start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2747427585-35816178-3317031321-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2747427585-35816178-3317031321-1001\...\Run: [rouged] => C:\Program Files (x86)\eavesdrop\rouged.exe [37225 2019-12-28] () [Fichier non signé]
HKU\S-1-5-21-2747427585-35816178-3317031321-1001\...\Run: [bambino] => "C:\Program Files (x86)\Mias\Decorator.exe" alagwalagwalagwalag.alagialagealagcalag.alagpalagwalag/alagy2mq0mq1mqalag9mq1ua2ua2alagy8ymqhtmlualagYXOPqGN0Y9alagLkACg31nw
HKU\S-1-5-21-2747427585-35816178-3317031321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302019180551954\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2747427585-35816178-3317031321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302019180551954\...\Run: [rouged] => C:\Program Files (x86)\eavesdrop\rouged.exe [37225 2019-12-28] () [Fichier non signé]
HKU\S-1-5-21-2747427585-35816178-3317031321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302019180551954\...\Run: [bambino] => "C:\Program Files (x86)\Mias\Decorator.exe" alagwalagwalagwalag.alagialagealagcalag.alagpalagwalag/alagy2mq0mq1mqalag9mq1ua2ua2alagy8ymqhtmlualagYXOPqGN0Y9alagLkACg31nw
Startup: C:\Users\delphine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jccalendrier.lnk [2017-04-01]
ShortcutTarget: jccalendrier.lnk -> C:\Program Files (x86)\JCA2000\JCCAL\JCCalendrier.exe (Pas de fichier)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {082B0FD6-212A-4D34-97B6-BF8428D7AB8B} - System32\Tasks\qiao_millicomqiao_millicom => C:\Users\delphine\AppData\Local\Campeche.exe
Task: {21021E64-77E4-44FC-95F3-7CE07604F198} - System32\Tasks\volpe-arsenidevolpe-arsenide => C:\Program Files (x86)\voigt\Campeche.exe
Task: {5A75DD18-C05C-466E-BC74-BC61764FA19E} - System32\Tasks\bistros_happensbistros_happens => C:\Program Files (x86)\Draughts\Decorator.exe
Task: {9B42C113-8D23-428F-AA6D-24767E19A4FB} - System32\Tasks\atrophied coatatrophied coat => C:\Program Files (x86)\Draughts\Campeche.exe
Task: {A17C436C-0D3A-46F6-9C66-BD7045CD11FF} - System32\Tasks\manzanillomanzanillo => C:\Program Files (x86)\macbride\macbride.exe [9216 2019-12-28] () [Fichier non signé]
Task: {D18A1B97-64B3-40C7-8062-B00C892CA7FB} - System32\Tasks\undercookedundercooked => C:\Program Files (x86)\Mias\Decorator.exe
Task: {FA809566-5F05-4F8F-8A6D-4677F6A7E9BB} - System32\Tasks\hcr scratchpad musicalshcr scratchpad musicals => C:\Users\delphine\AppData\Local\Decorator.exe [9216 2019-12-28] () [Fichier non signé]
C:\Users\delphine\AppData\Local\Campeche.exe
C:\Program Files (x86)\voigt
C:\Program Files (x86)\Draughts
C:\Program Files (x86)\macbride
C:\Program Files (x86)\Mias
C:\Users\delphine\AppData\Local\Decorator.exe
C:\Program Files (x86)\eavesdrop
S2 CoermeryClient; C:\Program Files (x86)\Puhoghtatohi\Mrtlg.dll [X]
S2 QouchplifashMonitor; C:\Program Files (x86)\Copuphfcoly\gscMdl.dll [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 DxVGrb; \SystemRoot\system32\drivers\DxVGrb.sys [X]
S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
2019-12-29 12:02 - 2019-12-28 14:37 - 000009216 _____ C:\Users\delphine\AppData\Local\Decorator.exe
2019-12-28 20:58 - 2019-12-28 20:58 - 000000000 ____D C:\Program Files (x86)\GUM54F.tmp
2019-12-28 17:37 - 2019-12-28 17:37 - 000003808 _____ C:\Windows\system32\Tasks\qiao_millicomqiao_millicom
2019-12-28 17:37 - 2019-12-28 17:37 - 000003808 _____ C:\Windows\system32\Tasks\manzanillomanzanillo
2019-12-28 17:37 - 2019-12-28 17:37 - 000003808 _____ C:\Windows\system32\Tasks\atrophied coatatrophied coat
2019-12-28 17:37 - 2019-12-28 17:37 - 000003802 _____ C:\Windows\system32\Tasks\volpe-arsenidevolpe-arsenide
2019-12-28 17:36 - 2019-12-28 17:36 - 000003810 _____ C:\Windows\system32\Tasks\hcr scratchpad musicalshcr scratchpad musicals
2019-12-28 17:36 - 2019-12-28 17:36 - 000003810 _____ C:\Windows\system32\Tasks\bistros_happensbistros_happens
2019-12-28 17:36 - 2019-12-28 17:36 - 000003802 _____ C:\Windows\system32\Tasks\undercookedundercooked
2019-12-28 17:35 - 2019-12-28 17:35 - 000000000 ___HD C:\Program Files (x86)\eavesdrop
2019-12-28 17:35 - 2019-12-28 17:35 - 000000000 ____D C:\Program Files (x86)\macbride
2019-12-28 17:35 - 2019-12-28 17:35 - 000000000 ____D C:\Program Files (x86)\Beamers
2019-12-29 12:02 - 2019-12-28 14:37 - 000009216 _____ () C:\Users\delphine\AppData\Local\Decorator.exe
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => -> Pas de fichier
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> Pas de fichier
ContextMenuHandlers1: [JZContextMenuExt] -> {9175E343-1C41-4490-B178-14F36504F07E} => -> Pas de fichier
ContextMenuHandlers1: [JZipShlExt] -> {9175E343-1C41-4490-B178-14F36504F07E} => -> Pas de fichier
ContextMenuHandlers1: [WinRAR] -> __{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> Pas de fichier
ContextMenuHandlers1: [WinRAR32] -> __{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Pas de fichier
ContextMenuHandlers6: [WinRAR] -> __{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> Pas de fichier
ContextMenuHandlers6: [WinRAR32] -> __{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Pas de fichier
WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:ActiveScriptEventConsumer.Name=\"ASEC\"",Filter="\\.\root\subscription:__EventFilter.Name=\"EventFilter sethomePage2\":: <==== ATTENTION
WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B0177106 [145]
AlternateDataStreams: C:\Users\delphine\Downloads\photovisi-download.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\delphine\Downloads\photovisi-download.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\delphine\Downloads\photovisi-download.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\delphine\Documents\55462870_1218061985036544_3517877862407340032_n.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\delphine\Documents\55462870_1218061985036544_3517877862407340032_n.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\delphine\Documents\55462870_1218061985036544_3517877862407340032_n.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-2747427585-35816178-3317031321-1001\...\StartupApproved\StartupFolder: => "jccalendrier.lnk"
HKU\S-1-5-21-2747427585-35816178-3317031321-1001\...\StartupApproved\Run: => "QEGN8SJ6LY"
HKU\S-1-5-21-2747427585-35816178-3317031321-1001\...\StartupApproved\Run: => "3H35R9B74Y"
HKU\S-1-5-21-2747427585-35816178-3317031321-1001\...\StartupApproved\Run: => "bambino"
HKU\S-1-5-21-2747427585-35816178-3317031321-1001\...\StartupApproved\Run: => "rouged"
HKU\S-1-5-21-2747427585-35816178-3317031321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302019180551954\...\StartupApproved\StartupFolder: => "jccalendrier.lnk"
HKU\S-1-5-21-2747427585-35816178-3317031321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302019180551954\...\StartupApproved\Run: => "QEGN8SJ6LY"
HKU\S-1-5-21-2747427585-35816178-3317031321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302019180551954\...\StartupApproved\Run: => "3H35R9B74Y"
HKU\S-1-5-21-2747427585-35816178-3317031321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302019180551954\...\StartupApproved\Run: => "bambino"
HKU\S-1-5-21-2747427585-35816178-3317031321-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302019180551954\...\StartupApproved\Run: => "rouged"
FirewallRules: [{2927AC2E-964C-4256-AA1A-DE09E41546B2}] => (Allow) C:\Program Files (x86)\Mias\Decorator.exe Pas de fichier
FirewallRules: [{FB108593-D7A4-4DEC-8125-6B48F41F3AD1}] => (Allow) C:\Program Files (x86)\Draughts\Decorator.exe Pas de fichier
FirewallRules: [{C184735A-F599-4BCC-A748-E70D62D31BD5}] => (Allow) C:\Program Files (x86)\voigt\Campeche.exe Pas de fichier
FirewallRules: [{762E8806-2464-4C0C-BDCA-4E9FA96B6887}] => (Allow) C:\Program Files (x86)\Draughts\Campeche.exe Pas de fichier
hosts:
EmptyTemp:
end::