Publicité
Publicité
Format du document : text/plain
Prévisualisation
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
O43 - CFD: 22/06/2017 - [] D -- C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
C:\Windows\AutoKMS\AutoKMS.exe =>HackTool.AutoKMS
C:\Windows\System32\Tasks\AutoKMS =>HackTool.AutoKMS
[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS] =>HackTool.AutoKMS
C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
[MD5.33349B5957206ED9EC96E32383A0CEF0] [APT] [AutoKMS] (.CODYQX4.) -- C:\Windows\AutoKMS\AutoKMS.exe [5265920] (.Activate.) =>HackTool.AutoKMS
O39 - APT: AutoKMS - (.CODYQX4.) -- C:\Windows\System32\Tasks\AutoKMS [3808] =>HackTool.AutoKMS
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS =>HackTool.AutoKMS
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\S-1-5-21-869219504-2618507002-353058616-1001
[MD5.33349B5957206ED9EC96E32383A0CEF0] - (.CODYQX4 - AutoKMS.) -- C:\Windows\AutoKMS\AutoKMS.exe [5265920] [PID.1568] =>HackTool.AutoKMS
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://clients5.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://lh3.googleusercontent.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://notifications.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ogs.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://play.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com =>.Google Inc.
O4 - HKCU\..\Run: [AdobeBridge] (.Orphan.) =>.Superfluous.Orphan
O4 - HKUS\S-1-5-21-869219504-2618507002-353058616-1001\..\Run: [AdobeBridge] (.Orphan.) =>.Superfluous.Orphan
O40 - TASK: {B2641F72-0E5F-40F7-BF59-87A69AA25957} - (...) -- C:\Windows\system32\osppc.dll (.not file.) [0] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: Unknown - (.Microsoft Corporation.) -- C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-869219504-2618507002-353058616-1001 [3372] =>.Microsoft Corporation
O43 - CFD: 16/07/2017 - [0] D -- C:\ProgramData\Reprise =>.Unknown
O87 - FAEL: "TCP Query User{0540E44B-AF8A-4EB0-9746-C648F74C949F}C:\program files\tecplot\tecplot 360 ex 2017 r2\bin\tec360.exe" [In-None-P6-TRUE] .(...) -- C:\program files\tecplot\tecplot 360 ex 2017 r2\bin\tec360.exe (.not file.)
O87 - FAEL: "UDP Query User{35161386-6879-408B-A372-5C06B2EC63C0}C:\program files\tecplot\tecplot 360 ex 2017 r2\bin\tec360.exe" [In-None-P17-TRUE] .(...) -- C:\program files\tecplot\tecplot 360 ex 2017 r2\bin\tec360.exe (.not file.)
FirewallRaz
EmptyPrefetch
EmptyTemp
O43 - CFD: 22/06/2017 - [] D -- C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
C:\Windows\AutoKMS\AutoKMS.exe =>HackTool.AutoKMS
C:\Windows\System32\Tasks\AutoKMS =>HackTool.AutoKMS
[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS] =>HackTool.AutoKMS
C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
[MD5.33349B5957206ED9EC96E32383A0CEF0] [APT] [AutoKMS] (.CODYQX4.) -- C:\Windows\AutoKMS\AutoKMS.exe [5265920] (.Activate.) =>HackTool.AutoKMS
O39 - APT: AutoKMS - (.CODYQX4.) -- C:\Windows\System32\Tasks\AutoKMS [3808] =>HackTool.AutoKMS
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS =>HackTool.AutoKMS
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\S-1-5-21-869219504-2618507002-353058616-1001
[MD5.33349B5957206ED9EC96E32383A0CEF0] - (.CODYQX4 - AutoKMS.) -- C:\Windows\AutoKMS\AutoKMS.exe [5265920] [PID.1568] =>HackTool.AutoKMS
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://clients5.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://lh3.googleusercontent.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://notifications.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ogs.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://play.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com =>.Google Inc.
O4 - HKCU\..\Run: [AdobeBridge] (.Orphan.) =>.Superfluous.Orphan
O4 - HKUS\S-1-5-21-869219504-2618507002-353058616-1001\..\Run: [AdobeBridge] (.Orphan.) =>.Superfluous.Orphan
O40 - TASK: {B2641F72-0E5F-40F7-BF59-87A69AA25957} - (...) -- C:\Windows\system32\osppc.dll (.not file.) [0] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: Unknown - (.Microsoft Corporation.) -- C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-869219504-2618507002-353058616-1001 [3372] =>.Microsoft Corporation
O43 - CFD: 16/07/2017 - [0] D -- C:\ProgramData\Reprise =>.Unknown
O87 - FAEL: "TCP Query User{0540E44B-AF8A-4EB0-9746-C648F74C949F}C:\program files\tecplot\tecplot 360 ex 2017 r2\bin\tec360.exe" [In-None-P6-TRUE] .(...) -- C:\program files\tecplot\tecplot 360 ex 2017 r2\bin\tec360.exe (.not file.)
O87 - FAEL: "UDP Query User{35161386-6879-408B-A372-5C06B2EC63C0}C:\program files\tecplot\tecplot 360 ex 2017 r2\bin\tec360.exe" [In-None-P17-TRUE] .(...) -- C:\program files\tecplot\tecplot 360 ex 2017 r2\bin\tec360.exe (.not file.)