Édité le 15 août 2022
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\Trev\AppData\Roaming\Bloom\Bloom.exe
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
HKU\S-1-5-21-4249077115-3693650588-2046397932-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_18_09&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDzz0DyD0CyE0Dzy0ByE0CtAzzyB0EtN0D0Tzu0StBtByDtCtN1L2XzuyEtFtBtCtFtDtFtCtBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0B0BtDtA0FtDyDtGtB0AyCyBtG0DtD0A0CtGtB0AtDzztG0A0F0ByDyByCyBtCtDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QtA1Qzz1PtCzyyDtGzz1TzzzytGyEzz1O1StG1StAzztAtG1QyEtAyE1SyBzzyC1PyEtB1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCtCtAyDtN1Q2Z1B1P1RzutCyDtCzyzytAtAyDtDzz%26cr%3D1963432514%26a%3Dwbf_fs_18_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [333224 2022-07-22] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mba.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {593A1811-E58B-4EDF-91A4-BA48B02C9E98} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (Pas de fichier)
C:\Program Files\Common Files\AV\avast! Antivirus
Task: {9909F95B-3D26-49DF-BDC7-9D788B7E1F8D} - \GU5SkipUAC -> Pas de fichier <==== ATTENTION
Task: {B7CD765A-1941-4CA2-AAE3-789F5FE9A2DB} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [32837648 2022-07-27] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
Task: {C314CFF1-0EC6-4C90-9DD1-A6432F4C43C9} - System32\Tasks\chrome tab => cmd /c powershell -WindowStyle Hidden -E "CgAKAAoAJABqAGQAIAA9ACAAJABuAHUAbABsADsACgAKACQAZQBuAGMAUwB0AHIAQQBzAGMAPQBbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkAOwAKACQAagBwAD0AJABuAHUAbABsADsACgAKAAoAZgB1AG4AYwB0AGkAbwBuACAAZwBlAHQAVgBhAGwAdQBlAE4AZQB3ACgAWwBzAHQAcgBpAG (l'élément de données a 4955 caractères en plus). <==== ATTENTION
Task: {D503EAD2-7AD3-4EE3-B421-447F242DF697} - \chrome cast -> Pas de fichier <==== ATTENTION
Task: {F6253AB8-8578-436F-AD0F-602843B715ED} - System32\Tasks\unityplayeer => c:\users\trev\appdata\roaming\unityplayeer.exe (Pas de fichier) <==== ATTENTION
Task: {F8B6960E-0535-4287-831E-E934EB08AA35} - System32\Tasks\{05495A62-E68C-45C8-A480-174A873A5D0A} => C:\Windows\system32\pcalua.exe -a "D:\Firewatch [Update14]\Setup.exe" -d "D:\Firewatch [Update14]"
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
C:\Users\Trev\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
C:\Users\Trev\AppData\Local\chrome_tools
CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM\...\Chrome\Extension: [pfngopommdknnpihdofckgpeddipoeai]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-4249077115-3693650588-2046397932-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic]
CHR HKU\S-1-5-21-4249077115-3693650588-2046397932-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-4249077115-3693650588-2046397932-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM-x32\...\Chrome\Extension: [pfngopommdknnpihdofckgpeddipoeai]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
BRA DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
BRA DefaultSearchKeyword: Default -> sse
BRA DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
C:\Users\Trev\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
C:\Users\Trev\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic
C:\Users\Trev\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce
C:\Users\Trev\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej
S3 BraveElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\104.1.42.88\elevation_service.exe" [X]
S4 CloudflareWARP; "C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe" [X]
S3 PSI_SVC_2_x64; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [X]
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
S3 OCULUSVRHEADSET; \SystemRoot\System32\drivers\OCULUS119B.sys [X]
S3 OCUSBVID; \SystemRoot\System32\drivers\ocusbvid111.sys [X]
2022-07-11 20:14 - 2022-07-11 20:14 - 000013984 _____ C:\WINDOWS\system32\Tasks\chrome tab
cmd: cscript %windir%\System32\slmgr.vbs /dli
hosts:
cmd: netsh advfirewall reset
emptytemp:
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.