start::
closeprocesses:
createrestorepoint:
virustotal: C:\WINDOWS\system32\eQgfe8CP.exe
2022-11-12 17:44 - 2019-05-13 19:55 - 000000000 ____D C:\Users\benji\AppData\Local\AVAST Software
2022-11-12 17:44 - 2019-05-13 19:53 - 000000000 ____D C:\ProgramData\AVAST Software
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
AlternateDataStreams: C:\AMD:err [1638]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\benji\Desktop\a.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\benji\Desktop\a.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\benji\Desktop\b.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\benji\Desktop\b.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\benji\Desktop\cess.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\benji\Desktop\cess.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]
DefaultPrefix-x32: => <==== ATTENTION
Prefixes-x32: [home]=> <==== ATTENTION
Prefixes-x32: [www]=> <==== ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-07-07] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3252580798-3812781471-3762038546-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_7B01837EF606D3C61B5E764BB78C705E"
HKU\S-1-5-21-3252580798-3812781471-3762038546-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-3252580798-3812781471-3762038546-1001\...\Run: [utweb] => C:\Users\benji\AppData\Roaming\uTorrent Web\utweb.exe [5327576 2019-07-30] (Jenkins Win Client Build SPC -> BitTorrent Inc.) [Fichier non signé] HKU\S-1-5-21-3252580798-3812781471-3762038546-1001\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [11066440 2022-09-20] (Surfshark B.V. -> Surfshark)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {87FF23DF-FF31-4629-BCAC-07A2E55ADA18} - System32\Tasks\fcktplink => ping [Argument = -t 192.168.0.1]
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
CHR HKU\S-1-5-21-3252580798-3812781471-3762038546-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
2022-10-25 12:55 - 2022-10-25 12:55 - 006553088 _____ C:\WINDOWS\system32\eQgfe8CP.exe
2022-10-25 11:48 - 2022-10-25 11:48 - 006553088 _____ C:\WINDOWS\system32\aRAnvnTk.exe
2022-10-25 10:48 - 2022-10-25 10:48 - 006553088 _____ C:\WINDOWS\system32\ZxliRMZ6.exe
cmd: netsh advfirewall reset
emptytemp:
end::