start:: systemrestore: on closeprocesses: createrestorepoint: Virusscan: C:\GjpXlnKNVQ\nanana\System Guard Runtime Monitor.exe virusscan: C:\GjpXlnKNVQ\nanana\procgov.exe HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\ProgramData\WindowsService.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe, <==== ATTENTION C:\ProgramData\WindowsService.{D20EA4E1-3957-11D2-A40B-0C5020524153} HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-739641041-304123353-3345956498-1002\...\Run: [qBittorrent] => C:\Program Files\qBittorrent\qbittorrent.exe [32323072 2024-08-18] (The qBittorrent Project) [Fichier non signé] HKU\S-1-5-21-739641041-304123353-3345956498-1002\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe (Pas de fichier) HKU\S-1-5-21-739641041-304123353-3345956498-1002\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe --component-updater=url-source=hxxps://go-updater.brave.com/extensions --disable-domain-reliability --enable-distillability-service (l'élément de données a 372 caractères en plus). (Pas de fichier) Task: {4706DB41-1616-4769-B64D-0B8D298F8D5E} - System32\Tasks\MicrosoftEdgeMonitor => C:\GjpXlnKNVQ\nanana\System -> Guard Runtime Monitor.exe C:\GjpXlnKNVQ\nanana\System Guard Runtime Monitor.exe <==== ATTENTION Task: {47C48713-C88D-47CD-B9A3-C5B9E468FF84} - System32\Tasks\SystemOneDriveUpdateTaskMachineCoreTask => C:\ProgramData\Microsoft\wbem.{208D2C60-3AEA-1069-A2D7-08002B30309D}\WmiPrvSE.exe [2915840 2025-05-02] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION Task: {628103FE-5E91-4A4C-A0A0-FA58036A26BC} - System32\Tasks\task1 => C:\GjpXlnKNVQ\nanana\Process Guard Runtime Observer.exe [7150889 2025-05-02] () [Fichier non signé] <==== ATTENTION Task: {778DC89E-4DB4-476E-98A1-DFA99622D5E2} - System32\Tasks\UpdateTask => C:\Users\mandr\AppData\Roaming\IPEvcon\AvastBrowserUpdate.exe [180240 2025-05-03] (Avast Software s.r.o. -> AVAST Software) <==== ATTENTION Task: {0F61D8BB-1B34-4A9E-A164-DD206E1EA2CC} - System32\Tasks\WinServiceTask => C:\ProgramData\WindowsService.{D20EA4E1-3957-11D2-A40B-0C5020524153}\UserOOBEBroker.exe [50176 2025-05-02] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION S3 EasyAntiCheat_EOS; "C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe" [X] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] C:\GjpXlnKNVQ\nanana 2025-05-03 06:41 - 2025-05-03 06:45 - 000000000 ____D C:\Users\mandr\AppData\Roaming\IPEvcon 2025-05-03 06:41 - 2025-05-03 06:41 - 000003230 _____ C:\Windows\system32\Tasks\UpdateTask 2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\SpotsObesity 2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\ProspectiveTrade 2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\HowSamba 2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\HackerNiger 2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\FearsNot 2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\DressGeography 2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\BeyondBasic 2025-05-03 06:40 - 2025-05-03 06:40 - 000000000 _____ C:\Windows\AdvocateMt 2025-05-02 19:35 - 2025-05-03 12:58 - 000003522 _____ C:\Windows\system32\Tasks\MicrosoftEdgeMonitor 2025-05-02 19:35 - 2025-05-03 12:58 - 000003332 _____ C:\Windows\system32\Tasks\task1 2025-05-02 19:34 - 2025-05-02 19:34 - 000000000 ___HD C:\GjpXlnKNVQ 2025-05-02 15:37 - 2025-05-02 15:37 - 000003666 _____ C:\Windows\system32\Tasks\WinServiceTask 2025-05-02 15:37 - 2025-05-02 15:37 - 000003586 _____ C:\Windows\system32\Tasks\SystemOneDriveUpdateTaskMachineCoreTask 2025-05-02 15:37 - 2025-05-02 15:37 - 000000000 ____D C:\ProgramData\WindowsService.{D20EA4E1-3957-11D2-A40B-0C5020524153} 2025-04-09 22:43 - 2025-04-09 22:43 - 000000000 ____D C:\Users\mandr\AppData\Roaming\Bungie emptytemp: end::