Publicité
Publicité
Format du document : text/plain
Prévisualisation
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\...\MountPoints2: {a549613e-106f-11e2-a4cd-9439e5c4405e} - F:\Startme.exe
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\...\MountPoints2: {e25ec86c-a2ea-11e3-ba58-78843cfdfa7e} - H:\autorun.exe
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\...\MountPoints2: {e25ec87c-a2ea-11e3-ba58-78843cfdfa7e} - I:\autorun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
URLSearchHook: [S-1-5-21-1137401528-1338352564-3384898132-1000] ATTENTION => URLSearchHook par défaut est absent
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1137401528-1338352564-3384898132-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1137401528-1338352564-3384898132-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: IDM CC - C:\Users\ONECS\AppData\Roaming\Mozilla\Firefox\Profiles\3mqxb7ak.default\extensions\mozilla_cc@internetdownloadmanager.com [2015-05-22] [non signé]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [Fichier non signé]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-11-25] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Fichier non signé]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 aakinjcu; C:\Windows\System32\Drivers\aakinjcu.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zéro octet Fichier/Dossier)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11616 2001-08-25] () [Fichier non signé]
Task: {6741A9E7-0515-4249-ABC6-ADF5C4F18CB3} - System32\Tasks\{483F8323-9D2E-49BC-8787-38F25E5A6333} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116.259&LastError=12002
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
Read more at http://www.cjoint.com/c/FHcxkaDRcqv#dLBVyUZ98swLdkJt.99
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\...\MountPoints2: {a549613e-106f-11e2-a4cd-9439e5c4405e} - F:\Startme.exe
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\...\MountPoints2: {e25ec86c-a2ea-11e3-ba58-78843cfdfa7e} - H:\autorun.exe
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\...\MountPoints2: {e25ec87c-a2ea-11e3-ba58-78843cfdfa7e} - I:\autorun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?
HKU\S-1-5-21-1137401528-1338352564-3384898132-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
URLSearchHook: [S-1-5-21-1137401528-1338352564-3384898132-1000] ATTENTION => URLSearchHook par défaut est absent
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1137401528-1338352564-3384898132-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1137401528-1338352564-3384898132-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: IDM CC - C:\Users\ONECS\AppData\Roaming\Mozilla\Firefox\Profiles\3mqxb7ak.default\extensions\mozilla_cc@internetdownloadmanager.com [2015-05-22] [non signé]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [Fichier non signé]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-11-25] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Fichier non signé]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 aakinjcu; C:\Windows\System32\Drivers\aakinjcu.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zéro octet Fichier/Dossier)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11616 2001-08-25] () [Fichier non signé]
Task: {6741A9E7-0515-4249-ABC6-ADF5C4F18CB3} - System32\Tasks\{483F8323-9D2E-49BC-8787-38F25E5A6333} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116.259&LastError=12002
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
Read more at http://www.cjoint.com/c/FHcxkaDRcqv#dLBVyUZ98swLdkJt.99