start:: CloseProcesses: EmptyTemp: CreateRestorePoint: HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5868016 2018-09-20] (Adobe Systems Incorporated) HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [System.vbs] => C:\ProgramData\System.vbs [20150 2018-09-24] () <==== ATTENTION HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [XthnEqldMB] => wscript.exe //B "C:\Users\Guilhaume\AppData\Roaming\XthnEqldMB.vbs" HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [W4V8FBQC7Q] => wscript.exe //B "C:\ProgramData\W4V8FBQC7Q.vbs" <==== ATTENTION HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [Y2SVEWCFLI] => wscript.exe //B "C:\ProgramData\Y2SVEWCFLI.vbs" <==== ATTENTION HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [PizbOnbrkq] => wscript.exe //B "C:\Users\Guilhaume\AppData\Roaming\PizbOnbrkq.vbs" HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [GoogleChrome.exe] => "C:\Users\Guilhaume\AppData\Local\Temp\2165.exe" .. <==== ATTENTION HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [Windows Defender] => C:\Users\Guilhaume\AppData\Roaming\Update Defender\DefenderUpdate.exe [985776 2018-10-02] (Company name) HKU\S-1-5-21-1652084678-2015630781-2717873566-1001\...\Run: [Windows64] => "C:\Users\Guilhaume\AppData\Roaming\WindowsUpdate\ChromeUpdate.exe" CMD: Taskkill /F /IM wscript.exe CMD: Taskkill /F /IM DefenderUpdate.exe CMD: Taskkill /F /IM 2165.exe C:\Users\Guilhaume\AppData\Roaming\Update Defender\DefenderUpdate.exe C:\Users\Guilhaume\AppData\Roaming\Update Defender C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CXAisFbEJq.vbs [2018-09-28] () C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PizbOnbrkq.vbs [2018-09-27] () C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.vbs [2018-09-24] () <==== ATTENTION C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\W4V8FBQC7Q.vbs [2018-09-25] () C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XthnEqldMB.vbs [2018-09-24] () C:\Users\Guilhaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Y2SVEWCFLI.vbs [2018-09-26] () C:\Users\Guilhaume\AppData\Roaming\PizbOnbrkq.vbs C:\ProgramData\Y2SVEWCFLI.vbs C:\ProgramData\W4V8FBQC7Q.vbs C:\Users\Guilhaume\AppData\Roaming\XthnEqldMB.vbs C:\ProgramData\System.vbs C:\Users\Guilhaume\AppData\Local\Temp\2165.exe C:\ProgramData\05.exe C:\ProgramData\65.exe C:\ProgramData\c.exe C:\ProgramData\e.exe C:\ProgramData\n.exe C:\ProgramData\nn.exe Tcpip\..\Interfaces\{128dfe24-c3c2-44d6-a9de-07f1b3fee6c3}: [DhcpNameServer] 82.163.143.157 Tcpip\..\Interfaces\{aa461bf8-16c4-4d32-ae92-4c92a9fe34ed}: [DhcpNameServer] 82.163.143.157 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1652084678-2015630781-2717873566-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF SearchPlugin: C:\Users\Guilhaume\AppData\Roaming\Mozilla\Firefox\Profiles\79lfskvc.default\searchplugins\bing-lavasoft-ff59.xml [2018-06-05] CHR Extension: (Chrome Media Router) - C:\Users\Guilhaume\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19] S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X] S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X] S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFMBRProtect.sys [X] S4 IMFSafeBox; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFSafeBox.sys [X] S3 iobit_monitor_server; \??\C:\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X] ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier CMD: Taskkill /F /IM 5260.exe Task: {5454646A-4459-4EE8-BA86-0F6ACC2C0403} - System32\Tasks\NYAN => C:\Users\GUILHA~1\AppData\Local\Temp\2165.exe <==== ATTENTION Task: {65D36A8D-1A31-41EB-B274-18C90BE6F651} - System32\Tasks\NYANP => C:\Users\GUILHA~1\AppData\Local\Temp\5260.exe <==== ATTENTION Task: {79221F23-AE51-4ED5-ADF9-C5C7A40EC6C8} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION End::