Publicité
Publicité
Format du document : text/plain
Prévisualisation
CreateRestorepoint:
CloseProcesses:
Shortcut: C:\Users\Sylvie netbook\Start Menu\Programs\SpyHunter\SpyHunter.lnk -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
C:\Program Files\Enigma Software Group\
ShortcutWithArgument: C:\Users\Sylvie netbook\Start Menu\Programs\SpyHunter\Uninstall.lnk -> C:\Users\Sylvie netbook\AppData\Roaming\Enigma Software Group\sh_installer.exe (Enigma Software Group USA, LLC.) -> -r sh
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\SYLVIE~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (l'élément de données a 17 caractères en plus).
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InprocServer32 -> C:\Users\Sylvie netbook\AppData\Local\YqcfPack\xyzSE.dll ()
Task: {438BEA7A-536C-479C-BD84-FDEE10E793FB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-28] (Lavasoft Limited )
Task: {8CC04999-51CC-449D-90C1-44A669F9278A} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-02-10] (Enigma Software Group USA, LLC.)
C:\Program Files\Lavasoft\
2016-02-09 18:36 - 2016-02-09 18:36 - 00046592 _____ () C:\Users\Sylvie netbook\AppData\Local\YqcfPack\xyzSE.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
FirewallRules: [{5CF56EA1-7971-4D4E-8B6C-ED1072D42CF3}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
FirewallRules: [{EE48399D-E0B3-4D3D-9198-7DDAD2A9671E}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKU\S-1-5-21-2491233623-1694231793-1859054175-1001\...\Run: [Axbrworks] => C:\Windows\System32\regsvr32.exe "C:\Users\Sylvie netbook\AppData\Local\YqcfPack\xyzSE.dll"
HKU\S-1-5-21-2491233623-1694231793-1859054175-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Sylvie netbook\AppData\Local\YqcfPack\xyzSE.dll ATTENTION
Startup: C:\Users\Sylvie netbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhc.html [2016-02-08] ()
Startup: C:\Users\Sylvie netbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhc.png [2016-02-08] ()
Startup: C:\Users\Sylvie netbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhc.txt [2016-02-08] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [784256 2016-02-10] (Enigma Software Group USA, LLC.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2016-02-10] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [19984 2016-02-10] ()
R3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 9264DD96883E5769EE79CB43E712BE9E
C:\windows\System32\DRIVERS\EsgScanner.sys 01CE484FF6D70A39479BC6D619DE7ED6
2016-02-10 21:42 - 2016-02-10 21:43 - 00000000 ____D C:\sh4ldr
2016-02-10 21:31 - 2016-02-10 21:31 - 00019984 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-02-08 17:27 - 2016-02-08 17:27 - 00000253 _____ C:\Users\Sylvie netbook\Documents\recover_file_gvbpjgsia.txt
2016-02-08 11:39 - 2016-02-08 11:39 - 00000253 _____ C:\Users\Sylvie netbook\Documents\recover_file_jrhjyhkop.txt
2016-02-08 11:04 - 2016-02-10 17:47 - 00000000 ____D C:\Users\Sylvie netbook\AppData\Local\YqcfPack
2016-02-08 10:57 - 2016-02-08 11:59 - 00000000 ___HD C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2016-01-26 00:17 - 2016-02-08 13:13 - 00000000 ____D C:\Users\Sylvie netbook\AppData\Local\{0B8AEFF7-CE6D-4047-9E6B-3BBAF39F7FD9}
2016-01-26 00:13 - 2016-02-08 13:13 - 00000000 ____D C:\Users\Sylvie netbook\AppData\Local\{48FCF15E-7D46-44E2-9F5B-49070E8DA011}
2016-02-08 13:24 - 2011-12-16 19:14 - 00000000 ____D C:\Users\Sylvie netbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2016-02-08 11:57 - 2011-09-14 18:59 - 00000000 ____D C:\ProgramData\Trend Micro
2016-02-08 11:54 - 2011-12-28 23:01 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-08 11:54 - 2011-12-28 19:09 - 00000000 ____D C:\ProgramData\AVAST Software
cmd: del /f /q /s *HELP_RECOVER_instructions+*.*
cmd: ipconfig /flushdns
cmd: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
removeproxy:
emptytemp:
CloseProcesses:
Shortcut: C:\Users\Sylvie netbook\Start Menu\Programs\SpyHunter\SpyHunter.lnk -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
C:\Program Files\Enigma Software Group\
ShortcutWithArgument: C:\Users\Sylvie netbook\Start Menu\Programs\SpyHunter\Uninstall.lnk -> C:\Users\Sylvie netbook\AppData\Roaming\Enigma Software Group\sh_installer.exe (Enigma Software Group USA, LLC.) -> -r sh
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\SYLVIE~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (l'élément de données a 17 caractères en plus).
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> pas de chemin du fichier
CustomCLSID: HKU\S-1-5-21-2491233623-1694231793-1859054175-1001_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InprocServer32 -> C:\Users\Sylvie netbook\AppData\Local\YqcfPack\xyzSE.dll ()
Task: {438BEA7A-536C-479C-BD84-FDEE10E793FB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-28] (Lavasoft Limited )
Task: {8CC04999-51CC-449D-90C1-44A669F9278A} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-02-10] (Enigma Software Group USA, LLC.)
C:\Program Files\Lavasoft\
2016-02-09 18:36 - 2016-02-09 18:36 - 00046592 _____ () C:\Users\Sylvie netbook\AppData\Local\YqcfPack\xyzSE.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
FirewallRules: [{5CF56EA1-7971-4D4E-8B6C-ED1072D42CF3}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
FirewallRules: [{EE48399D-E0B3-4D3D-9198-7DDAD2A9671E}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKU\S-1-5-21-2491233623-1694231793-1859054175-1001\...\Run: [Axbrworks] => C:\Windows\System32\regsvr32.exe "C:\Users\Sylvie netbook\AppData\Local\YqcfPack\xyzSE.dll"
HKU\S-1-5-21-2491233623-1694231793-1859054175-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Sylvie netbook\AppData\Local\YqcfPack\xyzSE.dll ATTENTION
Startup: C:\Users\Sylvie netbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhc.html [2016-02-08] ()
Startup: C:\Users\Sylvie netbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhc.png [2016-02-08] ()
Startup: C:\Users\Sylvie netbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhc.txt [2016-02-08] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [784256 2016-02-10] (Enigma Software Group USA, LLC.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2016-02-10] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [19984 2016-02-10] ()
R3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 9264DD96883E5769EE79CB43E712BE9E
C:\windows\System32\DRIVERS\EsgScanner.sys 01CE484FF6D70A39479BC6D619DE7ED6
2016-02-10 21:42 - 2016-02-10 21:43 - 00000000 ____D C:\sh4ldr
2016-02-10 21:31 - 2016-02-10 21:31 - 00019984 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-02-08 17:27 - 2016-02-08 17:27 - 00000253 _____ C:\Users\Sylvie netbook\Documents\recover_file_gvbpjgsia.txt
2016-02-08 11:39 - 2016-02-08 11:39 - 00000253 _____ C:\Users\Sylvie netbook\Documents\recover_file_jrhjyhkop.txt
2016-02-08 11:04 - 2016-02-10 17:47 - 00000000 ____D C:\Users\Sylvie netbook\AppData\Local\YqcfPack
2016-02-08 10:57 - 2016-02-08 11:59 - 00000000 ___HD C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2016-01-26 00:17 - 2016-02-08 13:13 - 00000000 ____D C:\Users\Sylvie netbook\AppData\Local\{0B8AEFF7-CE6D-4047-9E6B-3BBAF39F7FD9}
2016-01-26 00:13 - 2016-02-08 13:13 - 00000000 ____D C:\Users\Sylvie netbook\AppData\Local\{48FCF15E-7D46-44E2-9F5B-49070E8DA011}
2016-02-08 13:24 - 2011-12-16 19:14 - 00000000 ____D C:\Users\Sylvie netbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2016-02-08 11:57 - 2011-09-14 18:59 - 00000000 ____D C:\ProgramData\Trend Micro
2016-02-08 11:54 - 2011-12-28 23:01 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-08 11:54 - 2011-12-28 19:09 - 00000000 ____D C:\ProgramData\AVAST Software
cmd: del /f /q /s *HELP_RECOVER_instructions+*.*
cmd: ipconfig /flushdns
cmd: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
removeproxy:
emptytemp: