Posté le 8 janvier 2021
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
cmd: type C:\ProgramData\NTUSER.pol
virustotal: C:\Users\jean-luc\AppData\Local\Fetode\updane.exe
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3326121687-547004056-839156257-1001\...\Run: [5KPlayer] => C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe [30207640 2019-05-17] (Digiarty Software, Inc. -> DearMob)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {29E8F470-4A53-4EBF-A5D6-E154E9C4B485} - System32\Tasks\{6EE2199B-CE7B-4A16-804A-D820D09D9D19} => C:\WINDOWS\system32\pcalua.exe -a "F:\Portable jl Disque D\Temp\MapSource_6163.exe" -d "F:\Portable jl Disque D\Temp" <==== ATTENTION
Task: {5A2028D3-B5AD-45E3-975B-C5CAD624522F} - System32\Tasks\{32B9EA18-E63C-2939-6409-2C2003566221} => C:\Users\jean-luc\AppData\Roaming\32B9EA~1\SYNHEL~1.EXE <==== ATTENTION
Task: {03e4447a-7d86-487c-a10e-e82dcab353ee} - pas de chemin du fichier
Task: {7d4804ce-5d5f-45ba-9eb3-61dc8c5ac878} - pas de chemin du fichier
Task: {DD779EE3-6CE9-4711-AE42-D7CFC8F74005} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {DFD2F179-C13C-4C1D-AB04-93FDDDDFE9FB} - System32\Tasks\{23C43627-997E-495F-8541-423FAC5E62DF} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Cool2000\cool2000.exe" -d "C:\Program Files (x86)\Cool2000"
Task: C:\WINDOWS\Tasks\{32B9EA18-E63C-2939-6409-2C2003566221}.job => C:\Users\jean-luc\AppData\Roaming\32B9EA~1\SYNHEL~1.EXE <==== ATTENTION
Edge StartupUrls: Default -> "hxxps://fr.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_0936b94a7717f56025¶m1=ArFaIWxoNqArQGMVIDImAHFbMnMqQGMVAmRoNqAdBHFaISoeATVoNqAqAXFaIWQBvmE4ICILNopcGWUIvmFdJmk3vmldJCoWwVJdJCIWvFJdIqYTwVVdICoWvmo9ISILNVJdESk8NUM9JmIVvFM9J6ILNFdbDSk8wVU9ImIXvmo9ImoUwVA4ISIYwV5cGWUWvmE9GqUNNFxcJqUDNF5bDGUNNEU3wGQGvFQ4IWYTwVQ3vmoUwVM4ICISvFRdJGYVNVE9IaYUwVNdISk4wVw4J6oVNVE9JCISvFM9JaYTNVM9JCoXNVE9JCk4NVBdImIYNoU9GqUMNFBcJqQzNEBcGqQANFdcFCk8NoM4ICIYNVI4ISoVNVE4IWYVwVxdISIVvFM9JCISvFFdIGYTwVU9I6k3wVM9JqYTwVxdJaYXvFNdJaYVwVQ9ISIYNVNdJ6IVvFFbFCILNVVdGSk8vFFoNqAqxrFaIWt7MaxbNGt9NXFbMnVoN9I4ATsux81cM81aMU0gzDRoNqAex807ACRoN9JcNX5dQGR7y6NoN9ICzD4py6waQGQXNGZoNpQRy78o¶m2=NGFaMqBbNat5Mt%3D%3D"
Edge DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas&p={searchTerms}
Edge DefaultSearchKeyword: Default -> fr.yahoo.com
Edge DefaultSuggestURL: Default -> hxxps://fr.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
C:\Program Files (x86)\Malwarebytes Anti-Malware
S3 HIDSwitch; \SystemRoot\System32\drivers\AsHIDSwitch64.sys [X]
S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]
2021-01-05 12:43 - 2021-01-05 12:43 - 000000000 ____D C:\Users\jean-luc\Documents\TotalAV
2021-01-05 12:38 - 2021-01-05 12:38 - 000000000 ____D C:\Users\jean-luc\AppData\Local\GUI.Win
2021-01-05 12:38 - 2021-01-05 12:38 - 000000000 ____D C:\ProgramData\SecuritySuite
2021-01-05 12:00 - 2021-01-05 12:02 - 054108544 _____ C:\Users\jean-luc\Downloads\TotalAV_Setup.exe
cmd: sfc /scannow
cmd: netsh advfirewall reset
emptytemp:
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.