start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\trocante\AppData\Roaming\pmagdqf\mclost.exe;C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe
defaultuser0 (S-1-5-21-2363128812-3584604530-1053448565-1000 - Limited - Enabled) => C:\Users\defaultuser0
C:\Users\defaultuser0
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
Shortcut: C:\Users\trocante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <==== Cyrillic
Shortcut: C:\Users\trocante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic
Shortcut: C:\Users\trocante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic
AlternateDataStreams: C:\Users\trocante\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
SearchScopes: HKU\S-1-5-21-2363128812-3584604530-1053448565-1001 -> {2075EEC8-9E92-4CE2-8CE0-4C5DEA2E4DEF} URL = hxxp://www.accueil-web.com/search?q={searchTerms}
HKU\S-1-5-21-2363128812-3584604530-1053448565-1001\...\StartupApproved\Run: => "Chromium"
FirewallRules: [{98A42D60-F21B-4853-B082-A02E4BD801EE}] => (Allow) C:\Users\trocante\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier
FirewallRules: [{5A3DD962-83F2-478E-A496-1DEFBDD51953}] => (Allow) C:\Users\trocante\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2363128812-3584604530-1053448565-1001\...\Run: [Chromium] => "c:\users\trocante\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [828416 2017-01-21] (The Chromium Authors) [Fichier non signé]
c:\users\trocante\appdata\local\chromium
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {963DBB28-F10C-4FC2-9E9B-15C17891242E} - System32\Tasks\Mozilla\bkrmim => C:\Users\trocante\AppData\Roaming\pmagdqf\mclost.exe [893608 2023-02-14] (AutoIt Consulting Ltd -> AutoIt Team) -> "C:\Users\trocante\AppData\Roaming\pmagdqf\mclost.chm" <==== ATTENTION
Task: {D3567B92-01BF-4A8E-AEA2-D6C2CE6A1CE1} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Edge HomeButtonPage: HKU\S-1-5-21-2363128812-3584604530-1053448565-1001 -> hxxp://www.accueil-web.com/
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
cmd: sfc /scannow
emptytemp:
end::