start::
closeprocesses:
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-421038150-41597966-3012339316-1001_Classes\CLSID\{a47fb05b-ec6f-030b-6e3b-e3725973b5b61}\InprocServer32 -> 0x6C414141414A38586E695272763955425277424D61574E6C626E4E6C5A46527650564E736557647662334E6C4930567459576C735057467458325A316448563058324A736232356B59554235595768766279356A6232306A5132397463474675655430 (l'élément de données a 162 caractères en plus). => Pas de fichier
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> Pas de fichier
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> Pas de fichier
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> Pas de fichier
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-421038150-41597966-3012339316-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-421038150-41597966-3012339316-1001\...\StartupApproved\Run: => "Web Companion"
FirewallRules: [{4DE757BD-7EFC-4B94-AD4D-DB2E4D60C802}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe => Pas de fichier
FirewallRules: [{D71DD612-4876-49A9-A4F3-7358988CAD1F}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe => Pas de fichier
C:\Program Files (x86)\Digital Communications
HKU\S-1-5-21-421038150-41597966-3012339316-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8146520 2020-06-14] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
C:\Program Files (x86)\Lavasoft
C:\Program Files (x86)\RelevantKnowledge
Task: {0728E513-6EDD-41A0-BABC-768085CD746E} - pas de chemin du fichier
Task: {1838B6E4-C01A-4447-9B8B-DD2E9F4E4F36} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-09] (Adobe Inc. -> Adobe)
Task: {1E9637D9-F637-4A5C-B788-27145CC7A851} - pas de chemin du fichier
Task: {26103BD0-F4B7-4276-A537-B97ABD6893E2} - pas de chemin du fichier
Task: {2B8869FC-88AE-4173-921A-C9F439CF32AF} - pas de chemin du fichier
Task: {2D0F75E9-CD4A-4696-9B25-FDED4A59E7B3} - pas de chemin du fichier
Task: {407B45A8-55C7-414F-917C-3BFF35C0A0F6} - pas de chemin du fichier
Task: {455D0B3E-D897-4E03-AF47-F4E1FBEB7920} - pas de chemin du fichier
Task: {480D52A2-6127-41DB-86B5-0261472D3602} - System32\Tasks\adventureradventurer => C:\Program Files (x86)\beem\beem.exe
Task: {500F47E2-128A-4618-B2B5-F728735599EF} - pas de chemin du fichier
Task: {684C6B22-0FD3-42CD-A566-1ADC004EAF68} - pas de chemin du fichier
Task: {6A19BA60-99E5-4E9E-B867-742A6EC1EFE6} - System32\Tasks\contravenes barcacontravenes barca => C:\Program Files (x86)\Stoically\Fizzle.exe
Task: {8737A381-539E-4B29-B1AA-EDC050B57F7D} - System32\Tasks\SoundBass => C:\Users\sebgr\AppData\Roaming\Unpacker\Unpacker.exe <==== ATTENTION
Task: {96903093-457C-405D-91DB-89AC57EE134B} - pas de chemin du fichier
Task: {9A695F3F-ED19-409E-A12F-194752312582} - pas de chemin du fichier
Task: {9F01C83D-9F86-47E4-AEE6-6A03D1E25FCF} - pas de chemin du fichier
Task: {A0693E99-F868-4718-8A4B-8A766B83DD99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {AD2E20A8-80F1-4D17-834B-2315D42D00B8} - pas de chemin du fichier
Task: {C57A1CD0-6C0D-41CD-8E35-660598B49F4F} - System32\Tasks\bewitchbewitch => C:\Program Files (x86)\Detached\Reclaiming.exe
Task: {D62E8EF0-15C5-462F-ADBA-1EC0CABAB67E} - pas de chemin du fichier
Task: {E0B291E0-68B3-4AB0-82F6-FFE0BC538F40} - pas de chemin du fichier
Task: {F9B97077-B1CF-4B95-83C1-D32B7BAAAFB0} - pas de chemin du fichier
C:\Windows\SysWOW64\Macromed
C:\Program Files (x86)\Stoically
virustotal: C:\Users\sebgr\AppData\Roaming\Unpacker\Unpacker.exe
virustotal: C:\Program Files (x86)\Detached\Reclaiming.exe
virustotal: C:\Program Files (x86)\Stoically\Fizzle.exe
virustotal: C:\Program Files (x86)\beem\beem.exe
ProxyServer: [S-1-5-21-421038150-41597966-3012339316-1001] => 127.0.0.1:8080
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
S2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [6941200 2021-09-13] (Digital Communications Inc -> DlGlTAL COMMUNICATIONS INC) <==== ATTENTION
S2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [690704 2021-09-13] (Digital Communications Inc -> DlGlTAL COMMUNICATIONS INC) <==== ATTENTION
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [86024 2021-09-13] (Digital Communications Inc -> DlGlTAL COMMUNICATIONS INC) <==== ATTENTION
2021-09-13 20:59 - 2021-09-13 20:59 - 000000000 ____D C:\Users\sebgr\AppData\Roaming\santivirusclient
2021-09-13 20:58 - 2021-09-13 20:59 - 000000000 ____D C:\ProgramData\SAntivirus
2021-09-13 20:58 - 2021-09-13 20:58 - 000016438 _____ C:\Users\sebgr\AppData\Local\partner.bmp
2021-09-13 20:58 - 2021-09-13 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2021-09-13 20:58 - 2021-09-13 20:58 - 000000000 ____D C:\Program Files (x86)\Digital Communications
hosts:
removeproxy:
emptytemp:
end::