start::
closeprocesses:
createrestorepoint:
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
CustomCLSID: HKU\S-1-5-21-3585235667-2381021890-1610824351-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Antoine\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3585235667-2381021890-1610824351-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Antoine\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3585235667-2381021890-1610824351-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Antoine\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3585235667-2381021890-1610824351-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Antoine\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3585235667-2381021890-1610824351-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Antoine\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3585235667-2381021890-1610824351-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Antoine\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShortcutWithArgument: C:\Users\Antoine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Hrice\Ibwt\3C357DE9"
ShortcutWithArgument: C:\Users\Antoine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Hrice\Ibwt\3C357DE9"
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`20hfm [0]
IE trusted site: HKU\S-1-5-21-3585235667-2381021890-1610824351-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3585235667-2381021890-1610824351-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3585235667-2381021890-1610824351-1001\...\MountPoints2: {2ebfcf2d-edb8-11e9-9ba7-e0d55e37c98b} - "G:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications (1).lnk [2018-03-02]
ShortcutTarget: ScpToolkit Tray Notifications (1).lnk -> D:\ScpTrayApp.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications (2).lnk [2018-03-02]
ShortcutTarget: ScpToolkit Tray Notifications (2).lnk -> D:\ScpTrayApp.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications (3).lnk [2018-03-02]
ShortcutTarget: ScpToolkit Tray Notifications (3).lnk -> D:\ScpTrayApp.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2018-03-02]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> D:\ScpTrayApp.exe (No File)
BootExecute: autocheck autochk * icarus_rvrt.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {41CC14F9-D7C5-4C07-8C04-5B017F6065F6} - System32\Tasks\Microsoft\OneCore\DirectX\Winb.Management.IisClient.resources => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe /silent C:\PROGRA~3\NativeLess\BolicyListen\AMSTeni_Icthr.dll /unregister
Task: {66AC3D3F-EA51-43E8-A128-242750BB2BC0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Plugin HKU\S-1-5-21-3585235667-2381021890-1610824351-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
C:\Users\Antoine\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
C:\Users\Antoine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
C:\ProgramData\Hrice
2021-07-25 15:31 - 2021-07-25 15:31 - 000059312 ____C (Avast Software) C:\WINDOWS\system32\Drivers\aswc37f360dae0a081c.tmp
2021-07-25 15:04 - 2021-07-02 11:12 - 000036120 ____C (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2021-07-25 14:59 - 2021-07-25 14:48 - 000339736 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-07-25 14:49 - 2021-07-25 15:35 - 000000000 ___DC C:\Users\Antoine\AppData\Roaming\Avast Software
2021-07-25 14:48 - 2021-07-25 15:37 - 000000000 ___DC C:\Program Files\Avast Software
2021-07-25 14:48 - 2021-07-25 14:48 - 000851192 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\asw9dc9459aed8bffbc.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000524400 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\asw1680b340031d1045.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000471920 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\asw2c0ad1c5507f6dd6.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000366616 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswca498d5941294006.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000327536 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\asw5c4c1e43c59197e4.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000250392 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\asw34c7a37707992586.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000216928 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\asw5914e7fe635aa018.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000215384 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswf7eb1f7aa5c2a675.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000182600 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\asw52515481c3c02f19.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000107848 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\asw887999896d97d759.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000099352 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\asw396864ea4c98f4a5.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000082912 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswf5557255ac8d5963.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000041352 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswa4c7329b536a54b3.tmp
2021-07-25 14:48 - 2021-07-25 14:48 - 000017328 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\asw36b9b930dfbceb19.tmp
2021-07-25 14:47 - 2021-07-25 14:47 - 000224552 ____C (AVAST Software) C:\Users\Antoine\Downloads\avast_free_antivirus_setup_online.exe
2021-07-25 14:26 - 2021-07-25 14:26 - 000000000 ___DC C:\Users\Antoine\AppData\Local\AdAwareDesktop
2021-07-25 14:24 - 2021-07-25 14:24 - 017109240 ____C C:\Users\Antoine\Downloads\Adaware_Installer_UM.exe
2021-07-15 15:26 - 2021-07-25 00:55 - 000000000 __HDC C:\ProgramData\Hrice
2021-07-15 11:46 - 2021-07-15 11:46 - 000000013 ____C C:\ProgramData\kaosdma.txt
2021-07-15 11:46 - 2021-07-15 11:46 - 000000000 __HDC C:\WINDOWS\rss
2021-07-15 11:46 - 2021-07-15 11:46 - 000000000 ___DC C:\Users\Antoine\AppData\Roaming\redblur
2021-07-15 11:46 - 2021-07-15 11:46 - 000000000 ____C C:\ProgramData\123740.123740
2021-07-15 11:46 - 2021-07-15 11:46 - 000000000 ____C C:\ProgramData\107287.107287
2021-07-15 11:45 - 2021-07-15 11:46 - 000000000 ___DC C:\Users\Antoine\AppData\LocalLow\wG3cB0qZ3rM5x
2021-07-15 11:45 - 2021-07-15 11:45 - 029535512 ____C (Icecream Apps ) C:\Users\Antoine\Documents\VSu94gCaHfO3SrVfN9OidXpg.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 004664872 ____C C:\Users\Antoine\Documents\pWUJ5ZGd1Nk0heS5KrJOecuj.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 004431528 ____C (Oleg N. Scherbakov) C:\Users\Antoine\Documents\stxzDXsfDIZNfUvLuwtAaXig.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 002545728 ____C C:\Users\Antoine\Documents\t2G9hXjSv6Z47.sys
2021-07-15 11:45 - 2021-07-15 11:45 - 002431039 ____C (Company ) C:\Users\Antoine\Documents\sSlzkN4whr2ivdsul0tealdD.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 002004216 ____C (Kiff devel.) C:\Users\Antoine\Documents\zQgG7S4aLBXGzrCc5rqKLhaO.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 001334440 ____C (1995 Ford Explorer) C:\Users\Antoine\Documents\UhDiPaJcgkcFhzu_qvWIMBHX.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 001246160 ____C (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-07-15 11:45 - 2021-07-15 11:45 - 000729724 ____C (RealVNC Ltd) C:\Users\Antoine\Documents\zoNfFfl0cIbIcJ2ZMq5LsSbl.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 000334288 ____C (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-07-15 11:45 - 2021-07-15 11:45 - 000261136 ____C (bmnvsvmbnvb) C:\Users\Antoine\AppData\Roaming\8361891.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 000177168 ____C (fdghffdghfdgh) C:\Users\Antoine\AppData\Roaming\1583279.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 000144848 ____C (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-07-15 11:45 - 2021-07-15 11:45 - 000137168 ____C (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-07-15 11:45 - 2021-07-15 11:45 - 000102928 ____C (Derefner) C:\Users\Antoine\AppData\Roaming\6268339.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 000000000 ___DC C:\Users\Antoine\AppData\LocalLow\discord_files
2021-07-15 11:45 - 2021-07-15 11:45 - 000000000 ___DC C:\Users\Antoine\AppData\Local\Yandex
2021-07-15 11:45 - 2021-07-15 11:45 - 000000000 ___DC C:\ProgramData\J0MWXGB400YPVDTQ7DN2MZA46
2021-07-15 11:45 - 2021-07-15 11:45 - 000000000 ___DC C:\ProgramData\48Q2L049XV31DXBXVEMA5PLEP
2021-07-15 11:45 - 2021-07-15 11:45 - 000000000 ___DC C:\Program Files\Common Files\FOJQFENATD
2021-07-15 11:45 - 2021-07-15 11:45 - 000000000 ___DC C:\Program Files (x86)\Company
2021-07-15 11:44 - 2021-07-15 11:46 - 000000000 __HDC C:\Users\Antoine\AppData\Roaming\WinHost
2021-07-15 11:44 - 2021-07-15 11:46 - 000000000 ___DC C:\WINDOWS\PublicGaming
2021-07-15 11:44 - 2021-07-15 11:45 - 000000000 ___DC C:\Users\Antoine\Documents\VlcpVideoV1.0.1
2021-07-15 11:44 - 2021-07-15 11:44 - 000430352 ____C (TypeMatchModelBinderProvider Corporation.) C:\Users\Antoine\Documents\UXtYYdxX6hdciBJPWxiA1A0O.exe
2021-07-15 11:44 - 2021-07-15 11:44 - 000395656 ____C C:\Users\Antoine\Documents\PTI1IlrRiLE4Ph_2dKjXhmmJ.exe
2021-07-15 11:44 - 2021-07-15 11:44 - 000282624 ____C C:\Users\Antoine\Documents\4wxWFQ3dcz6kBvymeEkUACWh.exe
2021-07-15 11:44 - 2021-07-15 11:44 - 000177168 ____C (fdghffdghfdgh) C:\Users\Antoine\AppData\Roaming\6960899.exe
2021-07-15 11:44 - 2021-07-15 11:44 - 000164368 ____C () C:\Users\Antoine\AppData\Roaming\5931494.exe
2021-07-15 11:44 - 2021-07-15 11:44 - 000102928 ____C (Derefner) C:\Users\Antoine\AppData\Roaming\3366401.exe
2021-07-15 11:44 - 2021-07-15 11:44 - 000000223 ____C C:\Users\Antoine\Documents\eE4auKwO7IJZiFUDxGnKvChu.exe
2021-07-25 14:50 - 2018-07-11 19:36 - 000000000 ___DC C:\Users\Antoine\AppData\Local\AVAST Software
2021-07-15 11:45 - 2021-07-15 11:45 - 000137168 ____C (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-07-15 11:45 - 2021-07-15 11:45 - 000440120 ____C (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2021-07-15 11:45 - 2021-07-15 11:45 - 001246160 ____C (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-07-15 11:45 - 2021-07-15 11:45 - 000144848 ____C (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-07-15 11:45 - 2021-07-15 11:45 - 000083784 ____C (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2021-07-15 11:45 - 2021-07-15 11:45 - 000177168 ____C (fdghffdghfdgh) C:\Users\Antoine\AppData\Roaming\1583279.exe
2021-07-15 11:44 - 2021-07-15 11:44 - 000102928 ____C (Derefner) C:\Users\Antoine\AppData\Roaming\3366401.exe
2021-07-15 11:44 - 2021-07-15 11:44 - 000164368 ____C () C:\Users\Antoine\AppData\Roaming\5931494.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 000102928 ____C (Derefner) C:\Users\Antoine\AppData\Roaming\6268339.exe
2021-07-15 11:44 - 2021-07-15 11:44 - 000177168 ____C (fdghffdghfdgh) C:\Users\Antoine\AppData\Roaming\6960899.exe
2021-07-15 11:45 - 2021-07-15 11:45 - 000261136 ____C (bmnvsvmbnvb) C:\Users\Antoine\AppData\Roaming\8361891.exe
cmd: netsh advfirewall reset
emptytemp:
end::