start::
closeprocesses:
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-3372909273-4128117945-1251859046-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => Pas de fichier
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> Pas de fichier
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
AlternateDataStreams: C:\WINDOWS\system32\9EarsSurroundSound.dll:97D88723C8 [3442]
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\ProgramData\1411800854:B0804A592B [3442]
AlternateDataStreams: C:\ProgramData\1419666011:387DC8C9F3 [3442]
AlternateDataStreams: C:\ProgramData\1675693006:E6FB1921B7 [3442]
AlternateDataStreams: C:\ProgramData\1735785039:D219EA84AC [3442]
AlternateDataStreams: C:\ProgramData\2123034141:7A582FF67D [3442]
AlternateDataStreams: C:\ProgramData\3738993435:C292A9EB33 [3442]
AlternateDataStreams: C:\ProgramData\678759991:423C1F46D3 [3442]
AlternateDataStreams: C:\ProgramData\buexonvx.mzu:A45F946BBB [3442]
AlternateDataStreams: C:\ProgramData\gnbsnmjb.hqz:BEF2932BA1 [3442]
AlternateDataStreams: C:\ProgramData\hjlxafcc.gkb:6EBF870DFA [3442]
AlternateDataStreams: C:\ProgramData\kpcuamxa.hhk:53EB1B8EE7 [3442]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2020.lnk:C705C23FF2 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk:7661CCE9BF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk:1A5FAF1E4E [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 2018.lnk:9A3FBA539F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk:09A0A90EF3 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCUE.lnk:36398BE0BF [3442]
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10318]
AlternateDataStreams: C:\Users\Yuyuko\Application Data:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
AlternateDataStreams: C:\Users\Yuyuko\Application Data:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\Yuyuko\Application Data:da1532868ed92ad4ab2c96bd4bf15fa5 [394]
AlternateDataStreams: C:\Users\Yuyuko\AppData\Roaming:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
AlternateDataStreams: C:\Users\Yuyuko\AppData\Roaming:cbb0660c87f0ef13f0dc1af5fc07272a [394]
AlternateDataStreams: C:\Users\Yuyuko\AppData\Roaming:da1532868ed92ad4ab2c96bd4bf15fa5 [394]
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
HKLM-x32\...\Run: [Genshin Impact Beta_Launcher] => [X]
HKLM-x32\...\Run: [Genshin Impact_launcher__1_1] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5109624 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKU\S-1-5-21-3372909273-4128117945-1251859046-1001\...\Run: [RLinkToolbox.exe] => C:\Program Files (x86)\RLinkToolbox 3\RLinkToolbox.exe -startwithoutDA (Pas de fichier)
HKU\S-1-5-21-3372909273-4128117945-1251859046-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [6975864 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-3372909273-4128117945-1251859046-1009\...\Run: [RLinkToolbox.exe] => C:\Program Files (x86)\RLinkToolbox 3\RLinkToolbox.exe -startwithoutDA (Pas de fichier)
HKU\S-1-5-21-3372909273-4128117945-1251859046-1009\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Yuyuk\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Pas de fichier)
HKU\S-1-5-21-3372909273-4128117945-1251859046-1009\...\RunOnce: [Uninstall 21.139.0711.0001\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Yuyuk\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\amd64" [0 2023-08-19] () <==== ATTENTION [zéro octet Fichier/Dossier]
HKU\S-1-5-21-3372909273-4128117945-1251859046-1009\...\RunOnce: [Uninstall 21.139.0711.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Yuyuk\AppData\Local\Microsoft\OneDrive\21.139.0711.0001" [0 2023-08-19] () <==== ATTENTION [zéro octet Fichier/Dossier]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {2D336374-3863-4A5F-A00C-D8007AE5B3B2} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{9D47D225-713E-466B-99C3-FCFAD1DD266F} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
Task: {360AA824-41E7-4799-8890-32B68877DC03} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B8DBC6CD-FF43-4F0B-88C5-093C86D51DCB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {46ADA459-4E14-4745-89BF-404E27326F3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
CHR DefaultSearchURL: Profile 1 -> hxxps://fr.search.yahoo.com/search?fr=mcafee&type=E210FR91082G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> mcafee
CHR DefaultSuggestURL: Profile 1 -> hxxps://fr.search.yahoo.com/sugg/gossip/gossip-fr-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
S3 bits; C:\WINDOWS\System32\svchost.exe [55320 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 bits; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 dosvc; C:\WINDOWS\System32\svchost.exe [55320 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 dosvc; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2737016 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4588408 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SXONTKFN; C:\ProgramData\wjgsweqztysh\khzowafudydl.exe [14148608 2024-02-26] () [Fichier non signé]
S2 UsoSvc; C:\WINDOWS\system32\svchost.exe [55320 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S2 UsoSvc; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [55320 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X] <==== ATTENTION
S3 Imf8HpRegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [41848 2019-12-17] (IObit Information Technology -> IObit)
S3 IMFEFSFileControl; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [40824 2019-08-13] (IObit Information Technology -> IObit)
S3 ImfHpFileFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [45432 2019-12-17] (IObit Information Technology -> IObit)
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
2024-02-24 03:11 - 2024-02-24 03:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2024-02-24 02:52 - 2024-02-24 04:03 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2024-02-24 02:52 - 2024-02-24 04:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-02-24 02:52 - 2024-02-24 02:52 - 000001442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2024-02-24 02:52 - 2024-02-24 02:52 - 000001430 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2024-02-24 02:52 - 2024-02-24 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2024-02-24 02:52 - 2018-02-06 18:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2024-02-08 21:13 - 2024-02-08 21:13 - 000000000 _____ C:\ProgramData\HCAFIJDGHC.exe
2024-02-08 20:47 - 2024-02-08 20:47 - 000000000 ____D C:\Users\Yuyuko\AppData\Local\CefSharp
2024-02-08 20:37 - 2024-02-24 03:11 - 000000000 ____D C:\ProgramData\wjgsweqztysh
2024-02-08 20:36 - 2024-02-08 20:36 - 000000000 _____ C:\ProgramData\FHIIEHJKKE.exe
cmd: sfc /scannow
emptytemp:
end::