start:: CreateRestorePoint: CloseProcesses: Hosts: RemoveProxy: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-480081248-448449324-4229664033-1000\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe (Pas de fichier) HKU\S-1-5-18\...\Run: [] => [X] GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {C7A2E71A-026C-47E4-8D7F-3298F0AFCC0C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (Pas de fichier) Task: {F1D1E9BF-7917-40A2-8A9E-26FCE18F5EFE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (Pas de fichier) FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier] FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier] FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier] FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier] HKU\S-1-5-21-480081248-448449324-4229664033-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35320448 2022-01-25] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-480081248-448449324-4229664033-1000\...\MountPoints2: {acfec273-5774-11e8-b9d2-78e3b5b558ed} - F:\RTK_NIC_DRIVER_INSTALLER.sfx.exe HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35320448 2022-01-25] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-21] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\91.1.25.70\Installer\chrmstp.exe [2021-06-07] (Brave Software, Inc. -> Brave Software, Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level Task: {0457A182-7BB8-43AA-B67A-9AAAF30332D3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-01-25] (Piriform Software Ltd -> Piriform) Task: {09C5B8AD-2031-4C8F-9F6C-67D0576749AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-06-21] (Google Inc -> Google Inc.) Task: {1CE6426B-34DD-4F30-B6A2-8FD92EDB30F4} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-11-16] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {2F91155A-9A03-4052-B1CB-96BB1D8508A5} - System32\Tasks\{299D9C95-89AD-489F-93C4-307EB37FDA81} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/6.16.73.105.456/fr/abandoninstall?page=tsWLM Task: {63856918-6BC3-4D91-A2B9-4A5EF337BC78} - System32\Tasks\CCleanerSkipUAC - PLAY => C:\Program Files\CCleaner\CCleaner.exe [29453952 2022-01-25] (Piriform Software Ltd -> Piriform Software Ltd) Task: {76BB8F04-0016-459B-BB67-2356523E583E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-06-21] (Google Inc -> Google Inc.) Task: {820A50B5-8D3C-4480-B5C3-B6915D4BFF9A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\BraveSoftwareUpdateTaskMachineCore" /ENABLE Task: {820A50B5-8D3C-4480-B5C3-B6915D4BFF9A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\BraveSoftwareUpdateTaskMachineUA" /ENABLE Task: {820A50B5-8D3C-4480-B5C3-B6915D4BFF9A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE Task: {820A50B5-8D3C-4480-B5C3-B6915D4BFF9A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleanerSkipUAC - PLAY" /ENABLE Task: {820A50B5-8D3C-4480-B5C3-B6915D4BFF9A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE Task: {820A50B5-8D3C-4480-B5C3-B6915D4BFF9A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE Task: {820A50B5-8D3C-4480-B5C3-B6915D4BFF9A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\{299D9C95-89AD-489F-93C4-307EB37FDA81}" /ENABLE Task: {820A50B5-8D3C-4480-B5C3-B6915D4BFF9A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE Task: {ACAEB2A6-CB2E-4E02-BD1D-914E933B9FBF} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-11-16] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {C7A2E71A-026C-47E4-8D7F-3298F0AFCC0C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (Pas de fichier) Task: {F1D1E9BF-7917-40A2-8A9E-26FCE18F5EFE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (Pas de fichier) FF NetworkProxy: Mozilla\Firefox\Profiles\y9bqbldi.default -> type", 5 FF Extension: (Pas de nom) - C:\Users\PLAY\AppData\Roaming\Mozilla\Firefox\Profiles\y9bqbldi.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [non trouvé(e)] FF Extension: (Pas de nom) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [non trouvé(e)] CHR Notifications: Default -> hxxps://www.winamax.fr CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ContextMenuHandlers2: [{02a07e80-efa2-11d4-8306-a7ebd4c50c7c}] -> {02a07e80-efa2-11d4-8306-a7ebd4c50c7c} => C:\WINDOWS\system32\cdeject.dll -> Pas de fichier SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {B8D84EE3-E402-4597-A32A-850C507DEFFF} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com C:\Users\PLAY\Desktop\UDisk - Raccourci.lnk C:\Users\PLAY\AppData\Roaming\ZHP\Quarantine\Optimizer Pro v3.2\Désinstaller Optimizer Pro.lnk StartRegEdit: Windows Registry Editor Version 5.00 [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{049BE33B-9800-4424-BFFF-B4495BC52FC2}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{07472B4A-1F58-4425-97A3-3F62FE40F997}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{07D4C4F6-6DCF-4CDB-8ACB-1321514ED99A}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12668ADF-223F-49D7-92E1-7922A6757AC2}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15D2BFF3-F5E4-49A7-B417-BF4115E634FF}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{166069F2-03A8-46EA-AA1E-B6FB5C216AA6}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16DB0ECE-3D3F-4E78-94E7-92BE2A7B2240}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{173C4726-2EA8-4938-9507-2F4B053324A6}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2208BAF9-CE8C-443D-AAD3-5EDFC67B9739}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26249A06-B359-41D6-9C09-B25EA871F52B}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2725DD3C-8B4E-4470-ADD9-A133094AAB6E}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29FF7BFE-8137-4544-98F0-287960AEEB2D}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{33715CC1-9A81-490E-AB6E-7D9C4F742F20}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{39BAF009-8481-4CB8-89AA-DE1C6E97B768}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D29EF4D-FE0D-44D5-8F1E-E5D58B9CAFFE}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4027A155-CB8B-4CF9-A503-09570E4E1BB2}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{43FA4B08-F0CC-472E-B5B5-A551E425B50E}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4484F7BE-2678-4F58-B840-8A275CDDC74F}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4A0AAC73-562D-4ACC-A66A-90D1DEE1FF04}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4E0FC943-44A9-4004-A193-5AE15842EBA4}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D1E7ECD-3907-40C6-B590-BA9791F77FF3}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60A78367-94DF-405F-BE17-25913E45FEED}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{625410B6-2C64-4988-A1DE-107A57DD31B9}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{694AF580-56C1-4D14-A6FF-2A917C64CAA2}:] "NameServer"="" [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6CD430E8-551D-4C62-A6AB-EA850E34050C}:] "NameServer"="" EndRegEdit: DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Surfshark DeleteValue: HKU\S-1-5-21-480081248-448449324-4229664033-1000\\Software\Microsoft\Windows\CurrentVersion\Run|Surfshark] DeleteKey: HKCU\Software\undefined DeleteKey: HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe DeleteKey: HKLM\SOFTWARE\POLICIES\Mozilla\Firefox DeleteKey: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence DeleteKey: HKU\S-1-5-21-480081248-448449324-4229664033-1000\SOFTWARE\undefined NO SCRIPT FOR O69 - SBI: prefs.js [PLAY - y9bqbldi.default] user_pref("longfocus.updatenotifier.first-time", false); NO SCRIPT FOR O69 - SBI: prefs.js [PLAY - y9bqbldi.default] user_pref("longfocus.updatenotifier.icon.always-display", false); NO SCRIPT FOR O69 - SBI: prefs.js [PLAY - y9bqbldi.default] user_pref("longfocus.updatenotifier.startup.check", true); DeleteKey: HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\SendTo C:\Users\PLAY\AppData\Local\Google\Chrome\User Data\Default\File System\000 C:\Users\PLAY\AppData\Roaming\uTorrent C:\Users\PLAY\AppData\LocalLow\uTorrent DeleteKey: HKLM\SOFTWARE\WOW6432Node\Software DeleteKey: HKCU\SOFTWARE\Software DeleteKey: HKU\S-1-5-21-480081248-448449324-4229664033-1000\SOFTWARE\Software C:\Users\PLAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki C:\Users\PLAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B} DeleteKey: HKLM\SOFTWARE\AVAST Software DeleteKey: HKLM\SOFTWARE\WOW6432Node\AVAST Software DeleteKey: HKCU\SOFTWARE\AVAST Software DeleteKey: HKCU\SOFTWARE\AvastAdSDK DeleteKey: HKCU\SOFTWARE\Browser Cleanup DeleteKey: HKU\.DEFAULT\SOFTWARE\Avast Software DeleteKey: HKU\S-1-5-21-480081248-448449324-4229664033-1000\SOFTWARE\AVAST Software DeleteKey: HKU\S-1-5-21-480081248-448449324-4229664033-1000\SOFTWARE\AvastAdSDK DeleteKey: HKU\S-1-5-21-480081248-448449324-4229664033-1000\SOFTWARE\Browser Cleanup C:\ProgramData\AVAST Software C:\Program Files (x86)\Common Files\AV unlock: C:\Windows\System32\drivers\staport.sys C:\Windows\System32\drivers\staport.sys DeleteKey: HKLM\Software\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5 DeleteKey: HKLM\Software\Classes\Installer\Features\22BA3C918173D4E42B3042F2051065B5 DeleteKey: HKCU\Software\Microsoft\Installer\Products\22BA3C918173D4E42B3042F2051065B5 DeleteKey: HKCU\Software\Microsoft\Installer\Features\22BA3C918173D4E42B3042F2051065B5 C:\Windows\Installer\426858.msi [ DeleteKey: HKLM\SOFTWARE\AdsFix DeleteKey: HKLM\SOFTWARE\WOW6432Node\JavaSoft DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched C:\Users\PLAY]\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk C:\Users\PLAY]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk DeleteKey: HKCU\SOFTWARE\Chromium DeleteKey: HKU\S-1-5-21-480081248-448449324-4229664033-1000\SOFTWARE\Chromium C:\Users\PLAY\AppData\Local\chromium DeleteKey: HKLM\SOFTWARE\WOW6432Node\Clients\StartMenuInternet\Chromium.ES5R7KYNFNHBHFPLXZRAJZMLIE> C:\Users\PLAY\AppData\Local\Chromium\Application\chrome.exe DeleteKey: HKCU\SOFTWARE\ZebHelpProcess Helper DeleteKey: HKU\S-1-5-21-480081248-448449324-4229664033-1000\SOFTWARE\ZebHelpProcess Helper C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip C:\ProgramData\WinZip cmd: ipconfig /flushdns cmd: netsh winsock reset cmd: netsh advfirewall reset cmd: Netsh advfirewall set allprofiles state on cmd: WHERE /r c:\ keyge*.* /t cmd: WHERE /r c:\ crack.* /t C:\Windows\Temp\ *.* C:\Users\CurrentUserName\Appdata\Local\Temp\ *.* C:\Users\CurrentUserName\Appdata\Local\Google\Chrome\User Data\Default\Cache\*.* C:\Users\CurrentUserName\Appdata\Local\ Microsoft\Edge\User Data\Default\Cache\*.* EmptyTemp: C:\Windows\SoftwareDistribution\Download\ * cmd: sfc /scannow Reboot: end::