Édité le 28 novembre 2021
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\aimed\AppData\Roaming\WinHost\WinHoster.exe
virustotal: C:\Users\aimed\AppData\Local\Temp\soul3ss_crypted.\soul3ss_crypted.exe
virustotal: C:\Users\aimed\AppData\Local\Temp\7021_1637144508_486.\7021_1637144508_486.exe
virustotal: C:\ProgramData\7717_1637233029_1855.\7717_1637233029_1855.exe
virustotal: C:\Users\aimed\AppData\Local\Temp\\exe
virustotal: C:\Users\aimed\AppData\Roaming\ChromeUpdater_Master.exe
virustotal: C:\Users\aimed\AppData\Local\Temp\2303a34fa8\\tkools.exe
HKU\S-1-5-19\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [525312 2021-08-27] (HP Inc.) [Fichier non signé]
HKU\S-1-5-20\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [525312 2021-08-27] (HP Inc.) [Fichier non signé]
HKU\S-1-5-21-2474206755-3517563821-3847814785-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [525312 2021-08-27] (HP Inc.) [Fichier non signé]
HKU\S-1-5-21-2474206755-3517563821-3847814785-1001\...\Run: [WinHost] => C:\Users\aimed\AppData\Roaming\WinHost\WinHoster.exe (Pas de fichier)
HKU\S-1-5-21-2474206755-3517563821-3847814785-1001\...\Run: [soul3ss_crypted.exe] => C:\Users\aimed\AppData\Local\Temp\soul3ss_crypted.\soul3ss_crypted.exe [4404736 2021-11-15] (GitHub, Inc.) [Fichier non signé]
HKU\S-1-5-21-2474206755-3517563821-3847814785-1001\...\Run: [services32] => C:\Users\aimed\services32.exe [2049044 2021-11-15] (VideoLAN) [Fichier non signé]
HKU\S-1-5-21-2474206755-3517563821-3847814785-1001\...\Run: [7021_1637144508_486.exe] => C:\Users\aimed\AppData\Local\Temp\7021_1637144508_486.\7021_1637144508_486.exe (Pas de fichier)
HKU\S-1-5-21-2474206755-3517563821-3847814785-1001\...\Run: [7717_1637233029_1855.exe] => C:\ProgramData\7717_1637233029_1855.\7717_1637233029_1855.exe [1551360 2021-11-18] (VMware, Inc.) [Fichier non signé]
HKU\S-1-5-21-2474206755-3517563821-3847814785-1001\...\Run: [\exe] => C:\Users\aimed\AppData\Local\Temp\\exe [3581440 2021-11-20] (NVIDIA Corporation) [Fichier non signé]
HKU\S-1-5-21-2474206755-3517563821-3847814785-1001\...\Run: [ChromeUpdater_Master] => C:\Users\aimed\AppData\Roaming\ChromeUpdater_Master.exe [11776 2021-11-26] () [Fichier non signé]
C:\Users\aimed\AppData\Roaming\WinHost
C:\Users\aimed\AppData\Local\Temp\soul3ss_crypted.
C:\Users\aimed\AppData\Local\Temp\7021_1637144508_486.
C:\ProgramData\7717_1637233029_1855.
C:\Users\aimed\AppData\Local\Temp\\exe
C:\Users\aimed\AppData\Local\Temp\2303a34fa8
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-11-09] (McAfee, LLC -> McAfee, LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\aimed\AppData\Local\Temp\2303a34fa8\\tkools.exe [2021-11-15] (AVAST Software s.r.o. -> NVIDIA Corporation) [Fichier non signé]
Task: {53D5B281-0128-4EB4-A33D-59B572622E93} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {80120A0B-4CB0-4E0E-8002-B90AF786721F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {84558AD8-26C8-4FEC-B3E4-492BB201E89B} - System32\Tasks\tkools.exe => C:\Users\aimed\AppData\Local\Temp\2303a34fa8\tkools.exe [4515632 2021-11-15] (AVAST Software s.r.o. -> NVIDIA Corporation) [Fichier non signé]
Task: {9A3137E1-A5F0-4F96-98E2-933AD910AE03} - System32\Tasks\Firefox Default Browser Agent 6849DC71FF94647A => C:\Users\aimed\AppData\Roaming\dararwv [224256 2021-11-10] () [Fichier non signé] [Fichier en cours d'utilisation]
Task: {AB0A1701-B442-451A-A4EE-22112FE23558} - System32\Tasks\MicrosoftDriver => C:\Users\aimed\AppData\Local./cache./driver.exe (Pas de fichier)
Task: {BD4DB6A1-39EC-4C1B-AA9B-142944F72BEF} - System32\Tasks\services => C:\Users\aimed\AppData\Local\Temp\Microsoft\services.exe [7043584 2021-11-26] (Google Chrome) [Fichier non signé]
Task: {C847D713-538A-42C9-86BB-0A5592E244D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\msdewall => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /nologo /u /silent C:\ProgramData\RacingHtml\SodeUnffied\KBDIBsoft_wdifg.dll
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Pas de fichier)
Task: {E04DCA15-A9B2-4113-BB09-A0F03D121A41} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.6.110\DADUpdater.exe [4119992 2021-10-07] (McAfee, LLC -> McAfee, LLC)
S2 AppServicea; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServiceb; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicec; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServiced; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicee; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicef; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServiceg; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServiceh; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicei; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicej; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicek; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicel; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicem; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicen; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServiceo; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicep; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServiceq; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicer; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServices; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicet; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServiceu; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicev; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicew; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicex; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServicey; C:\WINDOWS\system32\3TVPG2T0HK.tmp [6144 2021-11-27] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2021-11-28 22:31 - 2021-11-28 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-11-26 13:22 - 2021-11-26 13:22 - 000000000 ____D C:\ProgramData\RE0F9XRPGJFR1JLH98RD31VU7
2021-11-26 12:53 - 2021-11-26 12:53 - 000004550 _____ C:\Users\aimed\AppData\LocalLow\NfRYtSGL2ga.zip
2021-11-26 12:32 - 2021-11-26 12:32 - 000003340 _____ C:\WINDOWS\system32\Tasks\services
2021-11-26 11:49 - 2021-11-27 10:18 - 000000000 ____D C:\Users\aimed\AppData\Roaming\UniversalSoftware
2021-11-26 11:49 - 2021-11-26 11:52 - 000000000 ___HD C:\Users\aimed\AppData\Local\cache
2021-11-26 11:49 - 2021-11-26 11:49 - 000097792 _____ C:\Users\aimed\AppData\Roaming\Kdjsdjs.exe
2021-11-26 11:49 - 2021-11-26 11:49 - 000083968 _____ C:\Users\aimed\AppData\Roaming\Kene.exe
2021-11-26 11:49 - 2021-11-26 11:49 - 000011776 _____ () C:\Users\aimed\AppData\Roaming\ChromeUpdater_Master.exe
2021-11-26 11:49 - 2021-11-26 11:49 - 000003588 _____ C:\WINDOWS\system32\Tasks\MicrosoftDriver
2021-11-18 15:01 - 2021-11-18 15:01 - 000000000 ____D C:\ProgramData\7717_1637233029_1855
2021-11-17 19:00 - 2021-11-27 10:18 - 000000000 ____D C:\Users\aimed\AppData\LocalLow\qO7qM6fA3
2021-11-16 14:17 - 2021-11-23 18:36 - 000000000 ___HD C:\ProgramData\Wjlbvj
2021-11-16 13:08 - 2021-11-27 22:38 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\3TVPG2T0HK.tmp
2021-11-15 23:42 - 2021-11-15 23:42 - 002049044 _____ (VideoLAN) C:\Users\aimed\services32.exe
2021-11-15 23:32 - 2021-11-15 23:32 - 004448808 _____ C:\Users\aimed\AppData\Roaming\542257.exe
2021-11-15 23:32 - 2021-11-15 23:32 - 003434496 _____ (HP) C:\Users\aimed\AppData\Roaming\6765162.exe
2021-11-15 23:32 - 2021-11-15 23:32 - 001229012 _____ C:\Users\aimed\AppData\Roaming\8383620.exe
2021-11-15 23:32 - 2021-11-15 23:32 - 000211968 _____ (gsefewefwe) C:\Users\aimed\AppData\Roaming\8285210.exe
2021-11-15 23:32 - 2021-11-15 23:32 - 000059904 _____ (ajwfdaidwa) C:\Users\aimed\AppData\Roaming\8814401.exe
2021-11-15 23:29 - 2021-11-28 22:24 - 000003728 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent 6849DC71FF94647A
2021-11-15 23:27 - 2021-11-16 15:01 - 000000000 ___HD C:\Users\aimed\AppData\Roaming\WinHost
2021-11-15 23:27 - 2021-11-15 23:29 - 000000000 ____D C:\Users\aimed\AppData\Roaming\Calculator
2021-11-15 23:27 - 2021-11-15 23:27 - 000213504 _____ (gsefewefwe) C:\Users\aimed\AppData\Roaming\2683547.exe
2021-11-15 23:27 - 2021-11-15 23:27 - 000068608 _____ (Derefner) C:\Users\aimed\AppData\Roaming\585702.exe
2021-11-15 23:26 - 2021-11-15 23:26 - 000000000 ____D C:\Users\aimed\AppData\Local\Yandex
2021-11-15 23:13 - 2021-11-15 23:30 - 000000000 ____D C:\Program Files (x86)\FarLabUninstaller
2021-11-15 23:12 - 2021-11-28 22:24 - 000003594 _____ C:\WINDOWS\system32\Tasks\tkools.exe
CustomCLSID: HKU\S-1-5-21-2474206755-3517563821-3847814785-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="warm"
EndRegedit:
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-10-06] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-10-06] (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{FCA5EEB6-B89E-44F2-A0CB-32241EA94659}] => (Allow) C:\Users\aimed\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier
FirewallRules: [{1131CA1A-FDE8-4007-A698-24129E7B59E6}] => (Allow) C:\Users\aimed\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier
FirewallRules: [{8C098E04-1720-492F-ADB3-9AA3465E721A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Pas de fichier
FirewallRules: [{88E12FBD-74ED-42FF-89BB-2CBF84BFB258}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Pas de fichier
FirewallRules: [{AAA4712D-6123-421C-81C6-AEC81643AB5D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => Pas de fichier
FirewallRules: [{A6AEF72F-095A-44EC-9C90-4DB416612B16}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{1FB23CE3-18BB-45B7-89FA-70F0FD55BADB}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
emptytemp:
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.