start::
closeprocesses:
createrestorepoint:
AV: Advanced SystemCare Ultimate (Disabled - Out of date) {C3866777-0F1D-82F2-37A8-4CFFC5177032}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
FW: ESET Pare-feu (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Pas de fichier
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Pas de fichier
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Pas de fichier
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Pas de fichier
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Pas de fichier
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Pas de fichier
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> Pas de fichier
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [223]
AlternateDataStreams: C:\Users\KardïnaL\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\KardïnaL\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
MSCONFIG\Services: AdvancedSystemCareService13 => 2
MSCONFIG\Services: ASCAntivirusSrv => 2
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKLM\...\StartupApproved\Run32: => "Malwarebytes TrayApp"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "World of Warships"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "Advanced SystemCare Ultimate"
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\StartupApproved\Run: => "GUDelayStartup"
FirewallRules: [UDP Query User{259E1621-73E1-4A28-9537-9350BBE5F02C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe Pas de fichier
FirewallRules: [TCP Query User{046C9303-3812-4D0F-97DD-1B392689FEE2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe Pas de fichier
FirewallRules: [UDP Query User{2E831015-5450-4431-9E18-EDF9C4048853}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe Pas de fichier
FirewallRules: [TCP Query User{046717BA-45C7-470E-9A21-C6170C486584}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe Pas de fichier
HKU\S-1-5-21-840098930-2013849500-1567866472-1000\...\MountPoints2: {c0f2cd69-6735-11ea-a20b-d8cb8ac32c33} - "G:\mSetup.exe"
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
BootExecute: autocheck autochk * sdnclean64.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\.DEFAULT\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-840098930-2013849500-1567866472-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {09FB037F-23AB-4CD9-8E55-A09EAEDC17C2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {10997102-B643-45BE-BCA7-DE756ABB496A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {18837531-DFE9-4EFA-9B50-66FA6899A583} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {20C49CB8-A816-41B0-8A26-C54DDDB02987} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {23E38F29-AF58-496B-B744-C922170961B2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2753CD24-E3A8-4CBF-A120-994D437A84A8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {334F7A51-8ED5-4A8E-A051-3E0BD1D09E6D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3A745BBD-AB50-4472-A54A-53C244D226BA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5093D37F-C0BF-42BA-A673-303BB59D8894} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {632EF31A-F4F6-48ED-9BAE-AB43B6F0B339} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6C38238B-7773-47B1-807D-CE6ECA51078F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7505DEB4-5578-4D5F-BF29-934231FED20E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8D015810-DCE8-4A40-BC73-C9D6BE54F863} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9B5EDE0E-82E7-4D5E-92BE-E74E3B6BA165} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {A65B420B-9424-4C76-B4AA-FF17AB281C2D} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {A9BB051F-2E09-4106-933D-9121FFCA0847} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B8EF4E69-7260-4416-8007-74983CE1703E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C2F19DC9-03BA-424B-B684-F63288C22879} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C948B28D-6DD5-4C8C-8F25-9AC06D9A5F2C} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => D:\Program Files (x86)\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Task: {D6511660-7FF5-44B2-8BE9-1809741A93AB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D93C473A-02EA-4678-BC30-FC75FB79E405} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {E3A8736A-C278-4E26-A372-B29E69938B50} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EFB29141-61E4-415C-9CC9-CE83878D779F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F83D6F55-8391-49BC-B44A-FB9098FE1D33} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA391FB5-D4B6-4A27-9454-A8EBCD06B8B0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF user.js: detected! => C:\Users\KardïnaL\AppData\Roaming\Mozilla\Firefox\Profiles\1ntncipp.default-1556055133552\user.js [2019-12-20]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2020-01-16] <==== ATTENTION (Pointe vers un fichier *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-03-17]
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-06-10] (Mail.Ru LLC -> LLC Mail.Ru)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16228328 2019-06-10] (Mail.Ru LLC -> LLC Mail.Ru)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-12-01] (Adlice -> )
S3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [34816 2014-05-03] (Elaborate Bytes AG) [Fichier non signé]
S1 EneIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]
U3 idsvc; pas de ImagePath
S3 IMFEFSFileControl; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [X]
C:\Program Files (x86)\IObit
S3 MSICDSetup; \??\E:\CDriver.sys [X]
S3 NTIOLib_MSIDDR_CC; \??\C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [X]
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
2020-03-17 03:42 - 2020-03-17 03:42 - 044797360 _____ (SUPERAntiSpyware) C:\Users\KardïnaL\Downloads\SUPERAntiSpyware.exe
2020-03-17 03:37 - 2020-03-17 03:41 - 000000000 ____D C:\Users\KardïnaL\Doctor Web
2020-03-17 03:37 - 2020-03-17 03:37 - 000000000 ____D C:\ProgramData\Doctor Web
2020-03-16 07:24 - 2020-03-16 07:24 - 000059360 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2020-03-16 07:24 - 2020-03-16 07:24 - 000042256 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2020-03-15 17:39 - 2020-03-17 03:19 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-03-15 17:39 - 2020-03-17 03:12 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-03-16 04:18 - 2020-01-23 06:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-16 04:15 - 2018-07-19 23:03 - 000000000 ____D C:\Users\Public\Logi
2020-03-15 17:40 - 2020-01-16 03:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2020-03-13 07:30 - 2020-01-24 07:18 - 000000000 ____D C:\ProgramData\GlarySoft
hosts:
removeproxy:
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
emptytemp:
end::