start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\ADMINI~1\AppData\Local\Temp\File.exe
ShellIconOverlayIdentifiers: [    OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [    OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [    OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Pas de fichier
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Pas de fichier
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> Pas de fichier
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> Pas de fichier
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> Pas de fichier
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> Pas de fichier
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\WINDOWS\system32\get-netadapter:select [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:0B3EF173 [121]
AlternateDataStreams: C:\ProgramData\TEMP:22446EB0 [286]
AlternateDataStreams: C:\Users\jerome\Local Settings:15-03-2021 [67032]
AlternateDataStreams: C:\Users\jerome\AppData\Local:15-03-2021 [67032]
AlternateDataStreams: C:\Users\jerome\AppData\Local\Application Data:15-03-2021 [67032]
URLSearchHook: [S-1-5-80-2284675797-2968726479-137618450-525912734-1593045772] ATTENTION => URLSearchHook par défaut est absent
SearchScopes: HKU\S-1-5-21-835827082-1591139184-2353512274-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-835827082-1591139184-2353512274-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-835827082-1591139184-2353512274-1001\...\StartupApproved\Run: => "Web Companion"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
C:\Users\ADMINI~1\AppData\Local\Temp\File.exe
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (Pas de fichier)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Pas de fichier)
C:\Program Files (x86)\Common Files\Wondershare
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {31EA3DE0-57FD-4A6D-BE57-561A4DF1A6F0} - System32\Tasks\Microsoft\Windows\Time Synchronization\ViewUtcTime => C:\Users\Administrator\AppData\Roaming\\utctimer\\utc.exe -st -tu 8 (Pas de fichier)
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {A184AB32-059C-4F5A-B6A9-8243F6E5154D} - System32\Tasks\Services\Diagnostic => C:\Users\jerome\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe [1013928 2018-03-15] (AutoIt Consulting Ltd -> AutoIt Team) -> "C:\Users\jerome\AppData\Local\Disk\AutoIt3\Settings.au3"
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Pas de fichier]
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe [493792 2017-11-07] (Wondershare Technology Co.,Ltd -> Wondershare)
C:\Users\Administrator\AppData\Local\Tempzxpsign*
2023-05-06 08:44 - 2018-11-12 12:54 - 000000000 ____D C:\Program Files (x86)\CastVPN
2023-04-28 22:10 - 2022-06-30 22:50 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Wondershare
2023-04-28 22:10 - 2020-10-25 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2023-04-28 22:10 - 2017-09-23 11:15 - 000000000 ____D C:\Users\Public\Documents\Wondershare
hosts:
emptytemp:
end::