start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\julie\AppData\Roaming\LNdbzwI3\ctfmon.exe
ShellIconOverlayIdentifiers: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\julie\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\julie\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\julie\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\julie\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\julie\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\julie\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\julie\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
AlternateDataStreams: C:\Users\julie\Application Data:a71eda622791298bf432424e2ed8fdad [394]
AlternateDataStreams: C:\Users\julie\AppData\Roaming:a71eda622791298bf432424e2ed8fdad [394]
AlternateDataStreams: C:\Users\julie\AppData\Local\Temp:$DATA​ [16] FirewallRules: [{16ACE859-6368-463B-B822-9D36EE12B829}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Pas de fichier
FirewallRules: [{3DDB5D3F-23E1-4516-81D9-6414AEDAE945}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Pas de fichier
FirewallRules: [{A04BFB1A-8A1B-49A7-AFFD-D7B16F34E14E}] => (Allow) powershell.exe => Pas de fichier
FirewallRules: [{DE436C0E-0F96-44B4-861D-9FFAFA6A8854}] => (Allow) powershell.exe => Pas de fichier
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKU\S-1-5-21-168270322-2318838662-4278378044-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-168270322-2318838662-4278378044-1001\...\Run: [ctfmon_] => C:\Users\julie\AppData\Roaming\LNdbzwI3\ctfmon.exe [112176 2020-05-06] (NetSupport Ltd -> NetSupport Ltd) <==== ATTENTION
HKU\S-1-5-21-168270322-2318838662-4278378044-1001\...\MountPoints2: {30b62416-7679-11eb-89ce-2cf05dcfe3a0} - "F:\setup.exe"
HKU\S-1-5-21-168270322-2318838662-4278378044-1001\...\MountPoints2: {312d33b0-f900-11eb-8a62-2cf05dcfe3a0} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-168270322-2318838662-4278378044-1001\...\MountPoints2: {c31a0db6-7502-11ec-8ae9-6245b4fe5423} - "H:\OriginSetup.exe"
C:\Users\julie\AppData\Roaming\LNdbzwI3
Task: {83F6E9CB-28AC-49A1-B0FB-CB421DDFD14B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-168270322-2318838662-4278378044-500 => C:\Users\julie\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Pas de fichier)
Task: {8DCE2077-3A09-4F18-9CC6-6DB4290835C7} - System32\Tasks\jid73ehw80rs => wscript slmgr.vbs C:\Windows\system32\tbf0ksmn3da5.ps1
C:\Windows\system32\tbf0ksmn3da5.ps1
Task: {A84FF183-82BB-4290-A594-98507BD8FE3D} - System32\Tasks\lvosawqcmr7k => schtasks [Argument = /run /tn jid73ehw80rs]
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [S-1-5-21-168270322-2318838662-4278378044-1001] => Proxy est activé.
ProxyServer: [S-1-5-21-168270322-2318838662-4278378044-1001] => http=localhost:8168;https=localhost:8168
ManualProxies: 1http=localhost:8168;https=localhost:8168
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
S2 AMDRyzenMasterDriverV17; \??\C:\Program Files\AMD\CNext\CNext\AMDRyzenMasterDriver.sys [X]
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
2022-01-20 18:33 - 2022-01-20 18:33 - 000000492 _____ () C:\Users\julie\AppData\Roaming\56a4ci01znvderykgj98hufptlswb2oq.vbs
2022-01-20 18:34 - 2022-01-20 18:34 - 000000492 _____ () C:\Users\julie\AppData\Roaming\da0mcejgyi1zwpf4rk6t87qx9nuvoh2s.vbs
2022-01-20 18:33 - 2022-01-20 18:34 - 000000459 _____ () C:\Users\julie\AppData\Roaming\drvsetup.txt
2021-01-24 11:32 - 2021-01-24 11:32 - 000007605 _____ () C:\Users\julie\AppData\Local\Resmon.ResmonCfg
2022-01-20 18:35 - 2022-01-20 18:35 - 000002528 _____ () C:\Users\julie\AppData\Local\rootCert.pfx
removeproxy:
emptytemp:
end::