Édité le 12 juin 2022
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\Utilisateur\AppData\Local\Programs\RestMinder\RestMinder.exe
virustotal: C:\Users\Utilisateur\AppData\Roaming\Energy\Energy.exe
ShortcutWithArgument: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --google-base-url=hxxps://activesearchbar.me --extensions-on-chrome-urls --disable-features=OutdatedBuildDetector --load-extension=C:\Windows\InternalKernelGrid
ShortcutWithArgument: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --google-base-url=hxxps://activesearchbar.me --extensions-on-chrome-urls --disable-features=OutdatedBuildDetector --load-extension=C:\Windows\InternalKernelGrid
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --google-base-url=hxxps://activesearchbar.me --extensions-on-chrome-urls --disable-features=OutdatedBuildDetector --load-extension=C:\Windows\InternalKernelGrid
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --google-base-url=hxxps://activesearchbar.me --extensions-on-chrome-urls --disable-features=OutdatedBuildDetector --load-extension=C:\Windows\InternalKernelGrid
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk:F208FC6732 [10]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll [2021-04-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-04-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3776495980-4217905384-510319445-1001\...\StartupApproved\Run: => "RestMinder"
FirewallRules: [UDP Query User{7A8A1C1B-E276-4E9A-8BA7-FF5794758BCD}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe (Psyonix, LLC -> Psyonix, LLC)
FirewallRules: [TCP Query User{89664502-59C4-4712-BC46-171A896F46E8}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => Pas de fichier
FirewallRules: [UDP Query User{1F85DCCF-FEF0-4838-ADEB-9BF4C1A01AD2}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => Pas de fichier
FirewallRules: [{95D8F229-C447-43F1-ADD2-43F517381873}] => (Allow) F:\jeux\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe => Pas de fichier
FirewallRules: [{1A323FF5-1A0D-49BB-A7B4-A6AABF45E137}] => (Allow) F:\jeux\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe => Pas de fichier
FirewallRules: [{1D459ADF-22A4-482A-A042-401367395D72}] => (Allow) F:\jeux\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => Pas de fichier
FirewallRules: [{AE4527BF-B657-4FFC-BDAC-A49A93577F5E}] => (Allow) F:\jeux\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => Pas de fichier
FirewallRules: [TCP Query User{8BF580B5-4AD5-4376-9EC0-331D4E1DC0E5}F:\jeux\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) F:\jeux\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe => Pas de fichier
FirewallRules: [UDP Query User{4D7047FA-5C67-4011-A2A2-4FD5A7213B75}F:\jeux\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) F:\jeux\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe => Pas de fichier
FirewallRules: [{8DFA4A00-F891-44EF-ACBE-752E29FDA7BE}] => (Allow) F:\jeux\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe => Pas de fichier
FirewallRules: [{99F67773-86D6-4289-B922-6BD5B1BF5A8F}] => (Allow) F:\jeux\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe => Pas de fichier
FirewallRules: [TCP Query User{86F70AA4-16C6-4581-9866-4301F5C00A63}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe => Pas de fichier
FirewallRules: [UDP Query User{A6A2EB45-992A-4987-81F0-2B9F421508CC}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe => Pas de fichier
HKLM-x32\...\Run: [Genshin Impact_launcher_mihoyo_1_0] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
C:\Program Files (x86)\Common Files\Wondershare
HKU\S-1-5-21-3776495980-4217905384-510319445-1001\...\Run: [RestMinder] => C:\Users\Utilisateur\AppData\Local\Programs\RestMinder\RestMinder.exe [199232 2021-09-06] (Globalhop Ltd -> )
HKU\S-1-5-21-3776495980-4217905384-510319445-1001\...\Run: [Energy] => C:\Users\Utilisateur\AppData\Roaming\Energy\Energy.exe [134337987 2022-06-05] (Energy © All rights reserved) [Fichier non signé] <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {3D6A4DEE-F0B0-4159-B45D-E54A5C05F199} - \Opera scheduled assistant Autoupdate 1650634181 -> Pas de fichier <==== ATTENTION
Task: {4088E26E-DC0E-44B4-A22E-89C0C94F2069} - System32\Tasks\MicrosoftPrintWorkflowService => powershell -File C:/Windows/System32/PrintWorkflowService.ps1
Task: {9610A81B-61B3-4D23-9002-1A698C2908AA} - System32\Tasks\MicrosoftPrintWorkflowService_2 => powershell -File C:/Windows/System32/PrintWorkflowService.ps1
Task: {B2BC8754-724A-4023-A40B-C017ADB4D198} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (Pas de fichier)
Task: {B327D4B2-7EB0-454A-8494-CDDA5AE36058} - System32\Tasks\Opera scheduled Autoupdate 1650634177 => C:\Users\Utilisateur\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {CB962E54-F1F8-4AE3-9E1B-AA86FD2019FE} - \Opera scheduled assistant Autoupdate 1651907366 -> Pas de fichier <==== ATTENTION
Edge DefaultSearchURL: Default -> hxxps://customsearchbar.me/search?q={searchTerms}&s=rg_om&u=%USERID%
Edge DefaultSearchKeyword: Default -> csb
C:\Users\Utilisateur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip
C:\Users\Utilisateur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle
C:\Users\Utilisateur\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hbkoplpognibijnebmppjnjhmpigoiae
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-04-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-04-06] (Oracle America, Inc. -> Oracle Corporation)
CHR DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/search?fr=mcafee&type=E210FR91082G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://fr.search.yahoo.com/sugg/gossip/gossip-fr-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfifgicgnnnndegadinadhhaibchccn
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkofdnfadkamabkgjdjcddeopopbdjhg
CHR Extension: (Google Updater) - C:\Windows\InternalKernelGrid [2022-05-12]
C:\Windows\InternalKernelGrid
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
emptytemp:
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.