Posté le 10 mars 2021
Télécharger | Reposter | Largeur fixe


start::
CreateRestorePoint:
CloseProcesses:

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKLM\...\.scr: => <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_6bd6eb9e46d3a4373e¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaITAbQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4ICIXvFRdIGYYwVQ4ICIWvFNdIGYXNVA9Jmk4wVU9GqYVNUI3wGYGwVQ4JmIVwVQ9GqUNNos3wCoUwVA4ISIWwVA9ISITwVM4ICIVwV5cGWUWvmE9GqUNNFxcJqUDNF5bDGUNNEU3wGQGvFNdJqYXwVI9JCoWvmldICISvFJdIWYUvFE9I6IVvFRdIWYXwVw9ISIVvFQ3vCISvFI4JaYYvmo9J6oUvFJdJCIWvFQ4IGYTNoU9GqUMNFBcJqQzNEBcGqQANFdcFCk8NoM9JGYVvFRdIGYTvFE9JGYXwVw3vmoXNVU4JmISvFE4Jmk3NVI9I6k4vFFdJqYTwVw4JmIWNVA4IGYTNVQ9JGYTvFNdIqYWwVNbFCILNVVdGSk8vFE9GqUXNolcEqUFNENcGmk8wVQ9J6k3vmk4J6ILNEVbDqUXNEZcFmk8wVM4ISoVvmk3vmoWvmk4J6k3vFNoNqAqxrFaIWV6MGxdNqZbMWRoNqAsQGMVvDIlC7kuNGouNqYuzn44C6MewnEbzo1dNU1dNXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpEfwTEbxSQkx7F%3D¶m2=LGF6NWJ5NqBb
HKU\S-1-5-21-3847010704-510376426-783683483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_cpohxt_20_05_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEtByB0E0AtByEtCyC0E0B0FtBzytAtN0D0Tzu0StBzyyDtAtN1L2XzuyEtFyCtCtFtDtFyDtBtN1L1Czu1ByE1VtAtN1L1G1B1V1N2Y1L1Qzu2SyD0C0Ezz0FzzyB0CtGyB0FyB0BtG0F0AzzzytGtDtDtD0BtGzy0E0EyBtAtCyCyDyBzzzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAyBtB0DyCyE0BtGyEyEtDyBtGyEzyyDtBtG0AtCtByBtGyCzz0EtDyByB0DyC0F0DtAyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztDyDyByBzyyCtB%26cr%3D1080646626%26a%3Dwsg_cpohxt_20_05_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldastr_16_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByEtByB0E0AtByEtCyC0E0B0FtBzytAtN0D0Tzu0StCyCyBtDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0F0FyC0AtBtBtCtGtBtA0CyBtGyEzzyDzytGtAyD0E0CtG0BzztDtByBtDzyyE0EtBtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAyBtB0DyCyE0BtGyEyEtDyBtGyEzyyDtBtG0AtCtByBtGyCzz0EtDyByB0DyC0F0DtAyE2QtN0A0LzuyE%26cr%3D1262795073%26a%3Dwbf_dnldastr_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldastr_16_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByEtByB0E0AtByEtCyC0E0B0FtBzytAtN0D0Tzu0StCyCyBtDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0F0FyC0AtBtBtCtGtBtA0CyBtGyEzzyDzytGtAyD0E0CtG0BzztDtByBtDzyyE0EtBtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAyBtB0DyCyE0BtGyEyEtDyBtGyEzyyDtBtG0AtCtByBtGyCzz0EtDyByB0DyC0F0DtAyE2QtN0A0LzuyE%26cr%3D1262795073%26a%3Dwbf_dnldastr_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldastr_16_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByEtByB0E0AtByEtCyC0E0B0FtBzytAtN0D0Tzu0StCyCyBtDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0F0FyC0AtBtBtCtGtBtA0CyBtGyEzzyDzytGtAyD0E0CtG0BzztDtByBtDzyyE0EtBtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAyBtB0DyCyE0BtGyEyEtDyBtGyEzyyDtBtG0AtCtByBtGyCzz0EtDyByB0DyC0F0DtAyE2QtN0A0LzuyE%26cr%3D1262795073%26a%3Dwbf_dnldastr_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldastr_16_30¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByEtByB0E0AtByEtCyC0E0B0FtBzytAtN0D0Tzu0StCyCyBtDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0F0FyC0AtBtBtCtGtBtA0CyBtGyEzzyDzytGtAyD0E0CtG0BzztDtByBtDzyyE0EtBtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAyBtB0DyCyE0BtGyEyEtDyBtGyEzyyDtBtG0AtCtByBtGyCzz0EtDyByB0DyC0F0DtAyE2QtN0A0LzuyE%26cr%3D1262795073%26a%3Dwbf_dnldastr_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3847010704-510376426-783683483-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_cpohxt_20_05_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEtByB0E0AtByEtCyC0E0B0FtBzytAtN0D0Tzu0StBzyyDtAtN1L2XzuyEtFyCtCtFtDtFyDtBtN1L1Czu1ByE1VtAtN1L1G1B1V1N2Y1L1Qzu2SyD0C0Ezz0FzzyB0CtGyB0FyB0BtG0F0AzzzytGtDtDtD0BtGzy0E0EyBtAtCyCyDyBzzzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAyBtB0DyCyE0BtGyEyEtDyBtGyEzyyDtBtG0AtCtByBtGyCzz0EtDyByB0DyC0F0DtAyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztDyDyByBzyyCtB%26cr%3D1080646626%26a%3Dwsg_cpohxt_20_05_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3847010704-510376426-783683483-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_cpohxt_20_05_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEtByB0E0AtByEtCyC0E0B0FtBzytAtN0D0Tzu0StBzyyDtAtN1L2XzuyEtFyCtCtFtDtFyDtBtN1L1Czu1ByE1VtAtN1L1G1B1V1N2Y1L1Qzu2SyD0C0Ezz0FzzyB0CtGyB0FyB0BtG0F0AzzzytGtDtDtD0BtGzy0E0EyBtAtCyCyDyBzzzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAyBtB0DyCyE0BtGyEyEtDyBtGyEzyyDtBtG0AtCtByBtGyCzz0EtDyByB0DyC0F0DtAyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztDyDyByBzyyCtB%26cr%3D1080646626%26a%3Dwsg_cpohxt_20_05_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3847010704-510376426-783683483-1001 -> {82DF4654-1ED0-4B98-A92F-FA92E1A7280D} URL = hxxp://www.fr-gogo.com/search?q={searchTerms}
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {D85E0101-F141-41EB-85E1-67D3CF4797A2} - \Skype -> Pas de fichier <==== ATTENTION
Task: {EBEF51E1-AB3F-4E74-BF2A-1FFFFD240CB7} - \{1863591F-F1C1-5624-2D46-6D03DA343685} -> Pas de fichier <==== ATTENTION
Task: {8B337644-F36C-4F95-966B-C3456EC3DAA4} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {780C267F-7E90-45F1-9ACE-7420287BC403} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION

CHR HKLM\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]
CHR HKU\S-1-5-21-3847010704-510376426-783683483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKU\S-1-5-21-3847010704-510376426-783683483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]
CHR HKLM-x32\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [kmnjapfoibbicnfncoogmbnbeoocjjan]
CHR HKLM-x32\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]

Edge HomeButtonPage: HKU\S-1-5-21-3847010704-510376426-783683483-1001 -> hxxp://www.fr-gogo.com/
Edge StartupUrls: Default -> "hxxp://www.fr-gogo.com/"
Edge DefaultSearchURL: Default -> hxxp://www.fr-gogo.com/search?q={searchTerms}
Edge DefaultSearchKeyword: Default -> fr-gogo.com
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC06&PTAG=ICO-5f6c3ea5eb8c08e1","hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_dnldastr_16_30¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByEtByB0E0AtByEtCyC0E0B0FtBzytAtN0D0Tzu0StCyCyCzztN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtDyB0DtAyBzyzztGyBzz0FzztGyEzy0EzztGyDtAyCyBtGtA0B0ByByBzyzz0FtD0AzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAyBtB0DyCyE0BtGyEyEtDyBtGyEzyyDtBtG0AtCtByBtGyCzz0EtDyByB0DyC0F0DtAyE2QtN0A0LzuyE%26cr%3D369602068%26a%3Dwnf_dnldastr_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&uref=chmm","hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_cpohxt_20_05_ssg00¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEtByB0E0AtByEtCyC0E0B0FtBzytAtN0D0Tzu0StBzyyDtAtN1L2XzuyEtFyCtCtFtDtFyDtBtN1L1Czu1ByE1VtAtN1L1G1B1V1N2Y1L1Qzu2SyD0C0Ezz0FzzyB0CtGyB0FyB0BtG0F0AzzzytGtDtDtD0BtGzy0E0EyBtAtCyCyDyBzzzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAyBtB0DyCyE0BtGyEyEtDyBtGyEzyyDtBtG0AtCtByBtGyCzz0EtDyByB0DyC0F0DtAyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztDyDyByBzyyCtB%26cr%3D1080646626%26a%3Dwsg_cpohxt_20_05_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise"
Virustotal: C:\Program Files (x86)\OLBPre\OLBPre.exe
Virustotal: C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
cmd: cscript %windir%\system32\slmgr.vbs /dlv
EmptyTemp:
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.