Publicité
Publicité
Format du document : text/plain
Prévisualisation
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531b7-fd69-11e4-b9fb-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531e8-fd69-11e4-b9fb-984be1ec3650} - H:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6b1faecf-3575-11e5-8592-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6d9ad777-07b4-11e5-85a0-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {73c6041c-fc58-11e4-81d0-ecda9b3179f0} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d02-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d19-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {c9e173b9-0182-11e5-b53b-984be1ec3650} - F:\AutoRun.exe
GroupPolicy: Restriction ? <======= ATTENTION
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaie
SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://maktoob.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10288__161016__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
FF DefaultProfile: 46nzrjvr.default
FF ProfilePath: C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default [2016-11-25]
FF NewTab: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff
FF Homepage: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff
CHR DefaultProfile: Default
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 cpuz134; \??\C:\Users\khalid\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 RTL8187; system32\DRIVERS\rtl8187.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531b7-fd69-11e4-b9fb-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531e8-fd69-11e4-b9fb-984be1ec3650} - H:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6b1faecf-3575-11e5-8592-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6d9ad777-07b4-11e5-85a0-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {73c6041c-fc58-11e4-81d0-ecda9b3179f0} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d02-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d19-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {c9e173b9-0182-11e5-b53b-984be1ec3650} - F:\AutoRun.exe
GroupPolicy: Restriction ? <======= ATTENTION
HKU\S-1-5-21-982090994-2485536893-1322209893-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaie
SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://maktoob.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10288__161016__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
FF DefaultProfile: 46nzrjvr.default
FF ProfilePath: C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default [2016-11-25]
FF NewTab: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff
FF Homepage: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff
CHR DefaultProfile: Default
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 cpuz134; \??\C:\Users\khalid\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 RTL8187; system32\DRIVERS\rtl8187.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end