start::
closeprocesses:
createrestorepoint:
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [9255640 2024-03-12] (Lavasoft Software Canada Inc. -> Lavasoft) <==== ATTENTION
C:\Program Files (x86)\Lavasoft
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\Run: [Changing_the_voice_in_different_timbres] => C:\Users\studi\AppData\Local\Changing_the_voice_in_different_timbres\Changing_the_voice_in_different_timbres.exe [4338920 2024-01-26] (Corel Corporation -> ) [Fichier non signé]
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\Run: [Visual_background_for_video_chatting] => C:\Users\studi\AppData\Local\Visual_background_for_video_chatting\Visual_background_for_video_chatting.exe [4703608 2024-01-26] (MobiSystems, Inc. -> ) [Fichier non signé]
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\Run: [sc.exe] => C:\Users\studi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sc.exe [289280 2024-02-05] () [Fichier non signé]
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\Run: [CGMNDIHH] => C:\Users\studi\AppData\Roaming\rdytutcdlfrg\uxtldsktkgfv.exe [5890064 2024-07-25] () [Fichier non signé]
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\Run: [utweb] => "C:\Users\studi\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (Pas de fichier)
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\Run: [EPSDNMON] => "" (Pas de fichier)
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\studi\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (Pas de fichier)
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\studi\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Pas de fichier)
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\RunOnce: [Uninstall 24.211.1020.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\studi\AppData\Local\Microsoft\OneDrive\24.211.1020.0001" [0 2024-11-26] () <==== ATTENTION [zéro octet Fichier/Dossier]
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\MountPoints2: {a73acfa9-66ca-11ef-b47a-806e6f6e6963} - "I:\Autorun.exe"
Virusscan: C:\Users\studi\AppData\Local\Changing_the_voice_in_different_timbres\Changing_the_voice_in_different_timbres.exe
Virusscan: C:\Users\studi\AppData\Local\Visual_background_for_video_chatting\Visual_background_for_video_chatting.exe
Virusscan: C:\Users\studi\AppData\Roaming\rdytutcdlfrg\uxtldsktkgfv.exe
Virusscan: C:\Users\studi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sc.exe
Startup: C:\Users\studi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sc.exe [2024-02-05] () [Fichier non signé]
Task: {1F195924-34DC-48EF-A06F-8903F6A8EB2A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [Fichier non signé]
Task: {1E7B8601-0E08-43B6-86F4-FC8E5684C4DE} - System32\Tasks\ERGVRDVMSK => C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe [5889536 2024-01-26] () [Fichier non signé] <==== ATTENTION
Task: {C88BACFA-6D41-4395-BB62-37A491055FE0} - System32\Tasks\UpdateTaskMachineQC => C:\Program Files\Google\Chrome\updater.exe [760000000 2024-04-22] (TeamDaz) [Fichier non signé] <==== ATTENTION
FF NewTab: Mozilla\Firefox\Profiles\8shsn3o2.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2023-10-18 03:19:48&iid=b9968136-0ebb-4160-ae5a-92631bdca987&bName=
R2 DCIService; C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe [3420376 2024-03-12] (Lavasoft Software Canada Inc. -> ) <==== ATTENTION
S3 dosvc; C:\Windows\System32\svchost.exe [55456 2023-10-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S3 dosvc; C:\Windows\SysWOW64\svchost.exe [46632 2023-10-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [Fichier non signé]
S2 UsoSvc; C:\Windows\system32\svchost.exe [55456 2023-10-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S2 UsoSvc; C:\Windows\SysWOW64\svchost.exe [46632 2023-10-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [27864 2024-03-12] (Lavasoft Software Canada Inc. -> ) <==== ATTENTION
S2 wuauserv; C:\Windows\system32\svchost.exe [55456 2023-10-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [46632 2023-10-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL)
Unlock: C:\Program Files\google\libs\WR64.sys
C:\Program Files\google\libs\WR64.sys
CustomCLSID: HKU\S-1-5-21-2977175105-3121391406-1397119149-1001_Classes\CLSID\{6a27a1a9-7be8-1491-04ca-ee68a211c258}\localserver32 -> "C:\Program Files\Google\Play Games\current\service\Service.exe" -ToastActivated => Pas de fichier
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:D0757AAB [151]
SearchScopes: HKU\S-1-5-21-2977175105-3121391406-1397119149-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-2977175105-3121391406-1397119149-1001\...\StartupApproved\Run: => "Web Companion"
Hosts:
emptytemp:
end::