLibrary.dll
C:\WINDOWS\system32\winrmsrv.exe
cmd: netsh advfirewall reset
emptytemp:
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.