Windows explorer ouvre des pages seul

Résolu
MelsonF Messages postés 9 Date d'inscription   Statut Membre Dernière intervention   -  
MelsonF Messages postés 9 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
Mon explorateur Windows explorer ouvre des pages tout seul sans mon avis ou à ma demande
Que faire pour bloquer cela définitivement?


A voir également:

3 réponses

Réponse 1 / 3
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
Salut,

Quelles pages ?

Commence par FRST :


Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).

Télécharge et lance le scan FRST,
Attendre la fin du scan, un message indique que l'analyse est terminée.

Trois rapports FRST seront générés :
  • FRST.txt
  • Shortcut.txt
  • Additionnal.txt


Envoie ces 3 rapports sur le site https://pjjoint.malekal.com/ afin de les partager.
En retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.

1
MelsonF Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
https://pjjoint.malekal.com/files.php?id=20171222_x13v6n7o6c11 (addition)
https://pjjoint.malekal.com/files.php?id=FRST_20171222_n14o11l12d10p9 (frst)
https://pjjoint.malekal.com/files.php?id=20171222_k8y8w12x7i13 (shortcut)
0
Réponse 2 / 3
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
Effectivement, infecté, surement suite au téléchargement d'un crack.

Désinstalle :
CCleaner
Google Toolbar for Internet Explorer
Java
Tu as aussi Trend-Micro qui tourne, si tu en l'as pas acheté, tu peux le désinstaller.


Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.

Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit : 

CreateRestorePoint:
CloseProcesses:() 
HKLM-x32\...\Run: [] => [X] 
R2 AppriabuS; C:\ProgramData\\AppriabuS\\AppriabuS.exe [1814528 2017-12-21] (TODO: <Company name>) [File not signed]
R2 HNService; D:\Users\PBF32560\AppData\Local\AdService\AdService.dll [711168 2017-12-21] (HNService) [File not signed]
R2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2017-12-21] () [File not signed] <==== ATTENTION
R2 SecureIM; C:\ProgramData\SecureIM.exe [2900632 2017-10-06] (Adobe Systems Incorporated) <==== ATTENTION
R2 tiser; C:\ProgramData\tiser\run.exe [14848 2017-11-06] () [File not signed]
 HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id_YWWFYVGMUR.exe] => C:\Program Files\Windows Photo Viewer\OJGLUUFNAA\YWWFYVGMUR.exe [984064 2017-12-21] (Sa7u@JUnb) 
 HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION  
 HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION  
 HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION  
 HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION  
 HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION  
 HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION  
 HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION  
 HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION  
 HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION  
 HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION  
 HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION  
 HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION  
 HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION  
 HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION  
 HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION  
 HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION  
 HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION  
 HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\Run: [hNckT6aw.exe] => D:\Users\PBF32560\AppData\Local\Temp\4b6c936931b6475aab2d6ee7dfb372db\hNckT6aw.exe [805376 2017-12-22] (9ni) <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\Run: [mCfaceqzwu.exe] => C:\ProgramData\cd300c8f40df43b8947fec35d744526c\mCfaceqzwu.exe [932864 2017-12-22] (FyF0)  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\Run: [RRDRfEJIQHy.exe] => C:\ProgramData\a0bef962d5e4479cbd9abf5aef058616\RRDRfEJIQHy.exe [820736 2017-12-22] (wG5kHEE)  
  HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\Run: [GoogleChromeAutoLaunch_6C6FA4DC6AB32237489A069D614D33BD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-06] (Google Inc.)  
  HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [CCOTDHUCQJ.exe] => C:\Program Files\CanonBJ\FLQTILQWUQ\CCOTDHUCQJ.exe [1074176 2017-12-21] (0) 
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [rHy4HZRt.exe] => D:\Users\PBF32560\AppData\Local\Temp\2f6ec478d7db46c085c96c4fdaa942fd\rHy4HZRt.exe [748032 2017-12-21] () <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [Rs19YiFlY2.exe] => C:\ProgramData\e2370a6cf9ec404bbbebcc1692a5d0a6\Rs19YiFlY2.exe [1074176 2017-12-21] (0) <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [XWVEXGPBNT.exe] => D:\Users\PBF32560\AppData\Roaming\86b39862322c4eb0904b4e455d56b4a4\XWVEXGPBNT.exe [748032 2017-12-21] ()  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [I1v0ODl.exe] => D:\Users\PBF32560\AppData\Local\Temp\6dc47eff2806425280872de3e2fff85d\I1v0ODl.exe [1068032 2017-12-21] (M) <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [AMhyRS3Ek.exe] => D:\Users\PBF32560\AppData\Roaming\815028cca7c1412992bb94313cf84b80\AMhyRS3Ek.exe [1074176 2017-12-21] (0)  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [AUKh9k20W8.exe] => D:\Users\PBF32560\AppData\Roaming\bb0fda926da241239c461de7b7558825\AUKh9k20W8.exe [748032 2017-12-21] ()  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [ZbXTJJ1Cl9.exe] => D:\Users\PBF32560\AppData\Roaming\02ea52ee39b941ddbb6b00b9c1136b51\ZbXTJJ1Cl9.exe [748032 2017-12-21] ()  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [NO413fOUbpZ.exe] => C:\ProgramData\810f8b146ed6468faa4e4f874cf28d04\NO413fOUbpZ.exe [1068032 2017-12-21] (M) <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [Y18C24X.exe] => D:\Users\PBF32560\AppData\Local\cd097352c0b2427e821eb8363eacd186\Y18C24X.exe [748032 2017-12-21] ()  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [hw63nfww2fOTKt.exe] => D:\Users\PBF32560\AppData\Local\8a8fa20b77334799a59a93b5884961df\hw63nfww2fOTKt.exe [748032 2017-12-21] ()  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [zCClwznjzt3PE.exe] => D:\Users\PBF32560\AppData\Local\87b21600ceb44b3ab3b34a5cc8a90559\zCClwznjzt3PE.exe [748032 2017-12-21] ()  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [RESNvHMPOYlBx.exe] => D:\Users\PBF32560\AppData\Local\5e6ff2a769f6400c99119a63700c0f24\RESNvHMPOYlBx.exe [1068032 2017-12-21] (M)  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [pnKIDfzLiD49.exe] => C:\ProgramData\a619983e4b7947b4a3e3c23ab18c9610\pnKIDfzLiD49.exe [1068032 2017-12-21] (M) <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [aZntiOgAPYqZv.exe] => D:\Users\PBF32560\AppData\Local\288f99dc19c94569849995e9374c1303\aZntiOgAPYqZv.exe [748032 2017-12-21] ()  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [TGJbR7tUjd3B1G.exe] => D:\Users\PBF32560\AppData\Local\7aaeda1da0df4861a7b813a62487d753\TGJbR7tUjd3B1G.exe [1068032 2017-12-21] (M)  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [XWV0fRl.exe] => D:\Users\PBF32560\AppData\Local\Temp\26255397b4794a5a8f7e1b4b4edcde44\XWV0fRl.exe [748032 2017-12-21] () <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [3I15HAa.exe] => D:\Users\PBF32560\AppData\Local\Temp\da641e532ed74fcfbe3ac1da85645798\3I15HAa.exe [1068032 2017-12-21] (M) <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [y6qXKzYfaY.exe] => D:\Users\PBF32560\AppData\Local\Temp\23ec989a83044eadac771e9ce6753737\y6qXKzYfaY.exe [1172480 2017-12-21] (VlN2) <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [GkTMwEI.exe] => D:\Users\PBF32560\AppData\Local\Temp\54f9a7a59b8c4c5683d883c05c5ac548\GkTMwEI.exe [748032 2017-12-21] () <==== ATTENTION  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [mRwpnBWsFK8SQ.exe] => D:\Users\PBF32560\AppData\Local\fdf32f809d2d4691b48ebc4a79b9adf1\mRwpnBWsFK8SQ.exe [1192960 2017-12-22] (A)  
 HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [5Z9YzXnp7LQT.exe] => C:\ProgramData\4b5033ae24b3428ab6d13535ba847a47\5Z9YzXnp7LQT.exe [748032 2017-12-22] () <==== ATTENTION  
 AppInit_DLLs: C:\ProgramData\AppriabuS\Viaex.dll => C:\ProgramData\AppriabuS\Viaex.dll [342528 2017-12-21] ()  
 AppInit_DLLs-x32: C:\ProgramData\AppriabuS\Yearzap.dll => C:\ProgramData\AppriabuS\Yearzap.dll [460800 2017-12-21] ()  
 2017-12-22 10:45 - 2017-12-22 10:47 - 000000000 ____D D:\Users\PBF32560\AppData\Local\fdf32f809d2d4691b48ebc4a79b9adf1
2017-12-22 10:44 - 2017-12-22 10:44 - 000003266 _____ C:\Windows\System32\Tasks\psv_Medlux
2017-12-22 10:41 - 2017-12-22 10:41 - 000003288 _____ C:\Windows\System32\Tasks\psv_Xxx-lam
2017-12-22 10:41 - 2017-12-22 10:41 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\34318924cc4b4c09a1976547915a2a91
2017-12-22 10:40 - 2017-12-22 10:41 - 000000000 ____D D:\Users\PBF32560\AppData\Local\384c23ef35be44cd94fb6c8d3ee2c364
2017-12-21 23:21 - 2017-12-21 23:21 - 000003274 _____ C:\Windows\System32\Tasks\psv_MathHold
2017-12-21 23:05 - 2017-12-21 23:05 - 000003274 _____ C:\Windows\System32\Tasks\psv_OpeTop
2017-12-21 22:00 - 2017-12-21 22:00 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\ZTEMTUI
2017-12-21 21:23 - 2017-12-21 21:24 - 000000000 ____D D:\Users\PBF32560\AppData\Local\758ca9f1ca434addab8c4af365fe2f21
2017-12-21 20:54 - 2017-12-21 20:54 - 000003198 _____ C:\Windows\System32\Tasks\{7D4516FF-FB97-4A2D-B896-D8E2335E4C74}
2017-12-21 20:37 - 2017-12-21 20:37 - 000000000 ____D D:\Users\PBF32560\AppData\Local\288f99dc19c94569849995e9374c1303
2017-12-21 20:36 - 2017-12-21 20:36 - 000003266 _____ C:\Windows\System32\Tasks\psv_K-toning
2017-12-21 20:34 - 2017-12-21 20:35 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\5f6855aa1aa249219f2810ddf82530a3
2017-12-21 20:33 - 2017-12-21 20:33 - 000003416 ____N C:\bootsqm.dat
2017-12-21 20:16 - 2017-12-21 20:16 - 000000000 ____D D:\Users\PBF32560\AppData\Local\87b21600ceb44b3ab3b34a5cc8a90559
2017-12-21 20:14 - 2017-12-21 20:14 - 000003266 _____ C:\Windows\System32\Tasks\psv_TanTip
2017-12-21 20:13 - 2017-12-21 20:14 - 000000000 ____D D:\Users\PBF32560\AppData\Local\da4e97da9c094e72a0fbfac81f54f902
2017-12-21 20:08 - 2017-12-21 20:08 - 000003284 _____ C:\Windows\System32\Tasks\psv_Stanantop
2017-12-21 20:07 - 2017-12-21 20:07 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\962a3d24fcfb41f08315934cea59c23a
2017-12-21 20:03 - 2017-12-21 20:04 - 000000000 ____D D:\Users\PBF32560\AppData\Local\536428eeb3144df0a05e83cceb390ca6
2017-12-21 20:02 - 2017-12-21 20:03 - 000000000 ____D D:\Users\PBF32560\AppData\Local\da75009a69dc408db86393ff493b39b1
2017-12-21 20:02 - 2017-12-21 20:02 - 000000000 ____D D:\Users\PBF32560\AppData\Local\d9fc0fbec3ae40f59c14d873eef4afd6
2017-12-21 19:51 - 2017-12-21 19:51 - 000003294 _____ C:\Windows\System32\Tasks\psv_Gravetip
2017-12-21 19:50 - 2017-12-21 19:51 - 000000000 ____D D:\Users\PBF32560\AppData\Local\5e6ff2a769f6400c99119a63700c0f24
2017-12-21 19:39 - 2017-12-21 19:39 - 000003274 _____ C:\Windows\System32\Tasks\psv_Unodax
2017-12-21 19:39 - 2017-12-21 19:39 - 000000000 ____D D:\Users\PBF32560\AppData\Local\8a8fa20b77334799a59a93b5884961df
2017-12-21 19:38 - 2017-12-21 19:39 - 000000000 ____D D:\Users\PBF32560\AppData\Local\7aaeda1da0df4861a7b813a62487d753
2017-12-21 19:37 - 2017-12-21 19:38 - 000000000 ____D D:\Users\PBF32560\AppData\Local\5c6b5a2540f24860ba3adfd5bde40f31
2017-12-21 19:36 - 2017-12-21 19:37 - 000000000 ____D D:\Users\PBF32560\AppData\Local\796416f490534eaf9ef329459103bc88
2017-12-21 19:13 - 2017-12-21 19:13 - 000003266 _____ C:\Windows\System32\Tasks\psv_Lamcof
2017-12-21 19:13 - 2017-12-21 19:13 - 000000000 ____D D:\Users\PBF32560\AppData\Local\cd097352c0b2427e821eb8363eacd186
2017-12-21 19:10 - 2017-12-21 19:11 - 000000000 ____D D:\Users\PBF32560\AppData\Local\f28d513fc16346efabdfa4902c91886c
2017-12-21 18:23 - 2017-12-21 18:24 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\bb0fda926da241239c461de7b7558825
2017-12-21 18:20 - 2017-12-21 18:21 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\23d6f1b731d34e3195b60dabe5636f45
2017-12-21 18:19 - 2017-12-21 18:20 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\21cb5ff088e64cd68e26a2a652a8b24c
2017-12-21 18:05 - 2017-12-21 18:08 - 000003256 _____ C:\Windows\System32\Tasks\snf
2017-12-21 18:04 - 2017-12-21 18:08 - 000003678 _____ C:\Windows\System32\Tasks\snp
2017-12-21 17:58 - 2017-12-21 17:58 - 000278509 _____ D:\Users\PBF32560\AppData\Local\Qvonix.bin
2017-12-21 17:39 - 2017-12-21 17:40 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2017-12-21 17:31 - 2017-12-21 17:32 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\02ea52ee39b941ddbb6b00b9c1136b51
2017-12-21 17:29 - 2017-12-21 17:31 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\815028cca7c1412992bb94313cf84b80
2017-12-21 17:26 - 2017-12-21 17:29 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\b6333e54767a425fb2538cf0ff50e93c
2017-12-21 17:22 - 2017-12-21 17:26 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\3fedc89e8cc04b1ea00e4d740ed3356c
2017-12-21 17:19 - 2017-12-21 17:19 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\ea622c5eba7a4420a5598edba04cfbfe
2017-12-21 16:56 - 2017-12-21 16:56 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\506755f6f4a34786a208773233409fb9
2017-12-21 16:46 - 2017-12-21 18:07 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\gplyra
2017-12-21 16:45 - 2017-12-21 16:45 - 000000000 ____D D:\Users\PBF32560\AppData\Local\FastDataX
2017-12-21 16:45 - 2017-12-21 16:45 - 000000000 ____D D:\Users\PBF32560\AppData\Local\AdService
2017-12-21 16:45 - 2017-12-21 16:32 - 001814528 _____ (TODO: <Company name>) D:\Users\PBF32560\AppData\Local\Greentam.exe
2017-12-21 16:42 - 2017-12-21 16:42 - 000003984 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_DF
2017-12-21 16:41 - 2017-12-21 16:41 - 000003046 _____ C:\Windows\System32\Tasks\hostTask
2017-12-21 16:40 - 2017-12-21 16:46 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\86b39862322c4eb0904b4e455d56b4a4
2017-12-21 16:39 - 2017-12-21 16:39 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\8c1976166cd8446a88f344599c6bb520
2017-12-21 16:38 - 2017-12-21 16:38 - 000003908 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_WF
2017-12-21 16:37 - 2017-12-21 16:37 - 000278510 _____ D:\Users\PBF32560\AppData\Local\YearIt.bin
2017-12-21 16:37 - 2017-12-21 16:37 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\8188634ac0bd448c91be29868d5b3407
2017-12-21 16:33 - 2017-12-21 22:03 - 000930816 _____ D:\Users\PBF32560\AppData\Local\po.db
2017-12-21 16:33 - 2017-12-21 17:53 - 000016080 _____ D:\Users\PBF32560\AppData\Local\InstallationConfiguration.xml
2017-12-21 16:33 - 2017-12-21 16:34 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\75c84a4049fc43a79e41264f1e14d5d3
2017-12-21 16:33 - 2017-12-21 16:33 - 000140800 _____ D:\Users\PBF32560\AppData\Local\installer.dat
2017-12-21 16:33 - 2017-12-21 16:33 - 000003996 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_ZN
2017-12-21 16:31 - 2017-12-22 12:00 - 000016692 _____ C:\Windows\System32\Tasks\LogMaster
2017-12-21 16:28 - 2017-12-21 16:50 - 000000000 ____D C:\Program Files (x86)\driverupdaterplus
2017-12-21 16:28 - 2017-12-21 16:29 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\rz3vcoeuzow
2017-12-21 16:26 - 2017-12-21 16:27 - 000000000 ____D C:\Program Files (x86)\WeatherInspect
2017-12-21 16:26 - 2017-12-21 16:26 - 000001810 _____ D:\Users\PBF32560\AppData\Roaming\77WY9SW.exe.config
2017-12-21 16:26 - 2017-12-21 16:26 - 000001810 _____ () D:\Users\PBF32560\AppData\Roaming\77WY9SW.exe.config
2014-10-13 09:23 - 2016-09-22 13:16 - 000002212 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp
2017-03-09 16:48 - 2017-03-09 16:48 - 000002377 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.fhcdvc
2016-04-18 10:06 - 2016-04-18 10:06 - 000003325 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.j358og
2017-03-13 12:13 - 2017-03-13 12:13 - 000002377 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.j3h5md
2016-02-26 16:41 - 2016-02-26 16:41 - 000003325 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.rnk3wz
2014-10-13 09:24 - 2016-09-22 13:16 - 000007174 _____ () D:\Users\PBF32560\AppData\Local\CPREBUILT.tmp
2017-12-21 16:45 - 2017-12-21 16:32 - 001814528 _____ (TODO: <Company name>) D:\Users\PBF32560\AppData\Local\Greentam.exe
2017-12-21 16:33 - 2017-12-21 17:53 - 000016080 _____ () D:\Users\PBF32560\AppData\Local\InstallationConfiguration.xml
2017-12-21 16:33 - 2017-12-21 16:33 - 000140800 _____ () D:\Users\PBF32560\AppData\Local\installer.dat
2017-12-21 16:33 - 2017-12-21 22:03 - 000930816 _____ () D:\Users\PBF32560\AppData\Local\po.db
2017-12-21 17:58 - 2017-12-21 17:58 - 000278509 _____ () D:\Users\PBF32560\AppData\Local\Qvonix.bin
2017-12-21 16:37 - 2017-12-21 16:37 - 000278510 _____ () D:\Users\PBF32560\AppData\Local\YearIt.bin
2017-02-22 01:07 - 2017-02-22 01:07 - 000000000 _____ () D:\Users\PBF32560\AppData\Local\{B026183D-9FEB-4F46-924C-7EB6823643EE}
2016-03-02 18:59 - 2016-03-02 18:59 - 000000000 _____ () D:\Users\PBF32560\AppData\Local\{FFFC5384-965C-46FE-A8C7-AF9E6EC040AE}
Task: {032957DA-0174-4022-B65E-267E47E9B212} - System32\Tasks\{7D4516FF-FB97-4A2D-B896-D8E2335E4C74} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe" -c --uninstall
Task: {089B5AAA-4199-4DF2-ADE9-129F630012D4} - System32\Tasks\psv_K-toning => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Joytex.reg" & del "C:\ProgramData\AppriabuS\Joytex.reg" & SCHTASKS /Delete /TN "psv_K-toning" /F <==== ATTENTION
Task: {1BD53690-C367-4A6C-B73A-716C58D1F865} - System32\Tasks\psv_TanTip => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Mat-Kix.reg" & del "C:\ProgramData\AppriabuS\Mat-Kix.reg" & SCHTASKS /Delete /TN "psv_TanTip" /F <==== ATTENTION
Task: {1F5BE3A5-7ED3-49E5-BC98-F92B272364B4} - System32\Tasks\{409F8E79-03EE-4601-BBEA-D2BD1C799253} => C:\Windows\system32\pcalua.exe -a D:\Users\PBF32560\Downloads\Programs\Download_SpyHunter-Installer.exe -d D:\Users\PBF32560\Downloads\Programs
Task: {20046E77-BFE4-4393-9660-4827C9AA8F9E} - System32\Tasks\psv_OpeTop => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Fasehotis.reg" & del "C:\ProgramData\AppriabuS\Fasehotis.reg" & SCHTASKS /Delete /TN "psv_OpeTop" /F <==== ATTENTION
Task: {2FE53393-FEBA-48B5-BB6D-A1B31E0D9D75} - System32\Tasks\GoogleUpdateSecurityTaskMachine_BJ => C:\ProgramData\1d849d7e0d2f41c8a95ba5be2ca95cec\chipset.exe exec hide KGELWHAAEN.cmd  <==== ATTENTION
Task: {3D451D21-387A-4250-B9E3-20F3F1682823} - System32\Tasks\GoogleUpdateSecurityTaskMachine_ZN => D:\Users\PBF32560\AppData\Local\Temp\9801bf0dc8df4b9cb20695b9033fa650\chipset.exe exec hide HXVYHTVUEW.cmd  <==== ATTENTION
Task: {41244E02-17F1-40AA-BF55-8BE808409D6B} - System32\Tasks\hostTask => C:\ProgramData\PrefsSecure\bush.exe [2017-12-21] () <==== ATTENTION
Task: {4B32D4AC-C8D2-4B31-A4F4-58B31B3D36CA} - System32\Tasks\psv_Lamcof => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Dingtop.reg" & del "C:\ProgramData\AppriabuS\Dingtop.reg" & SCHTASKS /Delete /TN "psv_Lamcof" /F <==== ATTENTION
Task: {55D354A5-0BAF-41FC-B1EC-A7C9D8FA125B} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => D:\\Users\\PBF32560\\AppData\\Roaming\\ErrorReporting\\ermgr.exe [2017-10-06] ()
Task: {62D0B01A-79B5-486F-B9BC-0E991877E3CE} - System32\Tasks\LogMaster => C:\Windows\system32\rundll32.exe "C:\Program Files\LogMaster\LogMaster.dll",gziUSLNO <==== ATTENTION
Task: {745F8EBC-D944-4E12-AECC-1185588AFB39} - System32\Tasks\GoogleUpdateSecurityTaskMachine_DF => D:\Users\PBF32560\AppData\Roaming\86b39862322c4eb0904b4e455d56b4a4\chipset.exe exec hide XWVEXGPBNT.cmd  <==== ATTENTION
Task: {8791318D-E189-4FBA-A4A5-5EF6A88E9ABF} - System32\Tasks\psv_Medlux => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Lexijob.reg" & del "C:\ProgramData\AppriabuS\Lexijob.reg" & SCHTASKS /Delete /TN "psv_Medlux" /F <==== ATTENTION
Task: {8D199399-DA2D-42CA-87B7-0C1D98BF84FD} - System32\Tasks\psv_Stanantop => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Ronjayhold.reg" & del "C:\ProgramData\AppriabuS\Ronjayhold.reg" & SCHTASKS /Delete /TN "psv_Stanantop" /F <==== ATTENTION
Task: {8DD36786-63CF-4440-B1A4-D0AB5A240C27} - System32\Tasks\psv_MathHold => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Stockdex.reg" & del "C:\ProgramData\AppriabuS\Stockdex.reg" & SCHTASKS /Delete /TN "psv_MathHold" /F <==== ATTENTION
Task: {9A0E8331-9F04-48F9-828D-61A00FE4816A} - System32\Tasks\GoogleUpdateSecurityTaskMachine_TK => D:\Users\PBF32560\AppData\Roaming\8188634ac0bd448c91be29868d5b3407\chipset.exe exec hide FXVYZZYTYJ.cmd  <==== ATTENTION
Task: {B2D36112-7304-4E15-95CA-D13739E2790D} - System32\Tasks\psv_Gravetip => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\TranTraxstock.reg" & del "C:\ProgramData\AppriabuS\TranTraxstock.reg" & SCHTASKS /Delete /TN "psv_Gravetip" /F <==== ATTENTION
Task: {BEE40615-F268-4BAF-9550-5508B43A3440} - System32\Tasks\{882552FC-FDE4-449F-AFC6-869C84C97779} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.22.64.107&LastError=12002
Task: {E05EAC6F-F991-4544-A1C4-523BCA10A924} - System32\Tasks\snf => C:\ProgramData\AppriabuS\AppriabuS.exe [2017-12-21] (TODO: <Company name>) <==== ATTENTION
ShortcutWithArgument: D:\Users\PBF32560\AppData\Local\Google\Chrome\User Data\Lanceur d'applications Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: D:\Users\PBF32560\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Lanceur d'applications Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: D:\Users\PBF32560\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: D:\Users\PBF32560\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lanceur d'applications Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
Task: {EE5D5387-E38A-4BE1-98E6-2B2021944AE0} - System32\Tasks\psv_Xxx-lam => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Zoomsiltouch.reg" & del "C:\ProgramData\AppriabuS\Zoomsiltouch.reg" & SCHTASKS /Delete /TN "psv_Xxx-lam" /F <==== ATTENTION
Task: {F92868AC-25E4-4617-8984-48E4E35760A3} - System32\Tasks\snp => C:\ProgramData\AppriabuS\AppriabuS.exe [2017-12-21] (TODO: <Company name>) <==== ATTENTION
MSCONFIG\startupreg: 1IkzjpQxKcfcq2.exe => C:\ProgramData\c5bb54eb95c640149ade34b61d928d51\1IkzjpQxKcfcq2.exe 
MSCONFIG\startupreg: 3cPtjPV.exe => D:\Users\PBF32560\AppData\Local\Temp\5db26e739546411c9056e58898663a58\3cPtjPV.exe 
MSCONFIG\startupreg: 3RNPPMvXmmODT.exe => D:\Users\PBF32560\AppData\Roaming\3fedc89e8cc04b1ea00e4d740ed3356c\3RNPPMvXmmODT.exe 
MSCONFIG\startupreg: 5AUEvr2un.exe => D:\Users\PBF32560\AppData\Local\d9fc0fbec3ae40f59c14d873eef4afd6\5AUEvr2un.exe 
MSCONFIG\startupreg: dn2YoWn.exe => D:\Users\PBF32560\AppData\Local\Temp\4a260b1b04ae4244834c6d989476708c\dn2YoWn.exe 
MSCONFIG\startupreg: dUhWWnU.exe => D:\Users\PBF32560\AppData\Local\Temp\1eec0d17e195448bb383b9bbc2d7f0f0\dUhWWnU.exe 
MSCONFIG\startupreg: efTkcASZZj.exe => C:\ProgramData\6cdfd83eb5b5435fb6c1033924344721\efTkcASZZj.exe 
MSCONFIG\startupreg: gHhpcmErc2vF.exe => D:\Users\PBF32560\AppData\Roaming\b6333e54767a425fb2538cf0ff50e93c\gHhpcmErc2vF.exe 
MSCONFIG\startupreg: GoogleChromeAutoLaunch_6C6FA4DC6AB32237489A069D614D33BD => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: gplyra => D:\Users\PBF32560\AppData\Roaming\gplyra\gplyra.exe
MSCONFIG\startupreg: HKEEYQQLVP.exe => C:\Program Files\CanonBJ\FLQTILQWUQ\HKEEYQQLVP.exe 
MSCONFIG\startupreg: mDbYYQNF.exe => D:\Users\PBF32560\AppData\Roaming\75c84a4049fc43a79e41264f1e14d5d3\mDbYYQNF.exe 
MSCONFIG\startupreg: nK6b1jZDrrXWY.exe => D:\Users\PBF32560\AppData\Local\5c6b5a2540f24860ba3adfd5bde40f31\nK6b1jZDrrXWY.exe 
MSCONFIG\startupreg: O8S5pp5xv9oo7.exe => D:\Users\PBF32560\AppData\Roaming\23d6f1b731d34e3195b60dabe5636f45\O8S5pp5xv9oo7.exe 
MSCONFIG\startupreg: QBapRyMjdCelWG.exe => C:\ProgramData\48f39a33289d4cc0ab22430485e5ba40\QBapRyMjdCelWG.exe 
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RlgVasLiZkXIU.exe => D:\Users\PBF32560\AppData\Local\f28d513fc16346efabdfa4902c91886c\RlgVasLiZkXIU.exe 
MSCONFIG\startupreg: rwtXwCbx.exe => D:\Users\PBF32560\AppData\Roaming\21cb5ff088e64cd68e26a2a652a8b24c\rwtXwCbx.exe 
MSCONFIG\startupreg: UyKxC6rh7.exe => D:\Users\PBF32560\AppData\Local\758ca9f1ca434addab8c4af365fe2f21\UyKxC6rh7.exe 
MSCONFIG\startupreg: vmK6loSpx5ypDY.exe => D:\Users\PBF32560\AppData\Local\da4e97da9c094e72a0fbfac81f54f902\vmK6loSpx5ypDY.exe 
MSCONFIG\startupreg: w76wSRZxNI1.exe => C:\ProgramData\bc6128c7a80742c0b7f3143e58c3a9a3\w76wSRZxNI1.exe 
MSCONFIG\startupreg: wBTa43zch0O3T.exe => D:\Users\PBF32560\AppData\Roaming\5f6855aa1aa249219f2810ddf82530a3\wBTa43zch0O3T.exe 
MSCONFIG\startupreg: ZcR7os97iRO.exe => C:\ProgramData\5a82750361904e8aaf383310dbf097bd\ZcR7os97iRO.exe 
MSCONFIG\startupreg: ZJsLbLj9wwfQg.exe => D:\Users\PBF32560\AppData\Local\796416f490534eaf9ef329459103bc88\ZJsLbLj9wwfQg.exe 
  Hosts:
EmptyTemp:
RemoveProxy:
Reboot:


Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.

Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur.


2°)
Réinitialise/Répare les navigateurs WEB concernés par les problèmes :

3°)
Termine par un nettoyage Malwarebytes - Tutoriel Malwarebytes Anti-Malware version gratuite

4°)
Refais un scan FRST et donne les nouveaux rapports.
1
MelsonF Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by PBF32560 (22-12-2017 12:55:42) Run:1
Running from D:\Users\PBF32560\Desktop
Loaded Profiles: PBF32560 (Available Profiles: PBF32560 & Admin)
Boot Mode: Normal
==============================================

fixlist content:

CreateRestorePoint:
CloseProcesses:()
HKLM-x32\...\Run: [] => [X]
R2 AppriabuS; C:\ProgramData\\AppriabuS\\AppriabuS.exe [1814528 2017-12-21] (TODO: <Company name>) [File not signed]
R2 HNService; D:\Users\PBF32560\AppData\Local\AdService\AdService.dll [711168 2017-12-21] (HNService) [File not signed]
R2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2017-12-21] () [File not signed] <==== ATTENTION
R2 SecureIM; C:\ProgramData\SecureIM.exe [2900632 2017-10-06] (Adobe Systems Incorporated) <==== ATTENTION
R2 tiser; C:\ProgramData\tiser\run.exe [14848 2017-11-06] () [File not signed]
HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id_YWWFYVGMUR.exe] => C:\Program Files\Windows Photo Viewer\OJGLUUFNAA\YWWFYVGMUR.exe [984064 2017-12-21] (Sa7u@JUnb)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\Run: [hNckT6aw.exe] => D:\Users\PBF32560\AppData\Local\Temp\4b6c936931b6475aab2d6ee7dfb372db\hNckT6aw.exe [805376 2017-12-22] (9ni) <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\Run: [mCfaceqzwu.exe] => C:\ProgramData\cd300c8f40df43b8947fec35d744526c\mCfaceqzwu.exe [932864 2017-12-22] (FyF0)
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\Run: [RRDRfEJIQHy.exe] => C:\ProgramData\a0bef962d5e4479cbd9abf5aef058616\RRDRfEJIQHy.exe [820736 2017-12-22] (wG5kHEE)
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\Run: [GoogleChromeAutoLaunch_6C6FA4DC6AB32237489A069D614D33BD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-06] (Google Inc.)
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [CCOTDHUCQJ.exe] => C:\Program Files\CanonBJ\FLQTILQWUQ\CCOTDHUCQJ.exe [1074176 2017-12-21] (0)
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [rHy4HZRt.exe] => D:\Users\PBF32560\AppData\Local\Temp\2f6ec478d7db46c085c96c4fdaa942fd\rHy4HZRt.exe [748032 2017-12-21] () <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [Rs19YiFlY2.exe] => C:\ProgramData\e2370a6cf9ec404bbbebcc1692a5d0a6\Rs19YiFlY2.exe [1074176 2017-12-21] (0) <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [XWVEXGPBNT.exe] => D:\Users\PBF32560\AppData\Roaming\86b39862322c4eb0904b4e455d56b4a4\XWVEXGPBNT.exe [748032 2017-12-21] ()
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [I1v0ODl.exe] => D:\Users\PBF32560\AppData\Local\Temp\6dc47eff2806425280872de3e2fff85d\I1v0ODl.exe [1068032 2017-12-21] (M) <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [AMhyRS3Ek.exe] => D:\Users\PBF32560\AppData\Roaming\815028cca7c1412992bb94313cf84b80\AMhyRS3Ek.exe [1074176 2017-12-21] (0)
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [AUKh9k20W8.exe] => D:\Users\PBF32560\AppData\Roaming\bb0fda926da241239c461de7b7558825\AUKh9k20W8.exe [748032 2017-12-21] ()
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [ZbXTJJ1Cl9.exe] => D:\Users\PBF32560\AppData\Roaming\02ea52ee39b941ddbb6b00b9c1136b51\ZbXTJJ1Cl9.exe [748032 2017-12-21] ()
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [NO413fOUbpZ.exe] => C:\ProgramData\810f8b146ed6468faa4e4f874cf28d04\NO413fOUbpZ.exe [1068032 2017-12-21] (M) <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [Y18C24X.exe] => D:\Users\PBF32560\AppData\Local\cd097352c0b2427e821eb8363eacd186\Y18C24X.exe [748032 2017-12-21] ()
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [hw63nfww2fOTKt.exe] => D:\Users\PBF32560\AppData\Local\8a8fa20b77334799a59a93b5884961df\hw63nfww2fOTKt.exe [748032 2017-12-21] ()
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [zCClwznjzt3PE.exe] => D:\Users\PBF32560\AppData\Local\87b21600ceb44b3ab3b34a5cc8a90559\zCClwznjzt3PE.exe [748032 2017-12-21] ()
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [RESNvHMPOYlBx.exe] => D:\Users\PBF32560\AppData\Local\5e6ff2a769f6400c99119a63700c0f24\RESNvHMPOYlBx.exe [1068032 2017-12-21] (M)
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [pnKIDfzLiD49.exe] => C:\ProgramData\a619983e4b7947b4a3e3c23ab18c9610\pnKIDfzLiD49.exe [1068032 2017-12-21] (M) <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [aZntiOgAPYqZv.exe] => D:\Users\PBF32560\AppData\Local\288f99dc19c94569849995e9374c1303\aZntiOgAPYqZv.exe [748032 2017-12-21] ()
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [TGJbR7tUjd3B1G.exe] => D:\Users\PBF32560\AppData\Local\7aaeda1da0df4861a7b813a62487d753\TGJbR7tUjd3B1G.exe [1068032 2017-12-21] (M)
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [XWV0fRl.exe] => D:\Users\PBF32560\AppData\Local\Temp\26255397b4794a5a8f7e1b4b4edcde44\XWV0fRl.exe [748032 2017-12-21] () <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [3I15HAa.exe] => D:\Users\PBF32560\AppData\Local\Temp\da641e532ed74fcfbe3ac1da85645798\3I15HAa.exe [1068032 2017-12-21] (M) <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [y6qXKzYfaY.exe] => D:\Users\PBF32560\AppData\Local\Temp\23ec989a83044eadac771e9ce6753737\y6qXKzYfaY.exe [1172480 2017-12-21] (VlN2) <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [GkTMwEI.exe] => D:\Users\PBF32560\AppData\Local\Temp\54f9a7a59b8c4c5683d883c05c5ac548\GkTMwEI.exe [748032 2017-12-21] () <==== ATTENTION
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [mRwpnBWsFK8SQ.exe] => D:\Users\PBF32560\AppData\Local\fdf32f809d2d4691b48ebc4a79b9adf1\mRwpnBWsFK8SQ.exe [1192960 2017-12-22] (A)
HKU\S-1-5-21-405680416-1421812660-549785860-18928\...\RunOnce: [5Z9YzXnp7LQT.exe] => C:\ProgramData\4b5033ae24b3428ab6d13535ba847a47\5Z9YzXnp7LQT.exe [748032 2017-12-22] () <==== ATTENTION
AppInit_DLLs: C:\ProgramData\AppriabuS\Viaex.dll => C:\ProgramData\AppriabuS\Viaex.dll [342528 2017-12-21] ()
AppInit_DLLs-x32: C:\ProgramData\AppriabuS\Yearzap.dll => C:\ProgramData\AppriabuS\Yearzap.dll [460800 2017-12-21] ()
2017-12-22 10:45 - 2017-12-22 10:47 - 000000000 ____D D:\Users\PBF32560\AppData\Local\fdf32f809d2d4691b48ebc4a79b9adf1
2017-12-22 10:44 - 2017-12-22 10:44 - 000003266 _____ C:\Windows\System32\Tasks\psv_Medlux
2017-12-22 10:41 - 2017-12-22 10:41 - 000003288 _____ C:\Windows\System32\Tasks\psv_Xxx-lam
2017-12-22 10:41 - 2017-12-22 10:41 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\34318924cc4b4c09a1976547915a2a91
2017-12-22 10:40 - 2017-12-22 10:41 - 000000000 ____D D:\Users\PBF32560\AppData\Local\384c23ef35be44cd94fb6c8d3ee2c364
2017-12-21 23:21 - 2017-12-21 23:21 - 000003274 _____ C:\Windows\System32\Tasks\psv_MathHold
2017-12-21 23:05 - 2017-12-21 23:05 - 000003274 _____ C:\Windows\System32\Tasks\psv_OpeTop
2017-12-21 22:00 - 2017-12-21 22:00 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\ZTEMTUI
2017-12-21 21:23 - 2017-12-21 21:24 - 000000000 ____D D:\Users\PBF32560\AppData\Local\758ca9f1ca434addab8c4af365fe2f21
2017-12-21 20:54 - 2017-12-21 20:54 - 000003198 _____ C:\Windows\System32\Tasks\{7D4516FF-FB97-4A2D-B896-D8E2335E4C74}
2017-12-21 20:37 - 2017-12-21 20:37 - 000000000 ____D D:\Users\PBF32560\AppData\Local\288f99dc19c94569849995e9374c1303
2017-12-21 20:36 - 2017-12-21 20:36 - 000003266 _____ C:\Windows\System32\Tasks\psv_K-toning
2017-12-21 20:34 - 2017-12-21 20:35 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\5f6855aa1aa249219f2810ddf82530a3
2017-12-21 20:33 - 2017-12-21 20:33 - 000003416 ____N C:\bootsqm.dat
2017-12-21 20:16 - 2017-12-21 20:16 - 000000000 ____D D:\Users\PBF32560\AppData\Local\87b21600ceb44b3ab3b34a5cc8a90559
2017-12-21 20:14 - 2017-12-21 20:14 - 000003266 _____ C:\Windows\System32\Tasks\psv_TanTip
2017-12-21 20:13 - 2017-12-21 20:14 - 000000000 ____D D:\Users\PBF32560\AppData\Local\da4e97da9c094e72a0fbfac81f54f902
2017-12-21 20:08 - 2017-12-21 20:08 - 000003284 _____ C:\Windows\System32\Tasks\psv_Stanantop
2017-12-21 20:07 - 2017-12-21 20:07 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\962a3d24fcfb41f08315934cea59c23a
2017-12-21 20:03 - 2017-12-21 20:04 - 000000000 ____D D:\Users\PBF32560\AppData\Local\536428eeb3144df0a05e83cceb390ca6
2017-12-21 20:02 - 2017-12-21 20:03 - 000000000 ____D D:\Users\PBF32560\AppData\Local\da75009a69dc408db86393ff493b39b1
2017-12-21 20:02 - 2017-12-21 20:02 - 000000000 ____D D:\Users\PBF32560\AppData\Local\d9fc0fbec3ae40f59c14d873eef4afd6
2017-12-21 19:51 - 2017-12-21 19:51 - 000003294 _____ C:\Windows\System32\Tasks\psv_Gravetip
2017-12-21 19:50 - 2017-12-21 19:51 - 000000000 ____D D:\Users\PBF32560\AppData\Local\5e6ff2a769f6400c99119a63700c0f24
2017-12-21 19:39 - 2017-12-21 19:39 - 000003274 _____ C:\Windows\System32\Tasks\psv_Unodax
2017-12-21 19:39 - 2017-12-21 19:39 - 000000000 ____D D:\Users\PBF32560\AppData\Local\8a8fa20b77334799a59a93b5884961df
2017-12-21 19:38 - 2017-12-21 19:39 - 000000000 ____D D:\Users\PBF32560\AppData\Local\7aaeda1da0df4861a7b813a62487d753
2017-12-21 19:37 - 2017-12-21 19:38 - 000000000 ____D D:\Users\PBF32560\AppData\Local\5c6b5a2540f24860ba3adfd5bde40f31
2017-12-21 19:36 - 2017-12-21 19:37 - 000000000 ____D D:\Users\PBF32560\AppData\Local\796416f490534eaf9ef329459103bc88
2017-12-21 19:13 - 2017-12-21 19:13 - 000003266 _____ C:\Windows\System32\Tasks\psv_Lamcof
2017-12-21 19:13 - 2017-12-21 19:13 - 000000000 ____D D:\Users\PBF32560\AppData\Local\cd097352c0b2427e821eb8363eacd186
2017-12-21 19:10 - 2017-12-21 19:11 - 000000000 ____D D:\Users\PBF32560\AppData\Local\f28d513fc16346efabdfa4902c91886c
2017-12-21 18:23 - 2017-12-21 18:24 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\bb0fda926da241239c461de7b7558825
2017-12-21 18:20 - 2017-12-21 18:21 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\23d6f1b731d34e3195b60dabe5636f45
2017-12-21 18:19 - 2017-12-21 18:20 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\21cb5ff088e64cd68e26a2a652a8b24c
2017-12-21 18:05 - 2017-12-21 18:08 - 000003256 _____ C:\Windows\System32\Tasks\snf
2017-12-21 18:04 - 2017-12-21 18:08 - 000003678 _____ C:\Windows\System32\Tasks\snp
2017-12-21 17:58 - 2017-12-21 17:58 - 000278509 _____ D:\Users\PBF32560\AppData\Local\Qvonix.bin
2017-12-21 17:39 - 2017-12-21 17:40 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2017-12-21 17:31 - 2017-12-21 17:32 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\02ea52ee39b941ddbb6b00b9c1136b51
2017-12-21 17:29 - 2017-12-21 17:31 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\815028cca7c1412992bb94313cf84b80
2017-12-21 17:26 - 2017-12-21 17:29 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\b6333e54767a425fb2538cf0ff50e93c
2017-12-21 17:22 - 2017-12-21 17:26 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\3fedc89e8cc04b1ea00e4d740ed3356c
2017-12-21 17:19 - 2017-12-21 17:19 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\ea622c5eba7a4420a5598edba04cfbfe
2017-12-21 16:56 - 2017-12-21 16:56 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\506755f6f4a34786a208773233409fb9
2017-12-21 16:46 - 2017-12-21 18:07 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\gplyra
2017-12-21 16:45 - 2017-12-21 16:45 - 000000000 ____D D:\Users\PBF32560\AppData\Local\FastDataX
2017-12-21 16:45 - 2017-12-21 16:45 - 000000000 ____D D:\Users\PBF32560\AppData\Local\AdService
2017-12-21 16:45 - 2017-12-21 16:32 - 001814528 _____ (TODO: <Company name>) D:\Users\PBF32560\AppData\Local\Greentam.exe
2017-12-21 16:42 - 2017-12-21 16:42 - 000003984 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_DF
2017-12-21 16:41 - 2017-12-21 16:41 - 000003046 _____ C:\Windows\System32\Tasks\hostTask
2017-12-21 16:40 - 2017-12-21 16:46 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\86b39862322c4eb0904b4e455d56b4a4
2017-12-21 16:39 - 2017-12-21 16:39 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\8c1976166cd8446a88f344599c6bb520
2017-12-21 16:38 - 2017-12-21 16:38 - 000003908 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_WF
2017-12-21 16:37 - 2017-12-21 16:37 - 000278510 _____ D:\Users\PBF32560\AppData\Local\YearIt.bin
2017-12-21 16:37 - 2017-12-21 16:37 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\8188634ac0bd448c91be29868d5b3407
2017-12-21 16:33 - 2017-12-21 22:03 - 000930816 _____ D:\Users\PBF32560\AppData\Local\po.db
2017-12-21 16:33 - 2017-12-21 17:53 - 000016080 _____ D:\Users\PBF32560\AppData\Local\InstallationConfiguration.xml
2017-12-21 16:33 - 2017-12-21 16:34 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\75c84a4049fc43a79e41264f1e14d5d3
2017-12-21 16:33 - 2017-12-21 16:33 - 000140800 _____ D:\Users\PBF32560\AppData\Local\installer.dat
2017-12-21 16:33 - 2017-12-21 16:33 - 000003996 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_ZN
2017-12-21 16:31 - 2017-12-22 12:00 - 000016692 _____ C:\Windows\System32\Tasks\LogMaster
2017-12-21 16:28 - 2017-12-21 16:50 - 000000000 ____D C:\Program Files (x86)\driverupdaterplus
2017-12-21 16:28 - 2017-12-21 16:29 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\rz3vcoeuzow
2017-12-21 16:26 - 2017-12-21 16:27 - 000000000 ____D C:\Program Files (x86)\WeatherInspect
2017-12-21 16:26 - 2017-12-21 16:26 - 000001810 _____ D:\Users\PBF32560\AppData\Roaming\77WY9SW.exe.config
2017-12-21 16:26 - 2017-12-21 16:26 - 000001810 _____ () D:\Users\PBF32560\AppData\Roaming\77WY9SW.exe.config
2014-10-13 09:23 - 2016-09-22 13:16 - 000002212 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp
2017-03-09 16:48 - 2017-03-09 16:48 - 000002377 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.fhcdvc
2016-04-18 10:06 - 2016-04-18 10:06 - 000003325 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.j358og
2017-03-13 12:13 - 2017-03-13 12:13 - 000002377 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.j3h5md
2016-02-26 16:41 - 2016-02-26 16:41 - 000003325 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.rnk3wz
2014-10-13 09:24 - 2016-09-22 13:16 - 000007174 _____ () D:\Users\PBF32560\AppData\Local\CPREBUILT.tmp
2017-12-21 16:45 - 2017-12-21 16:32 - 001814528 _____ (TODO: <Company name>) D:\Users\PBF32560\AppData\Local\Greentam.exe
2017-12-21 16:33 - 2017-12-21 17:53 - 000016080 _____ () D:\Users\PBF32560\AppData\Local\InstallationConfiguration.xml
2017-12-21 16:33 - 2017-12-21 16:33 - 000140800 _____ () D:\Users\PBF32560\AppData\Local\installer.dat
2017-12-21 16:33 - 2017-12-21 22:03 - 000930816 _____ () D:\Users\PBF32560\AppData\Local\po.db
2017-12-21 17:58 - 2017-12-21 17:58 - 000278509 _____ () D:\Users\PBF32560\AppData\Local\Qvonix.bin
2017-12-21 16:37 - 2017-12-21 16:37 - 000278510 _____ () D:\Users\PBF32560\AppData\Local\YearIt.bin
2017-02-22 01:07 - 2017-02-22 01:07 - 000000000 _____ () D:\Users\PBF32560\AppData\Local\{B026183D-9FEB-4F46-924C-7EB6823643EE}
2016-03-02 18:59 - 2016-03-02 18:59 - 000000000 _____ () D:\Users\PBF32560\AppData\Local\{FFFC5384-965C-46FE-A8C7-AF9E6EC040AE}
Task: {032957DA-0174-4022-B65E-267E47E9B212} - System32\Tasks\{7D4516FF-FB97-4A2D-B896-D8E2335E4C74} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe" -c --uninstall
Task: {089B5AAA-4199-4DF2-ADE9-129F630012D4} - System32\Tasks\psv_K-toning => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Joytex.reg" & del "C:\ProgramData\AppriabuS\Joytex.reg" & SCHTASKS /Delete /TN "psv_K-toning" /F <==== ATTENTION
Task: {1BD53690-C367-4A6C-B73A-716C58D1F865} - System32\Tasks\psv_TanTip => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Mat-Kix.reg" & del "C:\ProgramData\AppriabuS\Mat-Kix.reg" & SCHTASKS /Delete /TN "psv_TanTip" /F <==== ATTENTION
Task: {1F5BE3A5-7ED3-49E5-BC98-F92B272364B4} - System32\Tasks\{409F8E79-03EE-4601-BBEA-D2BD1C799253} => C:\Windows\system32\pcalua.exe -a D:\Users\PBF32560\Downloads\Programs\Download_SpyHunter-Installer.exe -d D:\Users\PBF32560\Downloads\Programs
Task: {20046E77-BFE4-4393-9660-4827C9AA8F9E} - System32\Tasks\psv_OpeTop => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Fasehotis.reg" & del "C:\ProgramData\AppriabuS\Fasehotis.reg" & SCHTASKS /Delete /TN "psv_OpeTop" /F <==== ATTENTION
Task: {2FE53393-FEBA-48B5-BB6D-A1B31E0D9D75} - System32\Tasks\GoogleUpdateSecurityTaskMachine_BJ => C:\ProgramData\1d849d7e0d2f41c8a95ba5be2ca95cec\chipset.exe exec hide KGELWHAAEN.cmd <==== ATTENTION
Task: {3D451D21-387A-4250-B9E3-20F3F1682823} - System32\Tasks\GoogleUpdateSecurityTaskMachine_ZN => D:\Users\PBF32560\AppData\Local\Temp\9801bf0dc8df4b9cb20695b9033fa650\chipset.exe exec hide HXVYHTVUEW.cmd <==== ATTENTION
Task: {41244E02-17F1-40AA-BF55-8BE808409D6B} - System32\Tasks\hostTask => C:\ProgramData\PrefsSecure\bush.exe [2017-12-21] () <==== ATTENTION
Task: {4B32D4AC-C8D2-4B31-A4F4-58B31B3D36CA} - System32\Tasks\psv_Lamcof => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Dingtop.reg" & del "C:\ProgramData\AppriabuS\Dingtop.reg" & SCHTASKS /Delete /TN "psv_Lamcof" /F <==== ATTENTION
Task: {55D354A5-0BAF-41FC-B1EC-A7C9D8FA125B} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => D:\\Users\\PBF32560\\AppData\\Roaming\\ErrorReporting\\ermgr.exe [2017-10-06] ()
Task: {62D0B01A-79B5-486F-B9BC-0E991877E3CE} - System32\Tasks\LogMaster => C:\Windows\system32\rundll32.exe "C:\Program Files\LogMaster\LogMaster.dll",gziUSLNO <==== ATTENTION
Task: {745F8EBC-D944-4E12-AECC-1185588AFB39} - System32\Tasks\GoogleUpdateSecurityTaskMachine_DF => D:\Users\PBF32560\AppData\Roaming\86b39862322c4eb0904b4e455d56b4a4\chipset.exe exec hide XWVEXGPBNT.cmd <==== ATTENTION
Task: {8791318D-E189-4FBA-A4A5-5EF6A88E9ABF} - System32\Tasks\psv_Medlux => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Lexijob.reg" & del "C:\ProgramData\AppriabuS\Lexijob.reg" & SCHTASKS /Delete /TN "psv_Medlux" /F <==== ATTENTION
Task: {8D199399-DA2D-42CA-87B7-0C1D98BF84FD} - System32\Tasks\psv_Stanantop => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Ronjayhold.reg" & del "C:\ProgramData\AppriabuS\Ronjayhold.reg" & SCHTASKS /Delete /TN "psv_Stanantop" /F <==== ATTENTION
Task: {8DD36786-63CF-4440-B1A4-D0AB5A240C27} - System32\Tasks\psv_MathHold => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Stockdex.reg" & del "C:\ProgramData\AppriabuS\Stockdex.reg" & SCHTASKS /Delete /TN "psv_MathHold" /F <==== ATTENTION
Task: {9A0E8331-9F04-48F9-828D-61A00FE4816A} - System32\Tasks\GoogleUpdateSecurityTaskMachine_TK => D:\Users\PBF32560\AppData\Roaming\8188634ac0bd448c91be29868d5b3407\chipset.exe exec hide FXVYZZYTYJ.cmd <==== ATTENTION
Task: {B2D36112-7304-4E15-95CA-D13739E2790D} - System32\Tasks\psv_Gravetip => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\TranTraxstock.reg" & del "C:\ProgramData\AppriabuS\TranTraxstock.reg" & SCHTASKS /Delete /TN "psv_Gravetip" /F <==== ATTENTION
Task: {BEE40615-F268-4BAF-9550-5508B43A3440} - System32\Tasks\{882552FC-FDE4-449F-AFC6-869C84C97779} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.22.64.107&LastError=12002
Task: {E05EAC6F-F991-4544-A1C4-523BCA10A924} - System32\Tasks\snf => C:\ProgramData\AppriabuS\AppriabuS.exe [2017-12-21] (TODO: <Company name>) <==== ATTENTION
ShortcutWithArgument: D:\Users\PBF32560\AppData\Local\Google\Chrome\User Data\Lanceur d'applications Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: D:\Users\PBF32560\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Lanceur d'applications Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: D:\Users\PBF32560\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: D:\Users\PBF32560\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lanceur d'applications Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
Task: {EE5D5387-E38A-4BE1-98E6-2B2021944AE0} - System32\Tasks\psv_Xxx-lam => cmd.exe /c regedit.exe /s "C:\ProgramData\AppriabuS\Zoomsiltouch.reg" & del "C:\ProgramData\AppriabuS\Zoomsiltouch.reg" & SCHTASKS /Delete /TN "psv_Xxx-lam" /F <==== ATTENTION
Task: {F92868AC-25E4-4617-8984-48E4E35760A3} - System32\Tasks\snp => C:\ProgramData\AppriabuS\AppriabuS.exe [2017-12-21] (TODO: <Company name>) <==== ATTENTION
MSCONFIG\startupreg: 1IkzjpQxKcfcq2.exe => C:\ProgramData\c5bb54eb95c640149ade34b61d928d51\1IkzjpQxKcfcq2.exe
MSCONFIG\startupreg: 3cPtjPV.exe => D:\Users\PBF32560\AppData\Local\Temp\5db26e739546411c9056e58898663a58\3cPtjPV.exe
MSCONFIG\startupreg: 3RNPPMvXmmODT.exe => D:\Users\PBF32560\AppData\Roaming\3fedc89e8cc04b1ea00e4d740ed3356c\3RNPPMvXmmODT.exe
MSCONFIG\startupreg: 5AUEvr2un.exe => D:\Users\PBF32560\AppData\Local\d9fc0fbec3ae40f59c14d873eef4afd6\5AUEvr2un.exe
MSCONFIG\startupreg: dn2YoWn.exe => D:\Users\PBF32560\AppData\Local\Temp\4a260b1b04ae4244834c6d989476708c\dn2YoWn.exe
MSCONFIG\startupreg: dUhWWnU.exe => D:\Users\PBF32560\AppData\Local\Temp\1eec0d17e195448bb383b9bbc2d7f0f0\dUhWWnU.exe
MSCONFIG\startupreg: efTkcASZZj.exe => C:\ProgramData\6cdfd83eb5b5435fb6c1033924344721\efTkcASZZj.exe
MSCONFIG\startupreg: gHhpcmErc2vF.exe => D:\Users\PBF32560\AppData\Roaming\b6333e54767a425fb2538cf0ff50e93c\gHhpcmErc2vF.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_6C6FA4DC6AB32237489A069D614D33BD => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: gplyra => D:\Users\PBF32560\AppData\Roaming\gplyra\gplyra.exe
MSCONFIG\startupreg: HKEEYQQLVP.exe => C:\Program Files\CanonBJ\FLQTILQWUQ\HKEEYQQLVP.exe
MSCONFIG\startupreg: mDbYYQNF.exe => D:\Users\PBF32560\AppData\Roaming\75c84a4049fc43a79e41264f1e14d5d3\mDbYYQNF.exe
MSCONFIG\startupreg: nK6b1jZDrrXWY.exe => D:\Users\PBF32560\AppData\Local\5c6b5a2540f24860ba3adfd5bde40f31\nK6b1jZDrrXWY.exe
MSCONFIG\startupreg: O8S5pp5xv9oo7.exe => D:\Users\PBF32560\AppData\Roaming\23d6f1b731d34e3195b60dabe5636f45\O8S5pp5xv9oo7.exe
MSCONFIG\startupreg: QBapRyMjdCelWG.exe => C:\ProgramData\48f39a33289d4cc0ab22430485e5ba40\QBapRyMjdCelWG.exe
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: RlgVasLiZkXIU.exe => D:\Users\PBF32560\AppData\Local\f28d513fc16346efabdfa4902c91886c\RlgVasLiZkXIU.exe
MSCONFIG\startupreg: rwtXwCbx.exe => D:\Users\PBF32560\AppData\Roaming\21cb5ff088e64cd68e26a2a652a8b24c\rwtXwCbx.exe
MSCONFIG\startupreg: UyKxC6rh7.exe => D:\Users\PBF32560\AppData\Local\758ca9f1ca434addab8c4af365fe2f21\UyKxC6rh7.exe
MSCONFIG\startupreg: vmK6loSpx5ypDY.exe => D:\Users\PBF32560\AppData\Local\da4e97da9c094e72a0fbfac81f54f902\vmK6loSpx5ypDY.exe
MSCONFIG\startupreg: w76wSRZxNI1.exe => C:\ProgramData\bc6128c7a80742c0b7f3143e58c3a9a3\w76wSRZxNI1.exe
MSCONFIG\startupreg: wBTa43zch0O3T.exe => D:\Users\PBF32560\AppData\Roaming\5f6855aa1aa249219f2810ddf82530a3\wBTa43zch0O3T.exe
MSCONFIG\startupreg: ZcR7os97iRO.exe => C:\ProgramData\5a82750361904e8aaf383310dbf097bd\ZcR7os97iRO.exe
MSCONFIG\startupreg: ZJsLbLj9wwfQg.exe => D:\Users\PBF32560\AppData\Local\796416f490534eaf9ef329459103bc88\ZJsLbLj9wwfQg.exe
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:


Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\System\CurrentControlSet\Services\AppriabuS" => removed successfully
AppriabuS => service removed successfully
"HKLM\System\CurrentControlSet\Services\HNService" => removed successfully
HNService => service removed successfully
"HKLM\System\CurrentControlSet\Services\Nettrans" => removed successfully
Nettrans => service removed successfully
"HKLM\System\CurrentControlSet\Services\SecureIM" => removed successfully
SecureIM => service removed successfully
"HKLM\System\CurrentControlSet\Services\tiser" => removed successfully
tiser => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Lahin_Raw_barra_al3eb_b3id_YWWFYVGMUR.exe => value removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A" => removed successfully
"HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138" => removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\Run\\hNckT6aw.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\Run\\mCfaceqzwu.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\Run\\RRDRfEJIQHy.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_6C6FA4DC6AB32237489A069D614D33BD => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\CCOTDHUCQJ.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\rHy4HZRt.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Rs19YiFlY2.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\XWVEXGPBNT.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\I1v0ODl.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AMhyRS3Ek.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AUKh9k20W8.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ZbXTJJ1Cl9.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NO413fOUbpZ.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Y18C24X.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\hw63nfww2fOTKt.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\zCClwznjzt3PE.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\RESNvHMPOYlBx.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\pnKIDfzLiD49.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\aZntiOgAPYqZv.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\TGJbR7tUjd3B1G.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\XWV0fRl.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\3I15HAa.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\y6qXKzYfaY.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\GkTMwEI.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mRwpnBWsFK8SQ.exe => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\Software\Microsoft\Windows\CurrentVersion\RunOnce\\5Z9YzXnp7LQT.exe => value removed successfully
"C:\ProgramData\AppriabuS\Viaex.dll" => Value data removed successfully
"C:\ProgramData\AppriabuS\Yearzap.dll" => Value data removed successfully
"2017-12-22 10:45 - 2017-12-22 10:47 - 000000000 ____D D:\Users\PBF32560\AppData\Local\fdf32f809d2d4691b48ebc4a79b9adf1" => not found.
C:\Windows\System32\Tasks\psv_Medlux => moved successfully
C:\Windows\System32\Tasks\psv_Xxx-lam => moved successfully
"2017-12-22 10:41 - 2017-12-22 10:41 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\34318924cc4b4c09a1976547915a2a91" => not found.
"2017-12-22 10:40 - 2017-12-22 10:41 - 000000000 ____D D:\Users\PBF32560\AppData\Local\384c23ef35be44cd94fb6c8d3ee2c364" => not found.
C:\Windows\System32\Tasks\psv_MathHold => moved successfully
C:\Windows\System32\Tasks\psv_OpeTop => moved successfully
"2017-12-21 22:00 - 2017-12-21 22:00 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\ZTEMTUI" => not found.
"2017-12-21 21:23 - 2017-12-21 21:24 - 000000000 ____D D:\Users\PBF32560\AppData\Local\758ca9f1ca434addab8c4af365fe2f21" => not found.
C:\Windows\System32\Tasks\{7D4516FF-FB97-4A2D-B896-D8E2335E4C74} => moved successfully
"2017-12-21 20:37 - 2017-12-21 20:37 - 000000000 ____D D:\Users\PBF32560\AppData\Local\288f99dc19c94569849995e9374c1303" => not found.
C:\Windows\System32\Tasks\psv_K-toning => moved successfully
"2017-12-21 20:34 - 2017-12-21 20:35 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\5f6855aa1aa249219f2810ddf82530a3" => not found.
C:\bootsqm.dat => moved successfully
"2017-12-21 20:16 - 2017-12-21 20:16 - 000000000 ____D D:\Users\PBF32560\AppData\Local\87b21600ceb44b3ab3b34a5cc8a90559" => not found.
C:\Windows\System32\Tasks\psv_TanTip => moved successfully
"2017-12-21 20:13 - 2017-12-21 20:14 - 000000000 ____D D:\Users\PBF32560\AppData\Local\da4e97da9c094e72a0fbfac81f54f902" => not found.
C:\Windows\System32\Tasks\psv_Stanantop => moved successfully
"2017-12-21 20:07 - 2017-12-21 20:07 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\962a3d24fcfb41f08315934cea59c23a" => not found.
"2017-12-21 20:03 - 2017-12-21 20:04 - 000000000 ____D D:\Users\PBF32560\AppData\Local\536428eeb3144df0a05e83cceb390ca6" => not found.
"2017-12-21 20:02 - 2017-12-21 20:03 - 000000000 ____D D:\Users\PBF32560\AppData\Local\da75009a69dc408db86393ff493b39b1" => not found.
"2017-12-21 20:02 - 2017-12-21 20:02 - 000000000 ____D D:\Users\PBF32560\AppData\Local\d9fc0fbec3ae40f59c14d873eef4afd6" => not found.
C:\Windows\System32\Tasks\psv_Gravetip => moved successfully
"2017-12-21 19:50 - 2017-12-21 19:51 - 000000000 ____D D:\Users\PBF32560\AppData\Local\5e6ff2a769f6400c99119a63700c0f24" => not found.
C:\Windows\System32\Tasks\psv_Unodax => moved successfully
"2017-12-21 19:39 - 2017-12-21 19:39 - 000000000 ____D D:\Users\PBF32560\AppData\Local\8a8fa20b77334799a59a93b5884961df" => not found.
"2017-12-21 19:38 - 2017-12-21 19:39 - 000000000 ____D D:\Users\PBF32560\AppData\Local\7aaeda1da0df4861a7b813a62487d753" => not found.
"2017-12-21 19:37 - 2017-12-21 19:38 - 000000000 ____D D:\Users\PBF32560\AppData\Local\5c6b5a2540f24860ba3adfd5bde40f31" => not found.
"2017-12-21 19:36 - 2017-12-21 19:37 - 000000000 ____D D:\Users\PBF32560\AppData\Local\796416f490534eaf9ef329459103bc88" => not found.
C:\Windows\System32\Tasks\psv_Lamcof => moved successfully
"2017-12-21 19:13 - 2017-12-21 19:13 - 000000000 ____D D:\Users\PBF32560\AppData\Local\cd097352c0b2427e821eb8363eacd186" => not found.
"2017-12-21 19:10 - 2017-12-21 19:11 - 000000000 ____D D:\Users\PBF32560\AppData\Local\f28d513fc16346efabdfa4902c91886c" => not found.
"2017-12-21 18:23 - 2017-12-21 18:24 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\bb0fda926da241239c461de7b7558825" => not found.
"2017-12-21 18:20 - 2017-12-21 18:21 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\23d6f1b731d34e3195b60dabe5636f45" => not found.
"2017-12-21 18:19 - 2017-12-21 18:20 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\21cb5ff088e64cd68e26a2a652a8b24c" => not found.
C:\Windows\System32\Tasks\snf => moved successfully
C:\Windows\System32\Tasks\snp => moved successfully
"2017-12-21 17:58 - 2017-12-21 17:58 - 000278509 _____ D:\Users\PBF32560\AppData\Local\Qvonix.bin" => not found.
"2017-12-21 17:39 - 2017-12-21 17:40 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices" => not found.
"2017-12-21 17:31 - 2017-12-21 17:32 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\02ea52ee39b941ddbb6b00b9c1136b51" => not found.
"2017-12-21 17:29 - 2017-12-21 17:31 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\815028cca7c1412992bb94313cf84b80" => not found.
"2017-12-21 17:26 - 2017-12-21 17:29 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\b6333e54767a425fb2538cf0ff50e93c" => not found.
"2017-12-21 17:22 - 2017-12-21 17:26 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\3fedc89e8cc04b1ea00e4d740ed3356c" => not found.
"2017-12-21 17:19 - 2017-12-21 17:19 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\ea622c5eba7a4420a5598edba04cfbfe" => not found.
"2017-12-21 16:56 - 2017-12-21 16:56 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\506755f6f4a34786a208773233409fb9" => not found.
"2017-12-21 16:46 - 2017-12-21 18:07 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\gplyra" => not found.
"2017-12-21 16:45 - 2017-12-21 16:45 - 000000000 ____D D:\Users\PBF32560\AppData\Local\FastDataX" => not found.
"2017-12-21 16:45 - 2017-12-21 16:45 - 000000000 ____D D:\Users\PBF32560\AppData\Local\AdService" => not found.
"2017-12-21 16:45 - 2017-12-21 16:32 - 001814528 _____ (TODO: <Company name>) D:\Users\PBF32560\AppData\Local\Greentam.exe" => not found.
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_DF => moved successfully
C:\Windows\System32\Tasks\hostTask => moved successfully
"2017-12-21 16:40 - 2017-12-21 16:46 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\86b39862322c4eb0904b4e455d56b4a4" => not found.
"2017-12-21 16:39 - 2017-12-21 16:39 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\8c1976166cd8446a88f344599c6bb520" => not found.
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_WF => moved successfully
"2017-12-21 16:37 - 2017-12-21 16:37 - 000278510 _____ D:\Users\PBF32560\AppData\Local\YearIt.bin" => not found.
"2017-12-21 16:37 - 2017-12-21 16:37 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\8188634ac0bd448c91be29868d5b3407" => not found.
"2017-12-21 16:33 - 2017-12-21 22:03 - 000930816 _____ D:\Users\PBF32560\AppData\Local\po.db" => not found.
"2017-12-21 16:33 - 2017-12-21 17:53 - 000016080 _____ D:\Users\PBF32560\AppData\Local\InstallationConfiguration.xml" => not found.
"2017-12-21 16:33 - 2017-12-21 16:34 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\75c84a4049fc43a79e41264f1e14d5d3" => not found.
"2017-12-21 16:33 - 2017-12-21 16:33 - 000140800 _____ D:\Users\PBF32560\AppData\Local\installer.dat" => not found.
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_ZN => moved successfully
C:\Windows\System32\Tasks\LogMaster => moved successfully
C:\Program Files (x86)\driverupdaterplus => moved successfully
"2017-12-21 16:28 - 2017-12-21 16:29 - 000000000 ____D D:\Users\PBF32560\AppData\Roaming\rz3vcoeuzow" => not found.
C:\Program Files (x86)\WeatherInspect => moved successfully
"2017-12-21 16:26 - 2017-12-21 16:26 - 000001810 _____ D:\Users\PBF32560\AppData\Roaming\77WY9SW.exe.config" => not found.
"2017-12-21 16:26 - 2017-12-21 16:26 - 000001810 _____ () D:\Users\PBF32560\AppData\Roaming\77WY9SW.exe.config" => not found.
"2014-10-13 09:23 - 2016-09-22 13:16 - 000002212 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp" => not found.
"2017-03-09 16:48 - 2017-03-09 16:48 - 000002377 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.fhcdvc" => not found.
"2016-04-18 10:06 - 2016-04-18 10:06 - 000003325 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.j358og" => not found.
"2017-03-13 12:13 - 2017-03-13 12:13 - 000002377 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.j3h5md" => not found.
"2016-02-26 16:41 - 2016-02-26 16:41 - 000003325 _____ () D:\Users\PBF32560\AppData\Local\CPAUTO.tmp.rnk3wz" => not found.
"2014-10-13 09:24 - 2016-09-22 13:16 - 000007174 _____ () D:\Users\PBF32560\AppData\Local\CPREBUILT.tmp" => not found.
"2017-12-21 16:45 - 2017-12-21 16:32 - 001814528 _____ (TODO: <Company name>) D:\Users\PBF32560\AppData\Local\Greentam.exe" => not found.
"2017-12-21 16:33 - 2017-12-21 17:53 - 000016080 _____ () D:\Users\PBF32560\AppData\Local\InstallationConfiguration.xml" => not found.
"2017-12-21 16:33 - 2017-12-21 16:33 - 000140800 _____ () D:\Users\PBF32560\AppData\Local\installer.dat" => not found.
"2017-12-21 16:33 - 2017-12-21 22:03 - 000930816 _____ () D:\Users\PBF32560\AppData\Local\po.db" => not found.
"2017-12-21 17:58 - 2017-12-21 17:58 - 000278509 _____ () D:\Users\PBF32560\AppData\Local\Qvonix.bin" => not found.
"2017-12-21 16:37 - 2017-12-21 16:37 - 000278510 _____ () D:\Users\PBF32560\AppData\Local\YearIt.bin" => not found.
"2017-02-22 01:07 - 2017-02-22 01:07 - 000000000 _____ () D:\Users\PBF32560\AppData\Local\{B026183D-9FEB-4F46-924C-7EB6823643EE}" => not found.
"2016-03-02 18:59 - 2016-03-02 18:59 - 000000000 _____ () D:\Users\PBF32560\AppData\Local\{FFFC5384-965C-46FE-A8C7-AF9E6EC040AE}" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{032957DA-0174-4022-B65E-267E47E9B212} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{032957DA-0174-4022-B65E-267E47E9B212}" => removed successfully
C:\Windows\System32\Tasks\{7D4516FF-FB97-4A2D-B896-D8E2335E4C74} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D4516FF-FB97-4A2D-B896-D8E2335E4C74}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{089B5AAA-4199-4DF2-ADE9-129F630012D4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{089B5AAA-4199-4DF2-ADE9-129F630012D4}" => removed successfully
C:\Windows\System32\Tasks\psv_K-toning => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_K-toning" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BD53690-C367-4A6C-B73A-716C58D1F865}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BD53690-C367-4A6C-B73A-716C58D1F865}" => removed successfully
C:\Windows\System32\Tasks\psv_TanTip => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_TanTip" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F5BE3A5-7ED3-49E5-BC98-F92B272364B4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F5BE3A5-7ED3-49E5-BC98-F92B272364B4}" => removed successfully
C:\Windows\System32\Tasks\{409F8E79-03EE-4601-BBEA-D2BD1C799253} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{409F8E79-03EE-4601-BBEA-D2BD1C799253}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20046E77-BFE4-4393-9660-4827C9AA8F9E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20046E77-BFE4-4393-9660-4827C9AA8F9E}" => removed successfully
C:\Windows\System32\Tasks\psv_OpeTop => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_OpeTop" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FE53393-FEBA-48B5-BB6D-A1B31E0D9D75}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FE53393-FEBA-48B5-BB6D-A1B31E0D9D75}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_BJ => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_BJ" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D451D21-387A-4250-B9E3-20F3F1682823}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D451D21-387A-4250-B9E3-20F3F1682823}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_ZN => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_ZN" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41244E02-17F1-40AA-BF55-8BE808409D6B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41244E02-17F1-40AA-BF55-8BE808409D6B}" => removed successfully
C:\Windows\System32\Tasks\hostTask => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hostTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B32D4AC-C8D2-4B31-A4F4-58B31B3D36CA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B32D4AC-C8D2-4B31-A4F4-58B31B3D36CA}" => removed successfully
C:\Windows\System32\Tasks\psv_Lamcof => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Lamcof" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55D354A5-0BAF-41FC-B1EC-A7C9D8FA125B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55D354A5-0BAF-41FC-B1EC-A7C9D8FA125B}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\ErrorReporting" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{62D0B01A-79B5-486F-B9BC-0E991877E3CE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62D0B01A-79B5-486F-B9BC-0E991877E3CE}" => removed successfully
C:\Windows\System32\Tasks\LogMaster => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LogMaster" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{745F8EBC-D944-4E12-AECC-1185588AFB39}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{745F8EBC-D944-4E12-AECC-1185588AFB39}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_DF => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_DF" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8791318D-E189-4FBA-A4A5-5EF6A88E9ABF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8791318D-E189-4FBA-A4A5-5EF6A88E9ABF}" => removed successfully
C:\Windows\System32\Tasks\psv_Medlux => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Medlux" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D199399-DA2D-42CA-87B7-0C1D98BF84FD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D199399-DA2D-42CA-87B7-0C1D98BF84FD}" => removed successfully
C:\Windows\System32\Tasks\psv_Stanantop => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Stanantop" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DD36786-63CF-4440-B1A4-D0AB5A240C27}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DD36786-63CF-4440-B1A4-D0AB5A240C27}" => removed successfully
C:\Windows\System32\Tasks\psv_MathHold => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_MathHold" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A0E8331-9F04-48F9-828D-61A00FE4816A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A0E8331-9F04-48F9-828D-61A00FE4816A}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_TK => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_TK" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2D36112-7304-4E15-95CA-D13739E2790D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2D36112-7304-4E15-95CA-D13739E2790D}" => removed successfully
C:\Windows\System32\Tasks\psv_Gravetip => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Gravetip" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEE40615-F268-4BAF-9550-5508B43A3440}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEE40615-F268-4BAF-9550-5508B43A3440}" => removed successfully
C:\Windows\System32\Tasks\{882552FC-FDE4-449F-AFC6-869C84C97779} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{882552FC-FDE4-449F-AFC6-869C84C97779}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E05EAC6F-F991-4544-A1C4-523BCA10A924}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E05EAC6F-F991-4544-A1C4-523BCA10A924}" => removed successfully
C:\Windows\System32\Tasks\snf => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snf" => removed successfully
D:\Users\PBF32560\AppData\Local\Google\Chrome\User Data\Lanceur d'applications Google Chrome.lnk => not found.
D:\Users\PBF32560\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Lanceur d'applications Google Chrome.lnk => not found.
D:\Users\PBF32560\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Google Hangouts.lnk => not found.
D:\Users\PBF32560\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lanceur d'applications Google Chrome.lnk => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE5D5387-E38A-4BE1-98E6-2B2021944AE0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE5D5387-E38A-4BE1-98E6-2B2021944AE0}" => removed successfully
C:\Windows\System32\Tasks\psv_Xxx-lam => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Xxx-lam" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F92868AC-25E4-4617-8984-48E4E35760A3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F92868AC-25E4-4617-8984-48E4E35760A3}" => removed successfully
C:\Windows\System32\Tasks\snp => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\1IkzjpQxKcfcq2.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\3cPtjPV.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\3RNPPMvXmmODT.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\5AUEvr2un.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dn2YoWn.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dUhWWnU.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\efTkcASZZj.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gHhpcmErc2vF.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_6C6FA4DC6AB32237489A069D614D33BD" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gplyra" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HKEEYQQLVP.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mDbYYQNF.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nK6b1jZDrrXWY.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\O8S5pp5xv9oo7.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QBapRyMjdCelWG.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RESTART_STICKY_NOTES" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RlgVasLiZkXIU.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\rwtXwCbx.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UyKxC6rh7.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vmK6loSpx5ypDY.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\w76wSRZxNI1.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\wBTa43zch0O3T.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZcR7os97iRO.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZJsLbLj9wwfQg.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-405680416-1421812660-549785860-18928\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-405680416-1421812660-549785860-18928\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3445177 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 5638055 B
Edge => 0 B
Chrome => 19051377 B
Firefox => 2903833 B
Opera => 193536 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 91319 B
systemprofile32 => 161911 B
LocalService => 320169 B
NetworkService => 68988 B
PBF32560 => 653611545 B
Admin => 296268452 B
FKS => 0 B

RecycleBin => 0 B
EmptyTemp: => 944.3 MB temporary data Removed.

================================


The system needed a reboot.

End of Fixlog 12:58:15

0
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685 > MelsonF Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
ok suis la prcédure en entier.
0
MelsonF Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
SVP les paragraphes dans la méthode de repérage de internet explorer son les méthodes ou juste ce qui est dit de faire dans les panneaux de configuration? Je tourne sous win7
0
MelsonF Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
https://pjjoint.malekal.com/files.php?id=20171222_p11x15o6b12p14
0
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685 > MelsonF Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
fais une réinitialisation manuelle de Firefox et Chrome puis la suite.
0
Réponse 3 / 3
Malekal_morte- Messages postés 180304 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 685
 
Parfait =)

Supprime le dossier C:\FRST


Termine par un nettoyage Malwarebytes - Tutoriel Malwarebytes Anti-Malware version gratuite
Evite les analyses et nettoyages réguliers ZHPCleaner, AdwCleaner, pas utile.

Quelques conseils :

Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : Dossier Adwares/PUPs : programmes indésirables et parasites
(Surtout active les détections LPIs pour détecter les programmes parasites et publicitaires)


0
MelsonF Messages postés 9 Date d'inscription   Statut Membre Dernière intervention  
 
ok, merci encore.
0