start::
CreateRestorePoint:
CloseProcesses:
Task: {F3C7EA1A-6F06-4083-B3A2-D9A5E19FB6FB} - System32\Tasks\WDNA => C:\Users\BERGER FAMILY\AppData\Local\KbLobs\rhc.exe [1536 2023-03-06] () [Fichier non signé] -> php.exe index.php <==== ATTENTION
Task: {0DE605F5-0D5D-4AE3-B71F-BF763D9AE7A5} - System32\Tasks\WDNA_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {0DE605F5-0D5D-4AE3-B71F-BF763D9AE7A5} - System32\Tasks\WDNA_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
Task: {F8DB71E8-6205-4492-A1A0-12936DD3E8EF} - System32\Tasks\YTPXCheck => C:\Users\BERGER FAMILY\AppData\Local\KbLobs\rhc.exe [1536 2023-03-06] () [Fichier non signé] -> php.exe keep_play.php <==== ATTENTION
Task: {B2E6B80B-3CDD-4280-8CBB-33C9A346246A} - System32\Tasks\YTPXCheck LG => C:\Users\BERGER FAMILY\AppData\Local\KbLobs\rhc.exe [1536 2023-03-06] () [Fichier non signé] -> php.exe keep_play.php <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR Extension: (AVG SafePrice | Comparateur de prix, offres, coupons) - C:\Users\BERGER FAMILY\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2023-07-03]
2023-08-22 19:33 - 2023-07-22 11:58 - 000000000 ____D C:\Users\BERGER FAMILY\AppData\Local\ypsx_cloud_v2
2023-08-22 19:33 - 2023-07-02 16:45 - 000000000 ____D C:\Users\BERGER FAMILY\AppData\Local\KbLobs
2023-08-22 18:47 - 2023-07-02 16:46 - 000003820 _____ C:\WINDOWS\system32\Tasks\WDNA
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
FW: Avira Security (Enabled) {BE55A40C-05CA-1096-36EB-CCA92DEAF539}
FW: firewall.tools.exe (Enabled) {C23625D1-69FF-6539-D252-9C59FCE61F44}
FW: Avira Security (Enabled) {EC455612-A4AA-6402-45D6-DB9E6D29D254}
FW: Avira Security (Enabled) {C301BD72-1A68-FCF0-7438-70C67D82788F}
FW: firewall.tools.exe (Enabled) {099106F1-E7D0-AAA0-A006-5B67606DD9EB}
FW: Avira Security (Enabled) {7345CA52-5FDB-32E9-091E-A25A5F605D90}
FW: Avira Security (Enabled) {A4140CEC-71C4-0D3F-075E-A57EB752B7CC}
FW: Avira Security (Disabled) {877B141C-E73B-9A54-223E-108CC963426A}
FW: firewall.tools.exe (Enabled) {4C92E45A-7416-54D2-AD04-C193F68EC8C0}
FW: firewall.tools.exe (Enabled) {FE195218-FA5A-653B-CF2E-34A747823BDA}
FW: Avira Security (Enabled) {B8CDDC92-9ACE-829E-BE31-378580BD98EA}
FW: Avira Security (Enabled) {1A2A5BC2-8661-486A-E9A8-CDDB540A101F}
FW: Avira Security (Enabled) {DE8353B0-FA3B-1C97-A6F2-47E3086FE270}
FW: Avira Security (Enabled) {A6BFCB37-FD88-3169-9016-A19F8A583462}
FW: firewall.tools.exe (Enabled) {47D4BDD8-0984-10EF-81DA-67DF50F9090C}
FW: Avira Security (Enabled) {D61C0689-D80C-09C3-9217-D404C4DB37CC}
FW: Avira Security (Enabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
FW: Avira Security (Enabled) {12CE3622-C811-64DE-1773-AA1774F2B8E1}
FW: Avira Security (Enabled) {76867038-CFEB-AE32-EFDA-5DE782F629FF}
FW: firewall.tools.exe (Enabled) {411C09FD-C895-2466-7CB2-4B121B959D78}
FW: Avira Security (Enabled) {568EC6DA-758B-F7DB-1DA3-0F92F0A311A4}
FW: firewall.tools.exe (Enabled) {192950A7-224C-7675-566D-ADC7513196AB}

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => -> Pas de fichier
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => -> Pas de fichier
2023-07-02 16:45 - 2023-03-06 22:18 - 000901120 _____ () [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\ext\php_ioncube.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 000223744 _____ () [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\libssh2.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 000199168 _____ (hxxps://nghttp2.org/) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\nghttp2.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 003055616 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\libcrypto-1_1-x64.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 000517120 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\libssl-1_1-x64.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 000088064 _____ (The PHP Group) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\ext\php_bz2.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 000089600 _____ (The PHP Group) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\ext\php_com_dotnet.DLL
2023-07-02 16:45 - 2023-03-06 22:18 - 000531456 _____ (The PHP Group) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\ext\php_curl.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 005020672 _____ (The PHP Group) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\ext\php_fileinfo.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 001616384 _____ (The PHP Group) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\ext\php_gd2.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 001417216 _____ (The PHP Group) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\ext\php_mbstring.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 000121856 _____ (The PHP Group) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\ext\php_openssl.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 000877056 _____ (The PHP Group) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\ext\php_pdo_sqlite.dll
2023-07-02 16:45 - 2023-03-06 22:18 - 008960000 _____ (The PHP Group) [Fichier non signé] C:\Users\BERGER FAMILY\AppData\Local\KbLobs\php7.dll
BHO: Pas de nom -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Pas de fichier
BHO-x32: Pas de nom -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Pas de fichier

EmptyTemp:
end::