start::
systemrestore: on
closeprocesses:
createrestorepoint:
Virusscan: C:\GjpXlnKNVQ\nanana\System Guard Runtime Monitor.exe
virusscan: C:\GjpXlnKNVQ\nanana\procgov.exe
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\ProgramData\WindowsService.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe, <==== ATTENTION
C:\ProgramData\WindowsService.{D20EA4E1-3957-11D2-A40B-0C5020524153}
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-739641041-304123353-3345956498-1002\...\Run: [qBittorrent] => C:\Program Files\qBittorrent\qbittorrent.exe [32323072 2024-08-18] (The qBittorrent Project) [Fichier non signé]
HKU\S-1-5-21-739641041-304123353-3345956498-1002\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe (Pas de fichier)
HKU\S-1-5-21-739641041-304123353-3345956498-1002\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe --component-updater=url-source=hxxps://go-updater.brave.com/extensions --disable-domain-reliability --enable-distillability-service (l'élément de données a 372 caractères en plus). (Pas de fichier)
Task: {4706DB41-1616-4769-B64D-0B8D298F8D5E} - System32\Tasks\MicrosoftEdgeMonitor => C:\GjpXlnKNVQ\nanana\System -> Guard Runtime Monitor.exe C:\GjpXlnKNVQ\nanana\System Guard Runtime Monitor.exe <==== ATTENTION
Task: {47C48713-C88D-47CD-B9A3-C5B9E468FF84} - System32\Tasks\SystemOneDriveUpdateTaskMachineCoreTask => C:\ProgramData\Microsoft\wbem.{208D2C60-3AEA-1069-A2D7-08002B30309D}\WmiPrvSE.exe [2915840 2025-05-02] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
Task: {628103FE-5E91-4A4C-A0A0-FA58036A26BC} - System32\Tasks\task1 => C:\GjpXlnKNVQ\nanana\Process Guard Runtime Observer.exe [7150889 2025-05-02] () [Fichier non signé] <==== ATTENTION
Task: {778DC89E-4DB4-476E-98A1-DFA99622D5E2} - System32\Tasks\UpdateTask => C:\Users\mandr\AppData\Roaming\IPEvcon\AvastBrowserUpdate.exe [180240 2025-05-03] (Avast Software s.r.o. -> AVAST Software) <==== ATTENTION
Task: {0F61D8BB-1B34-4A9E-A164-DD206E1EA2CC} - System32\Tasks\WinServiceTask => C:\ProgramData\WindowsService.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe [50176 2025-05-02] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S3 EasyAntiCheat_EOS; "C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
C:\GjpXlnKNVQ\nanana
2025-05-03 06:41 - 2025-05-03 06:45 - 000000000 ____D C:\Users\mandr\AppData\Roaming\IPEvcon
2025-05-03 06:41 - 2025-05-03 06:41 - 000003230 _____ C:\Windows\system32\Tasks\UpdateTask
2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\SpotsObesity
2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\ProspectiveTrade
2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\HowSamba
2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\HackerNiger
2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\FearsNot
2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\DressGeography
2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\BeyondBasic
2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\AdvocateMt
2025-05-02 19:35 - 2025-05-03 12:58 - 000003522 _____ C:\Windows\system32\Tasks\MicrosoftEdgeMonitor
2025-05-02 19:35 - 2025-05-03 12:58 - 000003332 _____ C:\Windows\system32\Tasks\task1
2025-05-02 19:34 - 2025-05-02 19:34 - 000000000 ___HD C:\GjpXlnKNVQ
2025-05-02 15:37 - 2025-05-02 15:37 - 000003666 _____ C:\Windows\system32\Tasks\WinServiceTask
2025-05-02 15:37 - 2025-05-02 15:37 - 000003586 _____ C:\Windows\system32\Tasks\SystemOneDriveUpdateTaskMachineCoreTask
2025-05-02 15:37 - 2025-05-02 15:37 - 000000000 ____D C:\ProgramData\WindowsService.{D20EA4E1-3957-11D2-A40B-0C5020524153}
2025-04-09 22:43 - 2025-04-09 22:43 - 000000000 ____D C:\Users\mandr\AppData\Roaming\Bungie
emptytemp:
end::