Publicité
Publicité
Format du document : text/plain
Prévisualisation
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
2018-11-17 09:38 - 2015-03-17 08:50 - 000000000 ____D C:\Program Files (x86)\Java
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
Task: {57FAD26A-4650-4C3B-9CC9-745C9929BA6F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-14] (AVAST Software)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
CustomCLSID: HKU\S-1-5-21-2981823402-977370077-2238675640-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Claude\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2981823402-977370077-2238675640-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Claude\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2981823402-977370077-2238675640-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Claude\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2981823402-977370077-2238675640-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Claude\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Pas de fichier)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
C:\Users\Claude\Desktop\Raccourcis\3D Vision Photo Viewer.lnk
C:\Users\Claude\Desktop\Raccourcis\Google Earth Pro.lnk
C:\Users\Claude\Desktop\Raccourcis\Google Earth.lnk
C:\Users\Claude\AppData\Roaming\ZHP\Quarantine\simplitec.DIR\simplitec\simplicheck\simplicheck.lnk
C:\Users\Claude\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3368a43396fdde76\Bitdefender Safepay�.lnk
C:\Users\Claude\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk
C:\Users\claud_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
C:\Windows\System32\Tasks\Avast Software\Overseer
C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
DeleteKey: HKLM\SOFTWARE\AVAST Software
DeleteKey: HKLM\SOFTWARE\WOW6432Node\AVAST Software
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\Browser Cleanup
DeleteKey: HKU\.DEFAULT\SOFTWARE\Avast Software
DeleteKey: HKU\S-1-5-21-2981823402-977370077-2238675640-1001\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-2981823402-977370077-2238675640-1001\SOFTWARE\Browser Cleanup
C:\Program Files\AVAST Software
C:\ProgramData\AVAST Software
C:\Program Files (x86)\Common Files\AV
C:\WINDOWS\System32\Config\systemprofile\AppData\Local\AVAST Software
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
DeleteKey: HKLM\SOFTWARE\AVG
DeleteKey: HKLM\SOFTWARE\WOW6432Node\AVG
DeleteKey: HKCU\SOFTWARE\AVG
DeleteKey: HKU\S-1-5-21-2981823402-977370077-2238675640-1001\SOFTWARE\AVG
C:\Program Files (x86)\AVG
C:\ProgramData\Avg
C:\Users\Claude\AppData\Local\Avg
C:\Users\Claude\AppData\Local\AvgSetupLog
unlock: C:\WINDOWS\System32\drivers\lpsport.sys
C:\WINDOWS\System32\drivers\lpsport.sys
C:\WINDOWS\Installer\186b4a06.msi
C:\WINDOWS\Installer\186b4a0b.msi
DeleteKey: HKLM\SOFTWARE\Yahoo
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Yahoo
DeleteValue: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK|YahooMusicEngine.exe
cmd: dism.exe /online /cleanup-image /restorehealth
cmd: sfc /scannow
Reboot:
Hosts:
EmptyTemp:
RemoveProxy:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
Cmd: netsh advfirewall reset
Cmd: Netsh advfirewall set allprofiles state on
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
2018-11-17 09:38 - 2015-03-17 08:50 - 000000000 ____D C:\Program Files (x86)\Java
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
Task: {57FAD26A-4650-4C3B-9CC9-745C9929BA6F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-14] (AVAST Software)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
CustomCLSID: HKU\S-1-5-21-2981823402-977370077-2238675640-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Claude\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2981823402-977370077-2238675640-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Claude\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2981823402-977370077-2238675640-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Claude\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2981823402-977370077-2238675640-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Claude\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Pas de fichier)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
C:\Users\Claude\Desktop\Raccourcis\3D Vision Photo Viewer.lnk
C:\Users\Claude\Desktop\Raccourcis\Google Earth Pro.lnk
C:\Users\Claude\Desktop\Raccourcis\Google Earth.lnk
C:\Users\Claude\AppData\Roaming\ZHP\Quarantine\simplitec.DIR\simplitec\simplicheck\simplicheck.lnk
C:\Users\Claude\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3368a43396fdde76\Bitdefender Safepay�.lnk
C:\Users\Claude\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk
C:\Users\claud_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{57FAD26A-4650-4C3B-9CC9-745C9929BA6F
C:\Windows\System32\Tasks\Avast Software\Overseer
C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
DeleteKey: HKLM\SOFTWARE\AVAST Software
DeleteKey: HKLM\SOFTWARE\WOW6432Node\AVAST Software
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\Browser Cleanup
DeleteKey: HKU\.DEFAULT\SOFTWARE\Avast Software
DeleteKey: HKU\S-1-5-21-2981823402-977370077-2238675640-1001\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-2981823402-977370077-2238675640-1001\SOFTWARE\Browser Cleanup
C:\Program Files\AVAST Software
C:\ProgramData\AVAST Software
C:\Program Files (x86)\Common Files\AV
C:\WINDOWS\System32\Config\systemprofile\AppData\Local\AVAST Software
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
DeleteKey: HKLM\SOFTWARE\AVG
DeleteKey: HKLM\SOFTWARE\WOW6432Node\AVG
DeleteKey: HKCU\SOFTWARE\AVG
DeleteKey: HKU\S-1-5-21-2981823402-977370077-2238675640-1001\SOFTWARE\AVG
C:\Program Files (x86)\AVG
C:\ProgramData\Avg
C:\Users\Claude\AppData\Local\Avg
C:\Users\Claude\AppData\Local\AvgSetupLog
unlock: C:\WINDOWS\System32\drivers\lpsport.sys
C:\WINDOWS\System32\drivers\lpsport.sys
C:\WINDOWS\Installer\186b4a06.msi
C:\WINDOWS\Installer\186b4a0b.msi
DeleteKey: HKLM\SOFTWARE\Yahoo
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Yahoo
DeleteValue: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK|YahooMusicEngine.exe
cmd: dism.exe /online /cleanup-image /restorehealth
cmd: sfc /scannow
Reboot:
Hosts:
EmptyTemp:
RemoveProxy:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
Cmd: netsh advfirewall reset
Cmd: Netsh advfirewall set allprofiles state on