start::
closeprocesses:
createrestorepoint:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
virustotal: C:\Users\matth\AppData\Local\Dalekecu\updtask.exe
Task: {1C01F039-4ABD-4DB0-AD37-0F13CBD74262} - System32\Tasks\Secured Yahoo Powered fatoc => C:\Windows\system32\wscript.exe "C:\ProgramData\{BF5C7A3F-351E-F0F9-B3D8-6EBB299AE575}\made" "68747470733a2f2f64337331746b67396634323534712e636c6f756466726f6e742e6e6574" "433a5c50726f6772616d446174615c7b42463543374133462d333531452d463046392d423344382d3645424232393941453537357d5c6365736f6d6f" "433a5c50726f6772616d446174615c7b424635 (l'élément de données a 116 caractères en plus).
C:\ProgramData\{BF5C7A3F-351E-F0F9-B3D8-6EBB299AE575}
Task: {A12FFF26-0F3C-40CF-A17E-382D26162E50} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2018-07-24] (Byte Technologies LLC) <==== ATTENTION
C:\Program Files\ByteFence
virustotal: C:\Users\matth\AppData\Roaming\Lib\autoupdate.exe
Task: {A9539C3B-93BA-429C-A69C-E16745565281} - System32\Tasks\Autoupdate => C:\Users\matth\AppData\Roaming\Lib\autoupdate.exe
virustotal: C:\Users\matth\AppData\Roaming\Lib\tskschd.exe
Task: {F76B6DEF-3B46-4E68-B41C-2E41354E4E6A} - System32\Tasks\Tasker21 => C:\Users\matth\AppData\Roaming\Lib\tskschd.exe
Task: {D7FAD944-5A3C-4370-B4EA-549E0F73E5D1} - System32\Tasks\Opera scheduled Autoupdate 2796787680 => C:\Users\matth\AppData\Roaming\Microsoft\Windows\rffdafad\agsjisfs.exe
Task: C:\Windows\Tasks\Secured Yahoo Powered fatoc.job => Wscript exe
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
FirewallRules: [{FF303118-F666-4914-92B4-AFF82344F559}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{AC377782-85C0-41CF-A195-FD9A46F99C9C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{CD63AC2A-7156-45A8-AAC2-C6DE4B6CE252}] => (Allow) C:\Users\matth\AppData\Roaming\Lib\ntskrnl.exe
FirewallRules: [{C43248FF-D361-4E7F-B4F6-4ECAD109184A}] => (Allow) C:\Users\matth\AppData\Roaming\Lib\ntskrnl.exe
FirewallRules: [{F626B743-8316-4DC1-9596-D487EEDB8757}] => (Allow) C:\Users\matth\AppData\Roaming\Lib\ntskrnl.exe
FirewallRules: [{09135F9B-EC46-4856-B518-19AA8573657E}] => (Allow) C:\Users\matth\AppData\Roaming\Lib\ntskrnl.exe
FirewallRules: [{CAECF789-264D-4FDC-9E87-8536E9A58B2B}] => (Allow) C:\Windows\system32\config\systemprofile\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{E65073A8-B447-4EAF-AB98-B64E52897F8D}] => (Allow) C:\Users\matth\AppData\Local\Chromium\Application\chrome.exe
C:\Users\matth\AppData\Local\Chromium
C:\Windows\system32\config\systemprofile\AppData\Local\Chromium
HKU\S-1-5-21-2567705809-361621855-3502992027-1001\...\Run: [Chromium] => c:\users\matth\appdata\local\chromium\application\chrome.exe [830976 2017-02-13] (The Chromium Authors)
HKU\S-1-5-21-2567705809-361621855-3502992027-1001\...\Run: [GoogleChromeAutoLaunch_2F4C69A28B12385BE183FBA331C596FC] => C:\Users\matth\AppData\Local\chromium\Application\chrome.exe [830976 2017-02-13] (The Chromium Authors)
HKU\S-1-5-21-2567705809-361621855-3502992027-1001\...\RunOnce: [Uninstall 18.131.0701.0007\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\matth\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\amd64"
ShortcutTarget: Avast SecureLine.lnk -> D:\SecureLine\Vpn.exe (Pas de fichier)
Startup: C:\Users\matth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rffdafad.lnk [2018-08-13]
ShortcutTarget: rffdafad.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
CHR DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2567705809-361621855-3502992027-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
R2 ByteFenceService; c:\program files\bytefence\ByteFenceService.exe [157000 2018-07-24] (Byte Technologies LLC)
R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2018-08-16] (Byte Technologies LLC.)
S2 M2M5MTI2; C:\Program Files\M2M5MTI2\ZWJkYTMwMGY0MjI4Yzg.exe [X]
C:\Program Files\M2M5MTI2
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe" [X]
C:\Program Files\Common Files\McAfee
S2 SecureLine; "D:\SecureLine\VpnSvc.exe" [X]
R1 ZDhmNDY0NmE3ZTJlMm; C:\Windows\System32\drivers\ZDhmNDY0NmE3ZTJlMm.sys [310504 2018-08-14] ()
C:\Windows\System32\drivers\ZDhmNDY0NmE3ZTJlMm.sys
2018-09-14 22:18 - 2018-09-14 22:18 - 000002336 _____ C:\Users\matth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2018-09-14 22:18 - 2018-09-14 22:18 - 000000000 ____D C:\Users\matth\AppData\Local\chromium
2018-08-22 13:01 - 2018-09-14 22:16 - 000004178 _____ C:\Windows\System32\Tasks\Secured Yahoo Powered fatoc
2018-08-22 13:01 - 2018-09-14 22:16 - 000001086 _____ C:\Windows\Tasks\Secured Yahoo Powered fatoc.job
2018-09-14 22:16 - 2018-09-14 22:16 - 000133448 _____ () C:\Users\matth\AppData\Local\Temp\bytefenceupdater-csb.exe
hosts:
cmd: ipconfig /flushdns
emptytemp:
end::