start::
closeprocesses:
createrestorepoint:
virustotal: C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe
virustotal: C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/
AutoConfigURL: [{7A142AAF-315D-45BD-A948-0E990ADB6286}] => hxxp://127.0.0.1:86/
ManualProxies: 0hxxp://127.0.0.1:86/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
FF Homepage: Mozilla\Firefox\Profiles\riqa9lmk.default -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT171003&iDate=2021-05-09 01:00:23&bName=
FF NewTab: Mozilla\Firefox\Profiles\riqa9lmk.default -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT171003&iDate=2021-05-09 01:00:23&bName=
FF Homepage: Mozilla\Firefox\Profiles\holm15hv.default-release -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT171003&iDate=2021-05-09 01:00:23&bName=
FF NewTab: Mozilla\Firefox\Profiles\holm15hv.default-release -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT171003&iDate=2021-05-09 01:00:23&bName=
CHR HKU\S-1-5-21-2753451892-1386766103-3972248124-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icempppimphheennghpecpkheibidefo]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
2021-05-03 18:26 - 2021-05-13 16:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-04-29 15:23 - 2021-04-29 15:59 - 000000000 ____D C:\WINDOWS\AutoKMS
2021-04-29 15:22 - 2021-04-29 15:22 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
CustomCLSID: HKU\S-1-5-21-2753451892-1386766103-3972248124-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\THERRY\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\Microsoft.Nucleus.exe" => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2753451892-1386766103-3972248124-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\THERRY\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\Microsoft.Nucleus.exe" => Pas de fichier
IE trusted site: HKU\S-1-5-21-2753451892-1386766103-3972248124-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{6369B22B-232E-4600-8AA0-2AFA790686D7}] => (Allow) C:\Users\THERRY\AppData\Roaming\BitTorrent\BitTorrent.exe => Pas de fichier
FirewallRules: [{F0B52090-C7B5-44E6-AA3F-66E952B391D7}] => (Allow) C:\Users\THERRY\AppData\Roaming\BitTorrent\BitTorrent.exe => Pas de fichier
FirewallRules: [TCP Query User{533992D7-80F4-4F88-9F63-6B07EF9B46A8}C:\users\therry\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\therry\appdata\roaming\bittorrent\btfs\btfs.exe => Pas de fichier
FirewallRules: [UDP Query User{FEAC3ECD-125E-447B-AA71-4059C519D609}C:\users\therry\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\therry\appdata\roaming\bittorrent\btfs\btfs.exe => Pas de fichier
Task: {759ED7D4-8DCF-4056-95A5-36518E057484} - System32\Tasks\BitTorrentLaunchAfterInstallation => C:\Users\THERRY\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\THERRY\AppData\Roaming\BitTorrent
removeproxy:
emptytemp:
end::