start:: CreateRestorePoint: CloseProcesses:...

Édité le 16 juin 2022
Télécharger | Reposter | Largeur fixe

start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
GroupPolicy: Restriction ?
Policies: C:\ProgramData\NTUSER.pol: Restriction
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\59.0.3.0\GoogleDriveFS.exe
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\Run: [uTorrent] => C:\Users\salhi1\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\salhi1\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (Pas de fichier)
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\salhi1\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Pas de fichier)
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\RunOnce: [Uninstall 22.099.0508.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salhi1\AppData\Local\Microsoft\OneDrive\22.099.0508.0001" (Pas de fichier)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\salhi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winexe.exe
Startup: C:\Users\salhi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winfiles
Task: {2B9197F1-D6E5-4076-B62D-B7B8762DA6D1} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Pas de fichier)
Task: {403648BD-0EAC-4CB9-99A2-BD7DCE827AF6} - System32\Tasks\Go to RoboForm Install page => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html
Task: {425DEBD1-6176-44AE-BE88-66E2C6A5DE2F} - System32\Tasks\Opera scheduled Autoupdate 1617648718 => C:\Users\salhi1\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {FD62DDCF-D573-44EE-94D8-AAC8753831AF} - System32\Tasks\Opera scheduled assistant Autoupdate 1617648728 => C:\Users\salhi1\AppData\Local\Programs\Opera\launcher.exe ->
CHR HKU\S-1-5-21-1280661116-970770358-385692439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2022-06-09 11:07 - 2022-06-15 22:50 - 000000000 ___HD C:\avast! sandbox
2022-06-09 11:07 - 2022-06-09 11:07 - 000000000 ____D C:\ProgramData\Oracle
2022-06-07 13:58 - 2022-06-07 13:58 - 000269136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-06-07 13:58 - 2022-06-07 13:58 - 000218608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswb02fcf37ccab8131.tmp
2022-06-05 19:01 - 2022-06-05 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2022-06-16 18:47 - 2020-12-26 17:52 - 000000000 ____D C:\ProgramData\Avast Software
2022-06-16 17:56 - 2020-12-26 17:29 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2022-06-15 11:52 - 2022-01-27 21:04 - 000003862 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1617648728
2022-06-15 11:52 - 2022-01-27 21:04 - 000003632 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1617648718
2022-06-07 13:58 - 2020-12-26 17:54 - 000857488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe9224a7175524baf.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000662160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw766934fdc2105749.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000548968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw394e5a5e940d5a5d.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000382608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6fe9a11cf357a761.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000321928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw414b0be2b9e580c2.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000271600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8c41b817ea3254c6.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000255136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2781acaa61040f15.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000232648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw908f205db57613d6.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000111056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw40c2869a3ab44eac.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000102048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2b8ed241bf73b553.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000086120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw57e7ebe841819517.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000045072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe9ade78d0ce4c3fa.tmp
2022-06-07 13:58 - 2020-12-26 17:54 - 000038912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1e06d79be20dcf3e.tmp
2022-06-06 11:01 - 2021-04-16 18:17 - 000000000 ____D C:\Program Files (x86)\Windscribe
2022-06-05 19:01 - 2021-04-16 18:17 - 000035752 _____ C:\WINDOWS\system32\Drivers\WindscribeSplitTunnel.sys
2022-06-05 19:01 - 2021-04-16 18:17 - 000001140 _____ C:\Users\Public\Desktop\Windscribe.lnk
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\webcompanion.com -> hxxp://webcompanion.com
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL
HKLM\...\StartupApproved\Run32: => "zenvpn"
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\StartupApproved\Run: => "ZenMate"
EmptyTemp:
cmd: netsh advfirewall reset
cmd: ipconfig /flushdns
cmd: netsh winsock reset
end::