start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\benji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe
virustotal: C:\Users\benji\AppData\Roaming\Google\Chrome\updater.exe
CustomCLSID: HKU\S-1-5-21-3709534566-928781621-1925552722-1001_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8E}\localserver32 -> "C:\Program Files\Druide\Connectix 11\Application\Bin64\AgentConnectix.exe" -activex => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3709534566-928781621-1925552722-1001_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8F}\localserver32 -> "C:\Program Files\Druide\Connectix 11\Application\Bin64\AgentConnectix.exe" -activex => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3709534566-928781621-1925552722-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\benji\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => Pas de fichier
AlternateDataStreams: C:\SYSTEM.SAV:err [1732]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
HKU\S-1-5-21-3709534566-928781621-1925552722-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10118__210606__yaie
SearchScopes: HKU\S-1-5-21-3709534566-928781621-1925552722-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3709534566-928781621-1925552722-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-3709534566-928781621-1925552722-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-3709534566-928781621-1925552722-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-06-06] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
C:\Program Files (x86)\Lavasoft
HKU\S-1-5-21-3709534566-928781621-1925552722-1001\...\MountPoints2: {6ccc86f7-7e9b-11eb-81ab-a87eea931c59} - "F:\setup.EXE" /AUTORUN
HKU\S-1-5-21-3709534566-928781621-1925552722-1001\...\MountPoints2: {6ccc8737-7e9b-11eb-81ab-a87eea931c59} - "F:\Autorun.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {75669A10-7F8F-44B6-911E-6AA265CEE0F8} - System32\Tasks\GoogleUpdateTaskMachineQC => C:\Users\benji\AppData\Roaming\Google\Chrome\updater.exe <==== ATTENTION
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
FF NewTab: Mozilla\Firefox\Profiles\snmpzmih.default-release -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=IC150206&iDate=2021-06-06 03:26:33&bName=
FF Extension: (System Manager) - C:\Users\benji\AppData\Roaming\Mozilla\Firefox\Profiles\snmpzmih.default-release\Extensions\sysmngr@final2.xpi [2022-06-28] [UpdateUrl:hxxps://sysmngr.finalapplications-own.com/data.json]
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
S3 R0RazerSynapseService; \??\C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.sys [X]
cmd: netsh advfirewall reset
cmd: sfc /scannow
emptytemp:
end::