Publicité
Publicité
Format du document : text/plain
Prévisualisation
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-1110916604-2690954944-2937728151-1000\...\MountPoints2: G - G:\start.exe
HKU\S-1-5-21-1110916604-2690954944-2937728151-1000\...\MountPoints2: {843ffd62-5746-11e6-8621-002556be7f88} - H:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Pas de fichier
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Pas de fichier
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Pas de fichier
Startup: C:\Users\Owate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2016-09-21]
BootExecute: autocheck autochk * sdnclean.exe
URLSearchHook: [S-1-5-21-1110916604-2690954944-2937728151-1000] ATTENTION => URLSearchHook par défaut est absent
SearchScopes: HKLM -> DefaultScope la valeur est absente
SearchScopes: HKU\S-1-5-21-1110916604-2690954944-2937728151-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ProfilePath: C:\Users\Owate\AppData\Roaming\Mozilla\Firefox\Profiles\yen0cq91.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7B%20var%20lhost%2C%20localIpAddresses%2C%20localDomains%2C%20ipNotation%2C%20i%3B%20function%20isPlainHostNameEx()%20%7B%20return%20!(!!~lhost.indexOf('.')%20%7C%7C%20!!~lhost.indexOf('%3A'))%3B%20%7D%20lhost%20%3D%20host.toLowerCase()%3B%20ipNotation%20%3D%20%2F%5E%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%24%2Fg%3B%20localIpAddresses%20%3D%20%5B'127.0.0.1'%2C'10.*.*.*'%2C'172.1%5B6-9%5D.*.*'%2C'172.2%5B1-9%5D.*.*'%2C'172.3%5B0-1%5D.*.*'%2C'192.168.*.*'%5D%3B%20localDomains%20%3D%20%5B'zeus.pm'%2C'zenguard.biz'%2C'local'%2C'dev'%2C'ip'%2C'box'%2C'lvh.me'%2C'ripe'%2C'invalid'%2C'intra'%2C'intranet'%2C'onion'%2C'vcap.me'%2C'127.0.0.1.xip.io'%2C'smackaho.st'%2C'localtest.me'%2C'site'%5D%3B%20if%20(isPlainHostNameEx())%20%7B%20return%20'DIRECT'%3B%20%7D%20if%20(ipNotation.test(lhost))%20%7B%20for%20(i%20%3D%200%3B%20i%20%3C%20localIpAddresses.length%3B%20i%2B%2B)%20%7B%20if%20(shExpMatch(lhost%2C%20localIpAddresses%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20%7D%20for%20(i%20%3D%200%3B%20i%20%3C%20localDomains.length%3B%20i%2B%2B)%20%7B%20if%20(dnsDomainIs(lhost%2C%20localDomains%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20return%20'PROXY%20127.0.0.1%3A3125'%3B%20%7D%20%2F*ZenMate*%2F"
FF NetworkProxy: "type", 0
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [X]
S3 catchme; \??\C:\Users\Owate\AppData\Local\Temp\catchme.sys [X]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [X]
S3 eapihdrv; \??\C:\Users\Owate\AppData\Local\Temp\ehdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
2016-09-14 21:37 - 2016-09-14 21:39 - 00000000 ____D C:\d024bb245d590a9e0f
Task: {374C6E02-C2E4-4B7E-9603-5E737C32A209} - System32\Tasks\{F5016702-8F10-4216-8360-4D79AD1FE2A1} => pcalua.exe -a C:\Users\Owate\AppData\Local\Temp\7zS13B0.tmp\MicroInstallerNative.exe -d C:\Users\Owate\AppData\Local\Temp\7zS13B0.tmp <==== ATTENTION
Task: {859737C0-DBF7-4D0D-958A-1BDA66109042} - System32\Tasks\{E3F1A5FC-77AE-424C-9873-F462AC27D387} => pcalua.exe -a C:\Users\Owate\AppData\Local\Temp\7zS846B.tmp\MicroInstallerNative.exe -d C:\Users\Owate\AppData\Local\Temp\7zS846B.tmp <==== ATTENTION
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-1110916604-2690954944-2937728151-1000\...\MountPoints2: G - G:\start.exe
HKU\S-1-5-21-1110916604-2690954944-2937728151-1000\...\MountPoints2: {843ffd62-5746-11e6-8621-002556be7f88} - H:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Pas de fichier
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Pas de fichier
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Pas de fichier
Startup: C:\Users\Owate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2016-09-21]
BootExecute: autocheck autochk * sdnclean.exe
URLSearchHook: [S-1-5-21-1110916604-2690954944-2937728151-1000] ATTENTION => URLSearchHook par défaut est absent
SearchScopes: HKLM -> DefaultScope la valeur est absente
SearchScopes: HKU\S-1-5-21-1110916604-2690954944-2937728151-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ProfilePath: C:\Users\Owate\AppData\Roaming\Mozilla\Firefox\Profiles\yen0cq91.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7B%20var%20lhost%2C%20localIpAddresses%2C%20localDomains%2C%20ipNotation%2C%20i%3B%20function%20isPlainHostNameEx()%20%7B%20return%20!(!!~lhost.indexOf('.')%20%7C%7C%20!!~lhost.indexOf('%3A'))%3B%20%7D%20lhost%20%3D%20host.toLowerCase()%3B%20ipNotation%20%3D%20%2F%5E%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%24%2Fg%3B%20localIpAddresses%20%3D%20%5B'127.0.0.1'%2C'10.*.*.*'%2C'172.1%5B6-9%5D.*.*'%2C'172.2%5B1-9%5D.*.*'%2C'172.3%5B0-1%5D.*.*'%2C'192.168.*.*'%5D%3B%20localDomains%20%3D%20%5B'zeus.pm'%2C'zenguard.biz'%2C'local'%2C'dev'%2C'ip'%2C'box'%2C'lvh.me'%2C'ripe'%2C'invalid'%2C'intra'%2C'intranet'%2C'onion'%2C'vcap.me'%2C'127.0.0.1.xip.io'%2C'smackaho.st'%2C'localtest.me'%2C'site'%5D%3B%20if%20(isPlainHostNameEx())%20%7B%20return%20'DIRECT'%3B%20%7D%20if%20(ipNotation.test(lhost))%20%7B%20for%20(i%20%3D%200%3B%20i%20%3C%20localIpAddresses.length%3B%20i%2B%2B)%20%7B%20if%20(shExpMatch(lhost%2C%20localIpAddresses%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20%7D%20for%20(i%20%3D%200%3B%20i%20%3C%20localDomains.length%3B%20i%2B%2B)%20%7B%20if%20(dnsDomainIs(lhost%2C%20localDomains%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20return%20'PROXY%20127.0.0.1%3A3125'%3B%20%7D%20%2F*ZenMate*%2F"
FF NetworkProxy: "type", 0
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [X]
S3 catchme; \??\C:\Users\Owate\AppData\Local\Temp\catchme.sys [X]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [X]
S3 eapihdrv; \??\C:\Users\Owate\AppData\Local\Temp\ehdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
2016-09-14 21:37 - 2016-09-14 21:39 - 00000000 ____D C:\d024bb245d590a9e0f
Task: {374C6E02-C2E4-4B7E-9603-5E737C32A209} - System32\Tasks\{F5016702-8F10-4216-8360-4D79AD1FE2A1} => pcalua.exe -a C:\Users\Owate\AppData\Local\Temp\7zS13B0.tmp\MicroInstallerNative.exe -d C:\Users\Owate\AppData\Local\Temp\7zS13B0.tmp <==== ATTENTION
Task: {859737C0-DBF7-4D0D-958A-1BDA66109042} - System32\Tasks\{E3F1A5FC-77AE-424C-9873-F462AC27D387} => pcalua.exe -a C:\Users\Owate\AppData\Local\Temp\7zS846B.tmp\MicroInstallerNative.exe -d C:\Users\Owate\AppData\Local\Temp\7zS846B.tmp <==== ATTENTION
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end