Posté le 4 décembre
Télécharger | Reposter | Largeur fixe

start::
SystemRestore: on
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
(explorer.exe ->) (Lavasoft Software Canada Inc. -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(C:\Program Files (x86)\TotalAV\SecurityService.exe ->) (Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Pas de fichier)
HKU\S-1-5-21-4128362433-1591382183-1842780436-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [10125528 2023-11-16]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{65122CB0-EA0F-47DF-A953-017170ED12F9}] -> "C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\chrmstp.exe"
GroupPolicy-Firefox: Restriction
Task: {66E620CB-9ABA-447B-BEB4-A7162D49AD5E} - \Opera scheduled assistant Autoupdate 1581075286 -> Pas de fichier
Task: {EBFDDC55-88DD-4E10-86C7-6E8FA38E211A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {7F83101A-D5E8-4CDE-AA65-E82DE821ADC3} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {8B7265A0-236A-4700-8212-B89A93F07FF8} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {829C07C1-CFF1-4306-9A57-FE7E65DD4A53} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe
Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3:
FF NewTab: Mozilla\Firefox\Profiles\lsayimjg.default -> hxxps://mynewtab.co?pId=KL150601&iDate=020518&searchEngine=bing
FF SearchPlugin: C:\Users\dd\AppData\Roaming\Mozilla\Firefox\Profiles\lsayimjg.default\searchplugins\Yahoo Search.xml
FF Homepage: Comodo\IceDragon\Profiles\p7ytw0nu.default -> about:newtab
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\npAvastBrowserUpdate3.dll
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1631.4\npAvastBrowserUpdate3.dll
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\dsengine.js [2018-02-05]
FF ExtraCheck: C:\Program Files\mozilla firefox\dsengine.cfg [2018-02-05]
FF Extension: (Tab Auto Refresh) - C:\Users\dd\AppData\Roaming\Mozilla\Firefox\Profiles\lsayimjg.default\Extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-06-01]
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-06-01]
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\109.0.19987.120\elevation_service.exe
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [274624 2023-10-31]
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [629648 2017-02-04]
R2 VPNService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\VPNServiceHost.exe [20184 2023-11-16]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [27864 2023-11-16]
U3 Tdeeows_; pas de ImagePath
R1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [86880 2023-10-31]
S3 MSICDSetup; \??\G:\CDriver64.sys [X]
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
S3 NTIOLib_1_0_C; \??\G:\NTIOLib_X64.sys [X]
2023-12-03 11:09 - 2023-12-03 11:09 - 000000000 ____D C:\Users\dd\Documents\TotalAV
2023-12-03 11:06 - 2023-12-04 09:57 - 000001081 _____ C:\Users\dd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2023-12-03 11:03 - 2023-12-03 11:06 - 000000000 ____D C:\ProgramData\TotalAV
2023-12-03 11:03 - 2023-12-03 11:03 - 000000955 _____ C:\Users\Public\Desktop\TotalAV.lnk
2023-12-03 11:02 - 2023-12-04 09:56 - 000000000 ____D C:\Program Files (x86)\TotalAV
2023-12-03 15:26 - 2023-05-27 08:58 - 000000000 ____D C:\Users\dd\AppData\LocalLow\Comodo
TotalAV (HKLM-x32\...\TotalAV) (Version: 5.24.38 - TotalAV)
UC Browser (HKLM-x32\...\UCBrowser) (Version: 6.0.1308.1016 - UCWeb Inc.)
Web Companion (HKLM-x32\...\{e1807f45-b646-4331-9059-ac7f723336fa}) (Version: 11.2.1.641 - Lavasoft)
CustomCLSID: HKU\S-1-5-21-4128362433-1591382183-1842780436-1000_Classes\CLSID\{0BF5E937-0758-402E-AB2A-7D6808D972BB}\localserver32 -> "C:\Users\dd\AppData\Local\Vivaldi\Application\5.4.2753.47\notification_helper.exe" => Pas de fichier
2019-08-15 18:13 - 2019-08-15 18:13 - 000989184 _____ () [Fichier non signé] C:\Program Files (x86)\TotalAV\e_sqlite3.DLL
2023-10-31 16:03 - 2023-10-31 16:03 - 000116736 _____ () [Fichier non signé] C:\Program Files (x86)\TotalAV\Netlib.dll
HKU\S-1-5-21-4128362433-1591382183-1842780436-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fr.search.yahoo.com/?fr=avantsearch6
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4128362433-1591382183-1842780436-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-4128362433-1591382183-1842780436-1000\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-4128362433-1591382183-1842780436-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4128362433-1591382183-1842780436-1000\...\webcompanion.com -> hxxp://webcompanion.com
EmptyTemp:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.