Posté le 12 décembre
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
Virustotal: C:\Program Files (x86)\Vc\Nuances.exe;C:\Program Files (x86)\capito\Prog.exe;C:\Program Files (x86)\Trajectory\Nuances.exe
HKLM\...\Run: [Goran] => C:\Program Files (x86)\Vc\Nuances.exe [1417728 2023-11-07] () [Fichier non signé]
HKLM\...\Run: [Pausing] => C:\Program Files (x86)\capito\Prog.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhy (l'élément de données a 103 caractères en plus). (Pas de fichier)
HKLM\...\Run: [Novo] => C:\Program Files (x86)\Trajectory\Nuances.exe [1417728 2023-11-07] () [Fichier non signé]
C:\Program Files (x86)\capito
C:\Program Files (x86)\Trajectory
C:\Program Files (x86)\Vc
HKLM-x32\...\Run: [Regimens] => C:\Program Files (x86)\Vc\Nuances.exe [1417728 2023-11-07] () [Fichier non signé]
HKLM-x32\...\Run: [Osmonds] => C:\Program Files (x86)\capito\Prog.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhy (l'élément de données a 103 caractères en plus). (Pas de fichier)
HKLM-x32\...\Run: [Retentive] => C:\Program Files (x86)\Trajectory\Nuances.exe [1417728 2023-11-07] () [Fichier non signé]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\Run: [Rifles] => C:\Program Files (x86)\Vc\Nuances.exe [1417728 2023-11-07] () [Fichier non signé]
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\Run: [Litters] => C:\Program Files (x86)\capito\Prog.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhy (l'élément de données a 103 caractères en plus). (Pas de fichier)
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\Run: [Chopper] => C:\Program Files (x86)\Trajectory\Nuances.exe [1417728 2023-11-07] () [Fichier non signé]
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\Run: [Orca] => C:\Program Files (x86)\Vc\Nuances.exe [1417728 2023-11-07] () [Fichier non signé]
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\Run: [Therapist] => C:\Program Files (x86)\capito\Prog.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhy (l'élément de données a 103 caractères en plus). (Pas de fichier)
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\Run: [Ails] => C:\Program Files (x86)\Trajectory\Nuances.exe [1417728 2023-11-07] () [Fichier non signé]
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\MountPoints2: {5b59038f-7e49-11ee-be6e-309c2391cc86} - "G:\SETUP.EXE"
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
GroupPolicy-Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {D0FC2D22-11C2-4553-A43A-87BB3EE16265} - System32\Tasks\4cwo3d\hreyo3\ghcat5\zqt7jt\azgviq\7wj9j0\ppmvk5\vdc6it\y8awzt\87g874\057s9v\a2socn\5d9dca\yydm4m\jgaj14\1t8v7n\l2tjnx => %localappdata%\Nuances.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhybl2ry0ry2rtgbnhyy3ry1k1k0btgbnhyl7blryhtmltgbnhy0oAnsPhgprtgbnhyHik2yqyHC5" (Pas de fichier) <==== ATTENTION
Task: {FD719B3A-0FEC-4A80-A49F-C37AB4C8DB7A} - System32\Tasks\dfixxe\6p62t4\ntaoqs\3gzjra\qoqley\8ci4l6\ir522d\9n8txq\afffbt\9z194s\cczhi7\pjiadh\ul6e69\n6t0xd\fosjre\m0am5a\fl0j9f => %PROGRAMFILES(x86)%\capito\Prog.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhybl2ry0ry2rtgbnhyy3ry1k1k0btgbnhyl7blryhtmltgbnhy0oAnsPhgprtgbnhyHik2yqyHC5" (Pas de fichier) <==== ATTENTION
Task: {3942FDE1-E91F-473C-8CF4-FFB0EEECB321} - System32\Tasks\Driver Booster SkipUAC (zapko) => D:\Drivers booster\Driver Booster\11.1.0\DriverBooster.exe [9044456 2023-10-26] (IObit CO., LTD -> IObit)
Task: {651B9DA9-0016-45D7-8FA7-F346E3B68D2B} - System32\Tasks\Driver Booster Update => D:\Drivers booster\Driver Booster\11.1.0\AutoUpdate.exe [2524648 2023-09-28] (IObit CO., LTD -> IObit)
Task: {EF7F154A-8282-47A4-86AC-8504A8F07DFD} - System32\Tasks\ey9w9z\57rtt1\hu5nm0\svji82\zs0px8\mm1gsb\8hg5j5\qyh98f\efujth\j3kct4\uteqzz\zf8al0\5d3uka\wlk8y9\chly0w\c1cupu\erm4gn => C:\Program Files (x86)\Vc\Nuances.exe [1417728 2023-11-07] () [Fichier non signé] <==== ATTENTION
Task: {6503AD59-AB4B-4A4F-BFF2-36E4AFE21B19} - System32\Tasks\fgmfbf\psc7t2\7lnvqs\agd869\kxetdc\i6eh2r\tu1qpm\mi8zdf\pe7idk\ub2mjf\y6jajo\aiegwq\aj3s8x\cakwh3\rvezwz\obs510\a4qf1i => %PROGRAMFILES(x86)%\capito\Prog.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhybl2ry0ry2rtgbnhyy3ry1k1k0btgbnhyl7blryhtmltgbnhy0oAnsPhgprtgbnhyHik2yqyHC5" (Pas de fichier) <==== ATTENTION
Task: {5878D44E-BF6D-4AB6-9102-A79A44E379B2} - System32\Tasks\h90oyp\7vzmki\26yj4f\56tx0r\kn1wb9\5ddf30\lsq4cm\la9f6e\g1jh7a\ejydlo\vnzoqz\o24qij\f5nmpa\xno7il\65gcqk\my9tkh\36e33f => %localappdata%\transmits.exe (Pas de fichier) <==== ATTENTION
Task: {D90087D0-373D-434F-BD6F-8A9B4C155E76} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Pas de fichier)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Pas de fichier)
Task: {C8701475-BCE4-45A0-9C77-220DB2AAA8CF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Pas de fichier)
Task: {ACF9A052-9A22-43F0-A04A-98C7982F50CB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (Pas de fichier)
Task: {98D84821-69A8-46FB-AF89-085E22628744} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (Pas de fichier)
Task: {256D4D0D-260D-4457-A21A-6A02DEC44658} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Pas de fichier)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Pas de fichier)
Task: {2D63C332-855B-41F2-BEF3-2657AA9302F7} - System32\Tasks\mt5lbp\8ne09c\eooqhs\782jd2\q59wq4\1edtbb\ekdgrz\nah251\mokab1\mtnqen\zgu6wd\e3cnhb\8wyq1n\da5qye\bkhp2x\67y138\g5wfwm => %localappdata%\Prog.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhybl2ry0ry2rtgbnhyy3ry1k1k0btgbnhyl7blryhtmltgbnhy0oAnsPhgprtgbnhyHik2yqyHC5" (Pas de fichier) <==== ATTENTION
Task: {CE60B083-54AB-45CC-8487-7943B15CB103} - System32\Tasks\pgsvah\5207yg\3i3jbz\zytgqb\79uux9\spk4i5\r5rshj\5c0q55\3u2cqn\3yqhd7\6m3qmq\oulejg\hkdc9n\akhso8\2nopsg\z7uy0f\nfitb6 => C:\Program Files (x86)\Vc\mercantil.exe [37654 2023-11-07] () [Fichier non signé] <==== ATTENTION
Task: {8E677B10-BA29-47EC-B355-358D31977A5B} - System32\Tasks\pi9gzu\ol4mld\qhlrg1\sadcao\odurhk\cl6zno\uq0wyg\vbbkrm\8s91fo\apxj4q\gdulwo\rh5dz6\favkfb\cpb5f6\eartcs\2r2ljl\fxu6e7 => C:\Program Files (x86)\Trajectory\Nuances.exe [1417728 2023-11-07] () [Fichier non signé] <==== ATTENTION
Task: {33AC5B1F-D8B2-4602-9A80-165175EEC563} - System32\Tasks\S-1-5-21-1110525187-3888109810-1810432029-1001\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe (Pas de fichier)
Task: {614B3E84-D738-42AE-A641-AF9549CA513A} - System32\Tasks\uxq9n2\pbxn2q\4wq0l6\ejquah\zd599k\giqo4e\5wcgh0\n0beyx\l17rri\7xunup\d5182x\xsll6x\dybjjr\cjc3p5\idbdw4\9dinme\q3ambz => %localappdata%\Nuances.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhybl2ry0ry2rtgbnhyy3ry1k1k0btgbnhyl7blryhtmltgbnhy0oAnsPhgprtgbnhyHik2yqyHC5" (Pas de fichier) <==== ATTENTION
Task: {E060484E-8E37-44C5-861A-9EF29E801F87} - System32\Tasks\xd1az1\x4vtlq\7981ge\mift3w\4agpqe\b0k6hu\w8kstn\444vlj\z3y3yj\89tj2x\wym1w9\eyd7iu\tgwzw1\0lr01r\49ngzo\xu6uet\2lqmpt => %localappdata%\laze.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyftgbnhyotgbnhyntgbnhyttgbnhyetgbnhyntgbnhyotgbnhyttgbnhystgbnhyutgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhybl2ry0ry2rtgbnhyy3ry1k1k0btgbnhyl7blryhtmltgbnhy0oAnsPhgprtgbnhyHik2yqyHC5" (Pas de fichier) <==== ATTENTION
Task: {54E95529-515A-4766-BC70-E2991809B7B5} - System32\Tasks\xrpyio\g1c4sh\f81tj1\445gg7\va4cku\w6zhz3\wm9xxn\e8fn7z\77vlg0\tndtoe\pyjrhy\8yjpnp\v8vwtg\ox53m8\o0vtf2\47qjxe\8566kz => C:\Program Files (x86)\Trajectory\Prog.exe [1417728 2023-11-07] () [Fichier non signé] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF Notifications: Mozilla\Firefox\Profiles\sikzmp94.default-release -> hxxps://www.bonjourdocteur.com; hxxps://www.commentcamarche.net; hxxps://traderie.com; hxxps://forums.d2jsp.org; hxxps://www.marmiton.org; hxxps://helltides.com; hxxps://www.magicmaman.com
S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
S2 Killer Provider Data Helper Service; %SystemRoot%\System32\drivers\Intel\Killer\KillerProviderDataHelperService.exe [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\120.0.2210.61\elevation_service.exe" [X]
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\120.0.2210.61\BHO\ie_to_edge_bho_64.dll => Pas de fichier
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\120.0.2210.61\BHO\ie_to_edge_bho.dll => Pas de fichier
HKLM\...\StartupApproved\Run: => "Goran"
HKLM\...\StartupApproved\Run: => "Pausing"
HKLM\...\StartupApproved\Run: => "Novo"
HKLM\...\StartupApproved\Run32: => "Regimens"
HKLM\...\StartupApproved\Run32: => "Osmonds"
HKLM\...\StartupApproved\Run32: => "Retentive"
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\StartupApproved\Run: => "Rifles"
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\StartupApproved\Run: => "Litters"
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\StartupApproved\Run: => "Chopper"
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\StartupApproved\Run: => "Orca"
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\StartupApproved\Run: => "Therapist"
HKU\S-1-5-21-1110525187-3888109810-1810432029-1001\...\StartupApproved\Run: => "Ails"
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="warm"
EndRegedit:
cmd: netsh advfirewall reset
emptytemp:
end::

x
Éditer le texte

Merci d'entrer le mot de passe que vous avez indiqué à la création du texte.

x
Télécharger le texte

Merci de choisir le format du fichier à télécharger.