start::
closeprocesses:
createrestorepoint:
file: C:\WINDOWS\lotte.exe
AlternateDataStreams: C:\Users\benjamin:com.affinity.publisher.2 [151]
AlternateDataStreams: C:\Users\benjamin:com.affinity.publisher.3 [197]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`20hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
BHO: Pas de nom -> {2642A553-7794-469F-B541-5AA0D3F9B04A}' -> Pas de fichier
BHO-x32: Pas de nom -> {2642A553-7794-469F-B541-5AA0D3F9B04A}' -> Pas de fichier
BHO-x32: Pas de nom -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Pas de fichier
BHO-x32: Pas de nom -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Pas de fichier
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
FirewallRules: [{E05B72CF-B420-429D-B64F-241B8CABB8F4}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe => Pas de fichier
FirewallRules: [{301CE2FD-C063-4A3D-B174-2F23B11AB6FC}] => (Allow) C => Pas de fichier
FirewallRules: [{DE3E3472-BAC3-4637-9B92-20D1303CBD1B}] => (Allow) C => Pas de fichier
FirewallRules: [{BC595F1B-052C-4C58-B324-888CBB0CB867}] => (Allow) C => Pas de fichier
FirewallRules: [{0D8F25BE-8ABE-4765-9388-9F39A08C0FF8}] => (Allow) C => Pas de fichier
FirewallRules: [{0E7BC643-7109-4112-9945-44FE12E55F65}] => (Allow) C => Pas de fichier
FirewallRules: [{121AA65A-4C39-44A9-80CD-4CB02286B177}] => (Allow) C => Pas de fichier
FirewallRules: [{2C5814A8-F91B-4A74-888A-21D24EE99913}] => (Allow) C => Pas de fichier
FirewallRules: [{CC4055AE-2C58-4FFD-9B53-DDBFB704968B}] => (Allow) C => Pas de fichier
FirewallRules: [{26DCA3E5-7D4E-4A4E-9254-CA783F48140B}] => (Allow) C => Pas de fichier
FirewallRules: [{C11CA192-0B53-4A88-B0C0-9A69DD4F0E29}] => (Allow) C => Pas de fichier
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-709291749-242957285-1132901353-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" (Pas de fichier)
HKU\S-1-5-21-709291749-242957285-1132901353-1001\...\Policies\Explorer: []
HKU\S-1-5-21-709291749-242957285-1132901353-1001\...\MountPoints2: {9870309a-93c6-11e8-ad3b-4ccc6a25995a} - "H:\Autoplay.exe" -auto
ShortcutTarget: ProtonMail Bridge.lnk -> C:\Program Files\Proton Technologies AG\ProtonMail Bridge\Desktop-Bridge.exe (Pas de fichier)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKU\S-1-5-21-709291749-242957285-1132901353-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {FB036AB0-FE94-43CF-9E54-86C53D275C1B} - \Network Perfomance -> Pas de fichier <==== ATTENTION
Task: {BF096F55-7025-446E-B942-26161751CB0D} - System32\Tasks\194scc\zhi7pj\iadhul\6e69n6\t0xdfo\sjrem0\am5afl\0j9fit\g3t94c\wo3dhr\eyo3gh\cat5zq\t7jtaz\gviq7w\j9j0pp\mvk5vd\c6ity8 => C:\Program Files (x86)\Coaxed\Behn.exe [43520 2024-04-16] (Book) [Fichier non signé] <==== ATTENTION
Task: {30D54FBE-8321-4619-B994-A4896909EB07} - System32\Tasks\4hwqlq\xsfxqt\rdd3ij\gy211g\3io605\do6r57\5datdo\4a5sbr\ybeocw\zo8rnm\4lwmax\oykv1v\lho0k5\gykuia\cyewcl\32b806\1vvch9 => %localappdata%\jazzy.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhymtgbnhyotgbnhyotgbnhyntgbnhygtgbnhyltgbnhyatgbnhyrtgbnhyetgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyrg2jd0jd2jtgbnhyd4jd0wc4wctgbnhy1rg6rgjdhttgbnhym0WvPYKU2ktgbnhyUnKr1HcOGTtgbnhy9" (Pas de fichier) <==== ATTENTION
Task: {041518F2-6A54-4AC4-B3E9-FD6BCF0A9D69} - System32\Tasks\Avira\System Speedup\Delayed Startup\benjamin\1 => "C:\Program Files (x86)\pCloud Drive\pCloud.exe" (Pas de fichier)
Task: {53B21409-7BFC-4E0C-A977-742EB65FD629} - System32\Tasks\db5dq9\92l6xg\ihl6vd\19y6t3\pvnidj\fhioq8\22ebnx\98bod1\m1nmpg\svah52\07yg3i\3jbzzy\tgqb79\uux9sp\k4i5r5\rshj5c\0q553u => %localappdata%\Behn.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhymtgbnhyotgbnhyotgbnhyntgbnhygtgbnhyltgbnhyatgbnhyrtgbnhyetgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyrg2jd0jd2jtgbnhyd4jd0wc4wctgbnhy1rg6rgjdhttgbnhym0WvPYKU2ktgbnhyUnKr1HcOGTtgbnhy9" (Pas de fichier) <==== ATTENTION
Task: {36BCE1B7-2184-416A-97F7-409154CDA6AA} - System32\Tasks\dtoepy\jrhy8y\jpnpv8\vwtgox\53m8o0\vtf247\qjxe85\66kzfz\nvm5df\ixxe6p\62t4nt\aoqs3g\zjraqo\qley8c\i4l6ir\522d9n\8txqaf => %localappdata%\Mouseman.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhymtgbnhyotgbnhyotgbnhyntgbnhygtgbnhyltgbnhyatgbnhyrtgbnhyetgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyrg2jd0jd2jtgbnhyd4jd0wc4wctgbnhy1rg6rgjdhttgbnhym0WvPYKU2ktgbnhyUnKr1HcOGTtgbnhy9" (Pas de fichier) <==== ATTENTION
Task: {EEFBFF4B-2946-4EDB-91CF-1859ACDF415E} - System32\Tasks\g87405\7s9va2\socn5d\9dcayy\dm4mjg\aj141t\8v7nl2\tjnx7a\uokl68\7xl3z9\jmohvr\2uzp0t\ybmetx\mh4v36\hx1zop\h9d7jl\14v5cy => C:\Program Files (x86)\Coaxed\Mouseman.exe [43520 2024-04-16] (Book) [Fichier non signé] <==== ATTENTION
Task: {B756A3C0-E789-448A-B2D7-EB26EFF7C735} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => %windir%\system32\EOSNotify.exe (Pas de fichier)
Task: {D153F193-CE12-4498-9971-3CE20BA2E7AA} - System32\Tasks\Microsoft\Windows\Shell\FamilyBackgroundSync => C:\ProgramData\9d73006b-3dee-4077-85a4-f285ea2f5128\FamilyBackgroundSync.cmd [131 2024-04-16] () [Fichier non signé] -> <==== ATTENTION
Task: {7294A115-F44E-4706-BD27-DA6A24117E32} - System32\Tasks\nqenzg\u6wde3\cnhb8w\yq1nda\5qyebk\hp2x67\y138g5\wfwm1m\xo3dpi\9gzuol\4mldqh\lrg1sa\dcaood\urhkcl\6znouq\0wygvb\bkrm8s => %PROGRAMFILES(x86)%\inconsiderable\Mouseman.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhymtgbnhyotgbnhyotgbnhyntgbnhygtgbnhyltgbnhyatgbnhyrtgbnhyetgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyrg2jd0jd2jtgbnhyd4jd0wc4wctgbnhy1rg6rgjdhttgbnhym0WvPYKU2ktgbnhyUnKr1HcOGTtgbnhy9" (Pas de fichier) <==== ATTENTION
Task: {A8C084EE-638F-449A-81C8-D860642C3CE3} - System32\Tasks\OneDrive Background Sync Task-S-1-5-21-2799252433-3801064209-1241630503-500 => C:\ProgramData\32354f96-1065-4fb7-b187-ccf29ee28340\OneDriveBackgroundSync.cmd [131 2024-04-16] () [Fichier non signé] -> <==== ATTENTION
Task: {B4F7CCF8-3964-4672-8357-2D4BE3D1BA5F} - System32\Tasks\sw5msr\3s5clh\36mc9s\6hev8n\lq4nwl\a0oov3\k2xnnt\1yetrm\k07010\kax79p\i96rfn\4tbozj\x29nkk\rxyfo9\3w2z1p\tsz81y\b9adet => %PROGRAMFILES(x86)%\inconsiderable\Mouseman.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhymtgbnhyotgbnhyotgbnhyntgbnhygtgbnhyltgbnhyatgbnhyrtgbnhyetgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyrg2jd0jd2jtgbnhyd4jd0wc4wctgbnhy1rg6rgjdhttgbnhym0WvPYKU2ktgbnhyUnKr1HcOGTtgbnhy9" (Pas de fichier) <==== ATTENTION
Task: {74AC3474-A9A6-4647-819E-91C8C2DBAE3A} - System32\Tasks\tj2xwy\m1w9ey\d7iutg\wzw10l\r01r49\ngzoxu\6uet2l\qmptkr\mthwh9\0oyp7v\zmki26\yj4f56\tx0rkn\1wb95d\df30ls\q4cmla\9f6eg1 => %PROGRAMFILES(x86)%\Perennials\offended.exe (Pas de fichier) <==== ATTENTION
Task: {319947CA-7C51-4282-8B8F-89ECC701483B} - System32\Tasks\unupd5\182xxs\ll6xdy\bjjrcj\c3p5id\bdw49d\inmeq3\ambzit\wk4jmt\5lbp8n\e09ceo\oqhs78\2jd2q5\9wq41e\dtbbek\dgrzna\h251mo => %PROGRAMFILES(x86)%\Perennials\Behn.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhymtgbnhyotgbnhyotgbnhyntgbnhygtgbnhyltgbnhyatgbnhyrtgbnhyetgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyrg2jd0jd2jtgbnhyd4jd0wc4wctgbnhy1rg6rgjdhttgbnhym0WvPYKU2ktgbnhyUnKr1HcOGTtgbnhy9" (Pas de fichier) <==== ATTENTION
Task: {7072AC35-2FC4-4EE3-B794-2273DCBB1989} - System32\Tasks\xcbyc3\dexl2x\jrq9q8\q30t6w\fjajvc\fmhuad\ojghf6\cchb2g\06ot2h\nfrcga\qfe5vx\bl612o\rqw9it\dhjp08\6arl19\mf0zoo\rcyoyo => %localappdata%\grinch.exe (Pas de fichier) <==== ATTENTION
Task: {C4EF2C8F-383D-40F9-8F57-1270B20C6F9B} - System32\Tasks\xj4qgd\ulworh\5dz6fa\vkfbcp\b5f6ea\rtcs2r\2ljlfx\u6e7rz\q3b2xr\pyiog1\c4shf8\1tj144\5gg7va\4ckuw6\zhz3wm\9xxne8\fn7z77 => %localappdata%\Behn.exe "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhymtgbnhyotgbnhyotgbnhyntgbnhygtgbnhyltgbnhyatgbnhyrtgbnhyetgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyrg2jd0jd2jtgbnhyd4jd0wc4wctgbnhy1rg6rgjdhttgbnhym0WvPYKU2ktgbnhyUnKr1HcOGTtgbnhy9" (Pas de fichier) <==== ATTENTION
Task: {3997900D-F2CA-43DD-B0CA-093C9DE8C7C5} - System32\Tasks\ydlovn\zoqzo2\4qijf5\nmpaxn\o7il65\gcqkmy\9tkh36\e33fib\tci11h\6zxypa\0wx3q5\dppmp3\l0yaki\o5dbc4\cpzxp5\8jjjoi\7zs9jz => %PROGRAMFILES(x86)%\Perennials\bioavailability.exe (Pas de fichier) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ___HD C:\ProgramData\9d73006b-3dee-4077-85a4-f285ea2f5128
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\ydlovn
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\xj4qgd
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\xcbyc3
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\unupd5
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\tj2xwy
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\sw5msr
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\nqenzg
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\g87405
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\dtoepy
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\db5dq9
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\4hwqlq
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\194scc
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\Users\benjamin\AppData\Roaming\npm
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\ProgramData\NetTrace
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2024-04-16 15:53 - 2024-04-16 15:53 - 000000000 ____D C:\Program Files\nodejs
2024-04-16 15:52 - 2024-04-16 15:52 - 000000000 ____D C:\Program Files (x86)\Crack8
2024-04-16 15:49 - 2024-04-16 15:49 - 000043520 _____ C:\WINDOWS\lotte.exe
emptytemp:
end::