start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\pinpi\Downloads\Mee6Discord.exe
virustotal: C:\Users\pinpi\Downloads\DiscordHaxx 1.9 [BETA].rar
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => -> Pas de fichier
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Pas de fichier
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll -> Pas de fichier
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Pas de fichier
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Pas de fichier
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Pas de fichier
ContextMenuHandlers4: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => -> Pas de fichier
ContextMenuHandlers6: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll -> Pas de fichier
C:\Program Files (x86)\IObit
AlternateDataStreams: C:\Users\pinpi\AppData\Local\Temp:Session.Id [18]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wncy_ljpnzjx0q1ocegikmov46_20_41_ssg00
HKU\S-1-5-21-3302468058-3532962907-145567378-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wncy_ljpnzjx0q1ocegikmov46_20_41_ssg00
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3302468058-3532962907-145567378-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3302468058-3532962907-145567378-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-3302468058-3532962907-145567378-1001\...\StartupApproved\Run: => "Chromium"
C:\Users\pinpi\Downloads\DiscordHaxx 1.9 [BETA].rar
C:\Users\pinpi\Downloads\Mee6Discord.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BootExecute: autocheck autochk *
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0BEC60AB-8851-4388-99AB-FACF52123F3D} - System32\Tasks\Opera scheduled Autoupdate 1608563382 => C:\Users\pinpi\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {16F5D3BD-9AEE-42A8-B7ED-7106A236B071} - System32\Tasks\Opera scheduled Autoupdate 1596634812 => C:\Users\pinpi\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {30C26961-21A8-4C02-8FB3-F56726B25334} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /ua /installsource scheduler (Pas de fichier)
Task: {387B96C8-739E-425C-ADC8-740234BE1B56} - System32\Tasks\Opera scheduled Autoupdate 1587027608 => C:\Users\pinpi\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {A875AF4B-C60B-4C38-B207-DF38CCD6AB06} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3302468058-3532962907-145567378-500 => C:\Users\pinpi\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Pas de fichier)
Task: {BB228A55-5E35-48BF-B2C3-50B07AE96E11} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (Pas de fichier)
Task: {C4274AAA-5D36-4B24-BFA7-F4E79D67D2BC} - System32\Tasks\Playerme Run on startup => C:\Users\pinpi\AppData\Roaming\SplitmediaLabs\Player.me\PlayerLauncher.exe -startup (Pas de fichier)
Task: {D23F1EA8-C877-4DBD-89C7-5D4FA8FEE392} - System32\Tasks\Playerme Check Updates => C:\Users\pinpi\AppData\Roaming\SplitmediaLabs\Player.me\PlayerLauncher.exe -checkupdates -throttleupdates (Pas de fichier)
Task: {E61C57E5-4B23-4BA0-820C-A1684A9468B5} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe /default (Pas de fichier)
Task: {F2BAE116-E60E-4297-A814-3809C82FB286} - System32\Tasks\Opera scheduled Autoupdate 1587240463 => C:\Users\pinpi\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {FD9D4761-9BB0-4121-9013-2D27E392F854} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /c (Pas de fichier)
Edge HomeButtonPage: HKU\S-1-5-21-3302468058-3532962907-145567378-1001 -> hxxps://www.yandex.ru/?win=449&clid=2341035-18
C:\Program Files\Mozilla Firefox
C:\Program Files (x86)\Mozilla Maintenance Service
C:\Users\pinpi\AppData\Roaming\Mozilla
CHR StartupUrls: Default -> "hxxps://supprimer-spyware.com/supprimer-yahoo-powered-hijacker/"
CHR DefaultSearchURL: Profile 1 -> hxxps://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> yandex.ru
CHR DefaultSuggestURL: Profile 1 -> hxxps://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms}
C:\Users\pinpi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjmpfdkmpojoeemjmfiddlhkkndcdpno
CHR HKLM\...\Chrome\Extension: [bnlfgalbnliphjafcnhjnnnfijekbnod]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi]
CHR HKLM\...\Chrome\Extension: [miockbgloklamfiklogjaohlgekodeok]
CHR HKLM\...\Chrome\Extension: [obhdbhpjhfncnelcpknkffpdmpdcjpep]
CHR HKU\S-1-5-21-3302468058-3532962907-145567378-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnlfgalbnliphjafcnhjnnnfijekbnod]
CHR HKU\S-1-5-21-3302468058-3532962907-145567378-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi]
CHR HKU\S-1-5-21-3302468058-3532962907-145567378-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [miockbgloklamfiklogjaohlgekodeok]
CHR HKU\S-1-5-21-3302468058-3532962907-145567378-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjmpfdkmpojoeemjmfiddlhkkndcdpno]
CHR HKU\S-1-5-21-3302468058-3532962907-145567378-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [obhdbhpjhfncnelcpknkffpdmpdcjpep]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [bnlfgalbnliphjafcnhjnnnfijekbnod]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi]
CHR HKLM-x32\...\Chrome\Extension: [miockbgloklamfiklogjaohlgekodeok]
CHR HKLM-x32\...\Chrome\Extension: [obhdbhpjhfncnelcpknkffpdmpdcjpep]
BRA DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
BRA DefaultSearchKeyword: Default -> sse
BRA DefaultSuggestURL: Default -> hxxp://secured-search.com/?s={searchTerms}
C:\Users\pinpi\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jgfblpnggnjhmdbidfmoidoglbcbnfoi
YAN Profile: C:\Users\pinpi\AppData\Local\Yandex\YandexBrowser\User Data\Default [2021-11-21]
S3 AppleLowerFilter; \SystemRoot\System32\drivers\AppleLowerFilter.sys [X]
C:\Users\pinpi\AppData\Local\Yandex
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
emptytemp:
end::