start:: closeprocesses: createrestorepoint:...

Posté le 15 décembre
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => -> Pas de fichier
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Pas de fichier
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Pas de fichier
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => -> Pas de fichier
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Pas de fichier
AlternateDataStreams: C:\ProgramData\TEMP:4FB9487F [184]
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
C:\Users\patre\Downloads\CCleaner Professional 6.18.10838 (x64) + Portable_TrucNet.zip
HKLM\...\Winlogon: [Shell] explorer.exe,Windows Driver Foundation (WDF).exe --minimized <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] C:\Windows\SysWOW64\explorer.exe [4888696 2023-12-11] (Microsoft Windows -> Microsoft Corporation) <=== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-51163829-3741388508-2924362831-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-51163829-3741388508-2924362831-1001\...\Policies\Explorer\DisallowRun: [1] mshta.exe
HKU\S-1-5-21-51163829-3741388508-2924362831-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-51163829-3741388508-2924362831-1001\...\MountPoints2: {2a8221fc-6e46-11ee-87e0-f406691b879d} - "E:\WifiAutoInstallSetup.exe"
HKU\S-1-5-21-51163829-3741388508-2924362831-1001\...\MountPoints2: {33ac0843-31ce-11ee-873d-f406691b879d} - "E:\TP-LINK_Gigabit_Ethernet_USB_Adapter.exe"
HKU\S-1-5-21-51163829-3741388508-2924362831-1001\...\MountPoints2: {4dabb070-81f9-11ee-8818-f406691b879d} - "E:\WifiAutoInstallSetup.exe"
Task: {0D6A364D-1A70-4D74-BD88-01A2251728B2} - System32\Tasks\AVG\AVG TuneUp BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [4845504 2023-11-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 74 --programpath "C:\Program Files\AVG\TuneUp\Setup\.." --configpath "C:\Program Files\AVG\TuneUp\Setup" --path "C:\ProgramData\AVG\TuneUp\log" --path "C:\ProgramData\AVG\Icarus\Logs" --logpath "C:\ProgramData\AVG\TuneUp\log" --guid 0d8a1a95-147e-4aa3-b141-8 (l'élément de données a 11 caractères en plus).
Task: {E3356531-7EF9-4D16-91DB-56DDA829967B} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [7344064 2023-11-20] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {24C7E31B-0899-47F1-85C0-0FA65C85A1FA} - System32\Tasks\GlaryUpdate 5 => C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe /schedulestart (Pas de fichier)
Task: {3C941386-D9C5-4B7D-81A2-F4EA59AE2ED8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-51163829-3741388508-2924362831-1001Core => C:\Users\patre\AppData\Local\Google\Update\GoogleUpdate.exe /c (Pas de fichier)
Task: {00606D37-54CA-424E-A816-929697B0C998} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-51163829-3741388508-2924362831-1001UA => C:\Users\patre\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (Pas de fichier)
Task: {DA74B272-F47B-4DD6-BE57-7797A2CED2AB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Pas de fichier)
Task: {127489AD-6504-4221-BC0C-73E8870C2D4E} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [493568 2023-10-27] (Microsoft Windows -> Microsoft Corporation) -> -ExecutionPolicy Bypass -WindowStyle Hidden -File C:\WINDOWS\mid.ps1
Task: {80D085E6-A188-40F5-963E-82B1EF8E5E6E} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [493568 2023-10-27] (Microsoft Windows -> Microsoft Corporation) -> -ExecutionPolicy ByPass -WindowStyle Hidden C:\Users\patre\AppData\Roaming\Winsoft\core.ps1
C:\Users\patre\AppData\Roaming\Winsoft
C:\WINDOWS\mid.ps1
Task: {46B8B86D-6EBE-4F3D-9A77-13DF74B9EA77} - System32\Tasks\Trojan Remover => "C:\Program Files\Loaris Trojan Remover\ltr.exe" (Pas de fichier)
FF Notifications: Mozilla\Firefox\Profiles\ux92apnv.default-release -> hxxps://web.whatsapp.com; hxxps://vk.com; hxxps://www.carrefour.fr; hxxps://www.instagram.com; hxxps://mail.proton.me; hxxps://a.re-captha-version-3-37.top; hxxps://web.humanverification.co.in; hxxps://re-captha-version-2-1.top
CHR HKLM\...\Chrome\Extension: [cchfigjcpjmclmmphipdkeocklpnjecm]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
S0 EPMVolFlt; \SystemRoot\System32\drivers\EPMVolFlt.sys [X]
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
S3 Imf8HpRegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [X]
S3 IMFEFSFileControl; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [X]
S3 ImfHpFileFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [X]
S3 ImfRealScanner; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRealScanner.sys [X]
S3 ImfRegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRegistryFilter.sys [X]
S3 MpKsl22fec98a; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A151ECCE-5B6A-4E55-ABA1-CA539039585C}\MpKslDrv.sys [X]
S3 MpKsla2d407d6; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4699C42-5E27-4650-A8EE-EFD4B9F6972F}\MpKslDrv.sys [X]
2023-12-11 16:16 - 2023-12-14 14:15 - 000002452 _____ C:\Windows\system32\Tasks\Trojan Remover
C:\Users\patre\AppData\Local\Tempzxpsign*
2023-12-15 08:18 - 2020-11-28 20:55 - 000000000 ____D C:\ProgramData\AVG
hosts:
emptytemp:
end::