cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

:OTL
SRV - [2014/09/01 20:26:50 | 001,317,096 | ---- | M] (MyOSCompany) [On_Demand | Running] -- C:\Program Files\Web Protect\MyOSProtect.exe -- (MyOSProtect)
DRV - [2014/09/01 20:29:16 | 000,019,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pcwatch.sys -- (pcwatch)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2484;https=127.0.0.1:2484;
IE - HKU\.DEFAULT\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2484;https=127.0.0.1:2484;
IE - HKU\S-1-5-18\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx88tHW9eLsG_ntz9StVAjk9fGmtypnBnOjwUNGd1WVHf_L4l7Ip-XzNHyZQMSNxw4MEpYE1WpVYOSGdwR_qKW60zkBYakFaTJpcUFAhWlcJ2VgetaIvmyc3FBcGnHdP6K1IyeWGEIhp54eOp-kH18AcQa_0Oax45PY9_KwjabjpQ,,&q={searchTerms}
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx88tHW9eLsG_ntz9StVAjk9fGmtypnBnOjwUNGd1WVHf_L4l7Ip-XzNHyZQMSNxw4MEpYE1WpVYOSGdwR_qKW60zkBYakFaTJpcUFAhWlcJ2VgetaIvmyc3FBcGnHdP6K1IyeWGEIhp54eOp-kH18AcQa_0Oax45PY9_KwjabjpQ,,&q={searchTerms}
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx88tHW9eLsG_ntz9StVAjk9fGmtypnBnOjwUNGd1WVHf_L4l7Ip-XzNHyZQMSNxw4MEpYE1WpVYOSGdwR_qKW60zWGUhUcXl8LiesN7nWvm11xBjq71Ph5cH3BzJVH3084Oh24M2mDWHqj7dEX4K4_e1JKqXnzL4Wqe4b1cgbzKw,,
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx88tHW9eLsG_ntz9StVAjk9fGmtypnBnOjwUNGd1WVHf_L4l7Ip-XzNHyZQMSNxw4MEpYE1WpVYOSGdwR_qKW60zkBYakFaTJpcUFAhWlcJ2VgetaIvmyc3FBcGnHdP6K1IyeWGEIhp54eOp-kH18AcQa_0Oax45PY9_KwjabjpQ,,&q={searchTerms}
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx88tHW9eLsG_ntz9StVAjk9fGmtypnBnOjwUNGd1WVHf_L4l7Ip-XzNHyZQMSNxw4MEpYE1WpVYOSGdwR_qKW60zkBYakFaTJpcUFAhWlcJ2VgetaIvmyc3FBcGnHdP6K1IyeWGEIhp54eOp-kH18AcQa_0Oax45PY9_KwjabjpQ,,&q={searchTerms}
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx88tHW9eLsG_ntz9StVAjk9fGmtypnBnOjwUNGd1WVHf_L4l7Ip-XzNHyZQMSNxw4MEpYE1WpVYOSGdwR_qKW60zkBYakFaTJpcUFAhWlcJ2VgetaIvmyc3FBcGnHdP6K1IyeWGEIhp54eOp-kH18AcQa_0Oax45PY9_KwjabjpQ,,&q={searchTerms}
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx88tHW9eLsG_ntz9StVAjk9fGmtypnBnOjwUNGd1WVHf_L4l7Ip-XzNHyZQMSNxw4MEpYE1WpVYOSGdwR_qKW60zkBYakFaTJpcUFAhWlcJ2VgetaIvmyc3FBcGnHdP6K1IyeWGEIhp54eOp-kH18AcQa_0Oax45PY9_KwjabjpQ,,&q={searchTerms}
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx88tHW9eLsG_ntz9StVAjk9fGmtypnBnOjwUNGd1WVHf_L4l7Ip-XzNHyZQMSNxw4MEpYE1WpVYOSGdwR_qKW60zWGUhUcXl8LiesN7nWvm11xBjq71Ph5cH3BzJVH3084Oh24M2mDWHqj7dEX4K4_e1JKqXnzL4Wqe4b1cgbzKw,,
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx88tHW9eLsG_ntz9StVAjk9fGmtypnBnOjwUNGd1WVHf_L4l7Ip-XzNHyZQMSNxw4MEpYE1WpVYOSGdwR_qKW60zkBYakFaTJpcUFAhWlcJ2VgetaIvmyc3FBcGnHdP6K1IyeWGEIhp54eOp-kH18AcQa_0Oax45PY9_KwjabjpQ,,&q={searchTerms}
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx88tHW9eLsG_ntz9StVAjk9fGmtypnBnOjwUNGd1WVHf_L4l7Ip-XzNHyZQMSNxw4MEpYE1WpVYOSGdwR_qKW60zkBYakFaTJpcUFAhWlcJ2VgetaIvmyc3FBcGnHdP6K1IyeWGEIhp54eOp-kH18AcQa_0Oax45PY9_KwjabjpQ,,&q={searchTerms}
CHR - Extension: Quick start = D:\Documents and Settings\Daniel_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4 - Startup: D:\Documents and Settings\Daniel_2\Menu D�marrer\Programmes\D�marrage\jfcebwcd.lnk = File not found
O4 - Startup: D:\Documents and Settings\Daniel_2\Menu D�marrer\Programmes\D�marrage\Pense-B�te 79g.lnk = File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 10.55.2)
SafeBootNet: MyOSProtect - C:\Program Files\Web Protect\MyOSProtect.exe (MyOSCompany)
[2014/09/05 23:59:49 | 000,304,776 | ---- | C] (MyOSCompany) -- C:\WINDOWS\System32\MyOSProtect.dll
[2014/09/05 23:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Web Protect
[2014/08/27 20:03:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\XTRM Group Ltd
[2014/09/06 14:10:45 | 000,004,144 | ---- | M] () -- C:\WINDOWS\System32\MyOSProtect.ini
[2014/09/06 14:10:45 | 000,002,072 | ---- | M] () -- C:\WINDOWS\System32\MyOSProtectOff.ini
[2014/09/01 20:29:16 | 000,019,840 | ---- | M] () -- C:\WINDOWS\System32\drivers\pcwatch.sys
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\MyOSProtect.dll (MyOSCompany)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\MyOSProtect.dll (MyOSCompany)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\MyOSProtect.dll (MyOSCompany)

:files
D:\Documents and Settings\Daniel_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,\
79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,\
00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,\
73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00

:commands
[emptytemp]

Publicité


Signaler le contenu de ce document

Publicité