cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

start::
CloseProcesses:
EmptyTemp:
CreateRestorePoint:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5868016 2018-09-20] (Adobe Systems Incorporated)

HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [System.vbs] => C:\ProgramData\System.vbs [20150 2018-09-24] () <==== ATTENTION
HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [XthnEqldMB] => wscript.exe //B "C:\Users\Guilhaume\AppData\Roaming\XthnEqldMB.vbs"
HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [W4V8FBQC7Q] => wscript.exe //B "C:\ProgramData\W4V8FBQC7Q.vbs" <==== ATTENTION
HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [Y2SVEWCFLI] => wscript.exe //B "C:\ProgramData\Y2SVEWCFLI.vbs" <==== ATTENTION
HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [PizbOnbrkq] => wscript.exe //B "C:\Users\Guilhaume\AppData\Roaming\PizbOnbrkq.vbs"
HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [GoogleChrome.exe] => "C:\Users\Guilhaume\AppData\Local\Temp\2165.exe" .. <==== ATTENTION
HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [Windows Defender] => C:\Users\Guilhaume\AppData\Roaming\Update Defender\DefenderUpdate.exe [985776 2018-10-02] (Company name)
HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [Windows64] => "C:\Users\Guilhaume\AppData\Roaming\WindowsUpdate\ChromeUpdate.exe"

CMD: Taskkill /F /IM wscript.exe
C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CXAisFbEJq.vbs [2018-09-28] ()
C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PizbOnbrkq.vbs [2018-09-27] ()
C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.vbs [2018-09-24] () <==== ATTENTION
C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\W4V8FBQC7Q.vbs [2018-09-25] ()
C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XthnEqldMB.vbs [2018-09-24] ()
C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Y2SVEWCFLI.vbs [2018-09-26] ()
C:\Users\Guilhaume\AppData\Roaming\PizbOnbrkq.vbs
C:\ProgramData\Y2SVEWCFLI.vbs
C:\ProgramData\W4V8FBQC7Q.vbs
C:\Users\Guilhaume\AppData\Roaming\XthnEqldMB.vbs
C:\ProgramData\System.vbs
C:\Users\Guilhaume\AppData\Local\Temp\2165.exe
C:\ProgramData\05.exe
C:\ProgramData\65.exe
C:\ProgramData\c.exe
C:\ProgramData\e.exe
C:\ProgramData\n.exe
C:\ProgramData\nn.exe

Tcpip\..\Interfaces\{128dfe24-c3c2-44d6-a9de-07f1b3fee6c3}: [DhcpNameServer] 82.163.143.157
Tcpip\..\Interfaces\{aa461bf8-16c4-4d32-ae92-4c92a9fe34ed}: [DhcpNameServer] 82.163.143.157

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1652084678-2015630781-2717873566-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF SearchPlugin: C:\Users\Guilhaume\AppData\Roaming\Mozilla\Firefox\Profiles\79lfskvc.default\searchplugins\bing-lavasoft-ff59.xml [2018-06-05]
CHR Extension: (Chrome Media Router) - C:\Users\Guilhaume\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]

S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFMBRProtect.sys [X]
S4 IMFSafeBox; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFSafeBox.sys [X]
S3 iobit_monitor_server; \??\C:\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X]

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier

Task: {5454646A-4459-4EE8-BA86-0F6ACC2C0403} - System32\Tasks\NYAN => C:\Users\GUILHA~1\AppData\Local\Temp\2165.exe <==== ATTENTION
Task: {65D36A8D-1A31-41EB-B274-18C90BE6F651} - System32\Tasks\NYANP => C:\Users\GUILHA~1\AppData\Local\Temp\5260.exe <==== ATTENTION
Task: {79221F23-AE51-4ED5-ADF9-C5C7A40EC6C8} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION

End::

Publicité


Signaler le contenu de ce document

Publicité