Édité le 2 mars 2023
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
HKLM\...\Run: [Turan] => C:\Program Files (x86)\Fireboat\Veneto.exe [313344 2023-02-27] () [Fichier non signé]
HKLM\...\Run: [Usn] => C:\Program Files (x86)\nally\Limed.exe [313344 2023-02-27] () [Fichier non signé]
HKLM\...\Run: [Licencing] => C:\Program Files (x86)\High\Veneto.exe [313344 2023-02-27] () [Fichier non signé]
HKLM\...\Run: [LicencingLicencing] => "C:\Program Files (x86)\Fireboat\authenticator.exe" (Pas de fichier)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Treacle] => C:\Program Files (x86)\Fireboat\Veneto.exe [313344 2023-02-27] () [Fichier non signé]
HKLM-x32\...\Run: [Clapboards] => C:\Program Files (x86)\nally\Limed.exe [313344 2023-02-27] () [Fichier non signé]
HKLM-x32\...\Run: [Nell] => C:\Program Files (x86)\High\Veneto.exe [313344 2023-02-27] () [Fichier non signé]
HKLM-x32\...\Run: [NellNell] => "C:\Program Files (x86)\Fireboat\authenticator.exe" (Pas de fichier)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-217975001-3368933376-1853988462-1001\...\Run: [utweb] => "C:\Users\basti\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (Pas de fichier)
HKU\S-1-5-21-217975001-3368933376-1853988462-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (Pas de fichier)
HKU\S-1-5-21-217975001-3368933376-1853988462-1001\...\Run: [Chiquita] => C:\Program Files (x86)\Fireboat\Veneto.exe [313344 2023-02-27] () [Fichier non signé]
HKU\S-1-5-21-217975001-3368933376-1853988462-1001\...\Run: [Plantin] => C:\Program Files (x86)\nally\Limed.exe [313344 2023-02-27] () [Fichier non signé]
HKU\S-1-5-21-217975001-3368933376-1853988462-1001\...\Run: [Hastings] => C:\Program Files (x86)\High\Veneto.exe [313344 2023-02-27] () [Fichier non signé]
HKU\S-1-5-21-217975001-3368933376-1853988462-1001\...\Run: [Portmanteau] => C:\Program Files (x86)\Fireboat\Veneto.exe [313344 2023-02-27] () [Fichier non signé]
HKU\S-1-5-21-217975001-3368933376-1853988462-1001\...\Run: [Exch] => C:\Program Files (x86)\nally\Limed.exe [313344 2023-02-27] () [Fichier non signé]
HKU\S-1-5-21-217975001-3368933376-1853988462-1001\...\Run: [Peeping] => C:\Program Files (x86)\High\Veneto.exe [313344 2023-02-27] () [Fichier non signé]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arts.lnk [2023-02-27]
ShortcutTarget: arts.lnk -> C:\Program Files (x86)\Fireboat\Veneto.exe () [Fichier non signé]
Startup: C:\Users\basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\artsarts.lnk [2023-02-27]
ShortcutTarget: artsarts.lnk -> C:\Program Files (x86)\nally\Limed.exe () [Fichier non signé]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
deletevalue: HKU\S-1-5-21-217975001-3368933376-1853988462-1001\SOFTWARE\Microsoft\Windows Security Health\State|AppAndBrowser_StoreAppsSmartScreenOff
deletevalue: HKU\S-1-5-21-217975001-3368933376-1853988462-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost|EnableWebContentEvaluation
HKU\S-1-5-21-217975001-3368933376-1853988462-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
C:\Program Files (x86)\Fireboat
C:\Program Files (x86)\nally
C:\Program Files (x86)\High
Task: {219E09FF-E437-46AA-803B-B12C5601928E} - System32\Tasks\mm1gsb\8hg5j5\qyh98f\efujth\j3kct4\uteqzz\zf8al0\5d3uka\wlk8y9\chly0w\c1cupu\erm4gn\egoa4v\fgmfbf\psc7t2\7lnvqs\agd869 => C:\Users\basti\AppData\Local\swell.exe [46180 2023-02-27] () [Fichier non signé] <==== ATTENTION
C:\Users\basti\AppData\Local\swell.exe
Task: {4EEDEFDE-1986-403C-B513-F68826170F94} - System32\Tasks\ghkdc9\nakhso\82nops\gz7uy0\fnfitb\6y9h6o\7xd1az\1x4vtl\q7981g\emift3\w4agpq\eb0k6h\uw8kst\n444vl\jz3y3y\j89tj2\xwym1w => C:\Program Files (x86)\nally\Limed.exe [313344 2023-02-27] () [Fichier non signé] <==== ATTENTION
Task: {66149CF5-5E31-4D8C-85FF-53A64C87480D} - System32\Tasks\9q8q30\t6wfja\jvcfmh\uadojg\hf6cch\b2g06o\t2hnfr\cgaqfe\5vxbl6\12orqw\9itdhj\p086ar\l19mf0\zoorcy\oyo42b\bz5x30\h47jpd => C:\Program Files (x86)\Fireboat\yachtsmen.exe [37651 2023-02-27] () [Fichier non signé] <==== ATTENTION
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe (Pas de fichier)
Task: {7E9F9A72-E7CF-44D3-8042-A437401545DF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Pas de fichier)
Task: {7F14C572-4520-4457-B248-4077D4F82ADA} - System32\Tasks\c9s6he\v8nlq4\nwla0o\ov3k2x\nnt1ye\trmk07\010kax\79pi96\rfn4tb\ozjx29\nkkrxy\fo93w2\z1ptsz\81yb9a\det1j7\gdrdb5\dq992l => C:\Program Files (x86)\High\Veneto.exe [313344 2023-02-27] () [Fichier non signé] <==== ATTENTION
Task: {96F9FD68-7844-4FB4-AF9C-C9FB6DCEF79D} - System32\Tasks\6favkf\bcpb5f\6eartc\s2r2lj\lfxu6e\7rzq3b\2xrpyi\og1c4s\hf81tj\1445gg\7va4ck\uw6zhz\3wm9xx\ne8fn7\z77vlg\0tndto\epyjrh => C:\Program Files (x86)\Fireboat\Veneto.exe [313344 2023-02-27] () [Fichier non signé] <==== ATTENTION
Task: {A8D5D25F-E50E-4E35-A7AE-0FA7A5E23A53} - System32\Tasks\6vd19y\6t3pvn\idjfhi\oq822e\bnx98b\od1m1n\mpgsva\h5207y\g3i3jb\zzytgq\b79uux\9spk4i\5r5rsh\j5c0q5\53u2cq\n3yqhd\76m3qm => C:\Program Files (x86)\High\Limed.exe [313344 2023-02-27] () [Fichier non signé] <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Pas de fichier)
Task: {CE51C979-58A1-4045-8AA5-DB06E8818A18} - System32\Tasks\b8wyq1\nda5qy\ebkhp2\x67y13\8g5wfw\m1mxo3\dpi9gz\uol4ml\dqhlrg\1sadca\oodurh\kcl6zn\ouq0wy\gvbbkr\m8s91f\oapxj4\qgdulw => C:\Program Files (x86)\Jumble\fought.exe [63712 2023-02-27] () [Fichier non signé] <==== ATTENTION
C:\Program Files (x86)\Jumble
Task: {DD0B0513-6081-439C-97E1-F2CE04EDF756} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Pas de fichier)
Task: {DFAAA16F-EFA3-475E-AB10-ACAF67AA3BE1} - System32\Tasks\DriverFix => C:\Program Files (x86)\DriverFix\DriverFix.exe -auto (Pas de fichier) <==== ATTENTION
C:\Program Files (x86)\DriverFix
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Pas de fichier)
Task: {EEF78347-C305-405D-A0EA-104AEDDA8C96} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => C:\WINDOWS\system32\MusNotification.exe Display (Pas de fichier)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\Users\basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
S3 WinRing0_1_2_0; \??\C:\Users\basti\AppData\Local\Temp\tmpF030.tmp [X] <==== ATTENTION
2023-02-27 23:43 - 2023-02-28 00:08 - 000000000 ____D C:\Program Files (x86)\martell
2023-02-27 23:43 - 2023-02-27 23:45 - 000000000 ____D C:\Program Files (x86)\Fireboat
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ___HD C:\Program Files (x86)\misapprehensions
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ___HD C:\Program Files (x86)\High
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\utgwzw
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\pv8vwt
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\n5d9dc
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\mm1gsb
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\hul6e6
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\ghkdc9
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\c9s6he
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\b8wyq1
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\9q8q30
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\8y47w1
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\6vd19y
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\6favkf
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\3ijgy2
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\Program Files (x86)\nally
2023-02-27 23:43 - 2023-02-27 23:43 - 000000000 ____D C:\Program Files (x86)\Jumble
2023-02-27 23:42 - 2023-02-27 23:43 - 000000000 ____D C:\Program Files (x86)\Valhalla DSP Valhalla VintageVerb v300 VST VST3 AAX x64
2023-02-27 23:42 - 2023-02-27 23:42 - 000367096 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2023-02-27 16:15 - 2023-02-27 16:15 - 000046180 _____ C:\WINDOWS\swell.exe
2023-02-27 16:15 - 2023-02-27 16:15 - 000046180 _____ C:\Users\basti\AppData\Local\swell.exe
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-217975001-3368933376-1853988462-1001\...\webcompanion.com -> hxxp://webcompanion.com
cmd: netsh advfirewall reset
emptytemp:
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.