Publicité
Publicité
Format du document : text/plain
Prévisualisation
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
Task: {3C1ADB8B-C146-4D35-969F-ECCCEF15A29C} - System32\Tasks\Driver Booster SkipUAC (USS-NÝMÝTZ) => C:\Program Files (x86)\IObit\Driver Booster\5.4.0\DriverBooster.exe
Task: {6EA4E2D8-9DA3-403A-8D60-ED8DA4AD4D5C} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]
IE trusted site: HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\Run: [GUSDelayStartup] => C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe [43984 2018-07-06] (Glarysoft Ltd)
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2131428903-342114074-2556937593-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630
SearchScopes: HKU\S-1-5-21-2131428903-342114074-2556937593-1001 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630
SearchScopes: HKU\S-1-5-21-2131428903-342114074-2556937593-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://tr.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__171219__yaie&p={searchTerms}
FF Homepage: OpenVPN Technologies\OpenVPN Client\Profiles\bxcmp9vh.default -> resource://webapp/openvpn.html
FF user.js: detected! => C:\Users\USS-NÝMÝTZ\AppData\Roaming\Mozilla\Firefox\Profiles\rlZIm7Or.default\user.js [2018-07-26]
FF Homepage: Mozilla\Firefox\Profiles\rlZIm7Or.default -> hxxps://tr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171219__yaff
FF NewTab: Mozilla\Firefox\Profiles\rlZIm7Or.default -> hxxps://tr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171219__yaff
FF Extension: (Avira Browser Safety) - C:\Users\USS-NÝMÝTZ\AppData\Roaming\Mozilla\Firefox\Profiles\rlZIm7Or.default\Extensions\abs@avira.com.xpi [2018-06-28]
FF SearchPlugin: C:\Users\USS-NÝMÝTZ\AppData\Roaming\Mozilla\Firefox\Profiles\rlZIm7Or.default\searchplugins\yahoo-lavasoft.xml [2017-12-19]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (Avira Browser Safety) - C:\Users\USS-NÝMÝTZ\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo
R1 GUSBootStartup; C:\WINDOWS\System32\drivers\GUSBootStartup.sys [28936 2018-07-19] (Glarysoft Ltd)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
2018-08-07 08:49 - 2018-08-07 08:49 - 000000000 ____D C:\Users\USS-NÝMÝTZ\Desktop\FRST-OlderVersion
2018-08-07 08:46 - 2018-08-07 08:47 - 000027547 _____ C:\Users\USS-NÝMÝTZ\Desktop\IDM6.txt
2018-08-07 08:32 - 2018-08-07 08:32 - 000069386 _____ C:\Users\USS-NÝMÝTZ\Desktop\IDM5.txt
C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (USS-NÝMÝTZ)
2018-07-19 08:48 - 2018-07-23 12:01 - 000000000 ____D C:\ProgramData\GlarySoft
2018-07-19 08:40 - 2018-07-19 08:40 - 000000000 ____D C:\Users\USS-NÝMÝTZ\AppData\Roaming\DiskDefrag
2018-07-19 08:39 - 2018-07-19 08:40 - 000003238 _____ C:\GUDownLoaddebug.txt
2018-07-19 08:39 - 2018-07-19 08:39 - 000028936 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUSBootStartup.sys
2018-07-30 08:30 - 2017-08-07 16:28 - 000000000 ____D C:\ProgramData\ProductData
2018-07-30 08:30 - 2017-08-07 16:28 - 000000000 ____D C:\Program Files (x86)\IObit
C:\ProgramData\Kaspersky Lab
C:\Users\USS-NÝMÝTZ\AppData\Roaming\IObit
C:\Users\USS-NÝMÝTZ\AppData\Roaming\GlarySoft
C:\WINDOWS\System32\Tasks\IObitSelfCheckTask
CMD: netsh advfirewall reset /c
CMD: netsh advfirewall set allprofiles state ON /c
CMD: ipconfig /flushdns /c
CMD: netsh winsock reset catalog /c
CMD: netsh int ip reset c:\resetlog.txt /c
CMD: ipconfig /release /c
CMD: ipconfig /renew /c
EmptyTemp:
Reboot:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
Task: {3C1ADB8B-C146-4D35-969F-ECCCEF15A29C} - System32\Tasks\Driver Booster SkipUAC (USS-NÝMÝTZ) => C:\Program Files (x86)\IObit\Driver Booster\5.4.0\DriverBooster.exe
Task: {6EA4E2D8-9DA3-403A-8D60-ED8DA4AD4D5C} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]
IE trusted site: HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\Run: [GUSDelayStartup] => C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe [43984 2018-07-06] (Glarysoft Ltd)
HKU\S-1-5-21-2131428903-342114074-2556937593-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2131428903-342114074-2556937593-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630
SearchScopes: HKU\S-1-5-21-2131428903-342114074-2556937593-1001 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630
SearchScopes: HKU\S-1-5-21-2131428903-342114074-2556937593-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://tr.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__171219__yaie&p={searchTerms}
FF Homepage: OpenVPN Technologies\OpenVPN Client\Profiles\bxcmp9vh.default -> resource://webapp/openvpn.html
FF user.js: detected! => C:\Users\USS-NÝMÝTZ\AppData\Roaming\Mozilla\Firefox\Profiles\rlZIm7Or.default\user.js [2018-07-26]
FF Homepage: Mozilla\Firefox\Profiles\rlZIm7Or.default -> hxxps://tr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171219__yaff
FF NewTab: Mozilla\Firefox\Profiles\rlZIm7Or.default -> hxxps://tr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171219__yaff
FF Extension: (Avira Browser Safety) - C:\Users\USS-NÝMÝTZ\AppData\Roaming\Mozilla\Firefox\Profiles\rlZIm7Or.default\Extensions\abs@avira.com.xpi [2018-06-28]
FF SearchPlugin: C:\Users\USS-NÝMÝTZ\AppData\Roaming\Mozilla\Firefox\Profiles\rlZIm7Or.default\searchplugins\yahoo-lavasoft.xml [2017-12-19]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (Avira Browser Safety) - C:\Users\USS-NÝMÝTZ\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo
R1 GUSBootStartup; C:\WINDOWS\System32\drivers\GUSBootStartup.sys [28936 2018-07-19] (Glarysoft Ltd)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
2018-08-07 08:49 - 2018-08-07 08:49 - 000000000 ____D C:\Users\USS-NÝMÝTZ\Desktop\FRST-OlderVersion
2018-08-07 08:46 - 2018-08-07 08:47 - 000027547 _____ C:\Users\USS-NÝMÝTZ\Desktop\IDM6.txt
2018-08-07 08:32 - 2018-08-07 08:32 - 000069386 _____ C:\Users\USS-NÝMÝTZ\Desktop\IDM5.txt
C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (USS-NÝMÝTZ)
2018-07-19 08:48 - 2018-07-23 12:01 - 000000000 ____D C:\ProgramData\GlarySoft
2018-07-19 08:40 - 2018-07-19 08:40 - 000000000 ____D C:\Users\USS-NÝMÝTZ\AppData\Roaming\DiskDefrag
2018-07-19 08:39 - 2018-07-19 08:40 - 000003238 _____ C:\GUDownLoaddebug.txt
2018-07-19 08:39 - 2018-07-19 08:39 - 000028936 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUSBootStartup.sys
2018-07-30 08:30 - 2017-08-07 16:28 - 000000000 ____D C:\ProgramData\ProductData
2018-07-30 08:30 - 2017-08-07 16:28 - 000000000 ____D C:\Program Files (x86)\IObit
C:\ProgramData\Kaspersky Lab
C:\Users\USS-NÝMÝTZ\AppData\Roaming\IObit
C:\Users\USS-NÝMÝTZ\AppData\Roaming\GlarySoft
C:\WINDOWS\System32\Tasks\IObitSelfCheckTask
CMD: netsh advfirewall reset /c
CMD: netsh advfirewall set allprofiles state ON /c
CMD: ipconfig /flushdns /c
CMD: netsh winsock reset catalog /c
CMD: netsh int ip reset c:\resetlog.txt /c
CMD: ipconfig /release /c
CMD: ipconfig /renew /c
EmptyTemp:
Reboot: