Publicité
Publicité
Format du document : text/plain
Prévisualisation
start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {0a93b4ef-d541-11e4-8413-aed48c87bd5e} - F:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {0f06fd68-ca72-11e4-b2fd-ebe72102d13e} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {1197aa7b-cfcf-11e5-8062-089e0186902f} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {1ca08800-a76b-11e6-aac1-089e0186902f} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {27895565-4c68-11e6-aced-969c59b5993c} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {499406fb-a9e5-11e4-adb6-344b50b7efb4} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {6ce8cde1-859b-11e6-b1bd-fe52bbe3893e} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {6ce8cdf1-859b-11e6-b1bd-965f39873e0a} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {6ce8ce0d-859b-11e6-b1bd-965f39873e0a} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {6ce8ce33-859b-11e6-b1bd-965f39873e0a} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {91956b0e-b2d3-11e5-ad90-fb672576f368} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {ad29c5f3-4017-11e6-a637-f83cff23fb3d} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {cc7f26c5-b0a3-11e4-9b42-001e101f9843} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {de53e372-98da-11e5-a67a-089e0186902f} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {ea901d67-c315-11e4-a2a8-98b45133b859} - E:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {f7003d02-8e8e-11e5-a529-b8763f109ebd} - E:\Auto.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/keyword/%s
BHO: Pas de nom -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> Pas de fichier
Toolbar: HKLM - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\H3DMi\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-11-10] (Dashlane, Inc.)
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00102-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_102-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
FF DefaultProfile: 6ygr6dan.default
FF DefaultProfile: h4bib0ss@gmail.com
FF ProfilePath: C:\Users\H3DMi\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6ygr6dan.default [2017-03-10]
FF Extension: (Adblock Plus) - C:\Users\H3DMi\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6ygr6dan.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF ProfilePath: C:\Users\H3DMi\AppData\Roaming\Mozilla\Firefox\Profiles\n4lzkus9.default [2017-03-12]
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.ftp", "192.30.136.222"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.ftp_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.socks", "192.30.136.222"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.socks_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.ssl", "192.30.136.222"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.ssl_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> ftp", "mehide.org"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> ftp_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> socks", "mehide.org"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> socks_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> ssl", "mehide.org"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> ssl_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> type", 0
FF Extension: (Pas de nom) - C:\Users\H3DMi\AppData\Roaming\Mozilla\Firefox\Profiles\kvswwnbu.default-1471771572293\extensions\ascsurfingprotection@iobit.com [non trouvé(e)]
FF Extension: (Pas de nom) - C:\Program Files\IObit Apps Toolbar\FF [non trouvé(e)]
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin HKU\S-1-5-21-1480127630-421335790-3021902173-1000: @my.com/Games -> C:\Users\H3DMi\AppData\Local\MyComGames\NPMyComDetector.dll [2016-04-08] (MY.COM B.V.)
S3 cpuz138; \??\C:\Users\H3DMi\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X] <==== ATTENTION
S3 ESETCleanersDriver; pas de ImagePath
S3 gkernel; pas de ImagePath
U4 Messenger; pas de ImagePath
S1 qutmipc; pas de ImagePath
S1 sysdiag; system32\DRIVERS\sysdiag.sys [X]
???? (HKLM\...\Shuame) (Version: 3.4.7.182 - ??????????)
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {0a93b4ef-d541-11e4-8413-aed48c87bd5e} - F:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {0f06fd68-ca72-11e4-b2fd-ebe72102d13e} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {1197aa7b-cfcf-11e5-8062-089e0186902f} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {1ca08800-a76b-11e6-aac1-089e0186902f} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {27895565-4c68-11e6-aced-969c59b5993c} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {499406fb-a9e5-11e4-adb6-344b50b7efb4} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {6ce8cde1-859b-11e6-b1bd-fe52bbe3893e} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {6ce8cdf1-859b-11e6-b1bd-965f39873e0a} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {6ce8ce0d-859b-11e6-b1bd-965f39873e0a} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {6ce8ce33-859b-11e6-b1bd-965f39873e0a} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {91956b0e-b2d3-11e5-ad90-fb672576f368} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {ad29c5f3-4017-11e6-a637-f83cff23fb3d} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {cc7f26c5-b0a3-11e4-9b42-001e101f9843} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {de53e372-98da-11e5-a67a-089e0186902f} - E:\AutoRun.exe
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {ea901d67-c315-11e4-a2a8-98b45133b859} - E:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\...\MountPoints2: {f7003d02-8e8e-11e5-a529-b8763f109ebd} - E:\Auto.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1480127630-421335790-3021902173-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/keyword/%s
BHO: Pas de nom -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> Pas de fichier
Toolbar: HKLM - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\H3DMi\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-11-10] (Dashlane, Inc.)
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00102-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_102-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
FF DefaultProfile: 6ygr6dan.default
FF DefaultProfile: h4bib0ss@gmail.com
FF ProfilePath: C:\Users\H3DMi\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6ygr6dan.default [2017-03-10]
FF Extension: (Adblock Plus) - C:\Users\H3DMi\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6ygr6dan.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF ProfilePath: C:\Users\H3DMi\AppData\Roaming\Mozilla\Firefox\Profiles\n4lzkus9.default [2017-03-12]
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.ftp", "192.30.136.222"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.ftp_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.socks", "192.30.136.222"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.socks_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.ssl", "192.30.136.222"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> backup.ssl_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> ftp", "mehide.org"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> ftp_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> socks", "mehide.org"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> socks_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> ssl", "mehide.org"
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> ssl_port", 80
FF NetworkProxy: Mozilla\Firefox\Profiles\n4lzkus9.default -> type", 0
FF Extension: (Pas de nom) - C:\Users\H3DMi\AppData\Roaming\Mozilla\Firefox\Profiles\kvswwnbu.default-1471771572293\extensions\ascsurfingprotection@iobit.com [non trouvé(e)]
FF Extension: (Pas de nom) - C:\Program Files\IObit Apps Toolbar\FF [non trouvé(e)]
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin HKU\S-1-5-21-1480127630-421335790-3021902173-1000: @my.com/Games -> C:\Users\H3DMi\AppData\Local\MyComGames\NPMyComDetector.dll [2016-04-08] (MY.COM B.V.)
S3 cpuz138; \??\C:\Users\H3DMi\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X] <==== ATTENTION
S3 ESETCleanersDriver; pas de ImagePath
S3 gkernel; pas de ImagePath
U4 Messenger; pas de ImagePath
S1 qutmipc; pas de ImagePath
S1 sysdiag; system32\DRIVERS\sysdiag.sys [X]
???? (HKLM\...\Shuame) (Version: 3.4.7.182 - ??????????)
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end