start:: CreateRestorePoint: CloseProcesses: Hosts: EmptyTemp: RemoveProxy: Task: {6D9C3254-A037-473D-BB3F-08D3ED8C0A18} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Pas de fichier) Task: {AFDF2510-D70B-45DD-B04F-09048C5AD716} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe -appexecutable nup.exe -tuds (Pas de fichier) Task: {F64A1DE8-279A-431F-B3C6-9FD268D61FE5} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities Premium\ActiveBridge.exe -appexecutable NUP.exe -ammode (Pas de fichier) HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Mozilla Firefox\firefox.exe -os-restarted -url hxxps://adlice.com/download/roguekiller/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn Task: {31D19CFF-B0C9-4E55-8332-7AED29E7C223} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2020-02-29] (Google Inc -> Google LLC) Task: {45AEB930-8F72-49C6-81BF-7BE68F481407} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform) Task: {6BA886AB-D796-40D1-8A26-023970AEC888} - System32\Tasks\Norton Utility\Live Boost Process Governor => C:\Program Files\Norton Utilities Premium\x64\LBGovernor.exe [1050096 2021-11-11] (NortonLifeLock Inc. -> Symantec Corporation) Task: {7720C78A-2303-46B3-AEA3-4DA4830C5556} - System32\Tasks\Norton Utility\AutomaticCare => C:\Program Files\Norton Utilities Premium\NUP.exe [3632624 2021-11-11] (NortonLifeLock Inc. -> NortonLifeLock Inc) Task: {844775D2-10DA-437F-A753-3879ED8653BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2020-02-29] (Google Inc -> Google LLC) Task: {8B3AAB18-FA36-4DE7-BD7A-F95CE68F29A1} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Task: {9550AE29-8A55-4EFA-A20C-4EEF452BEB94} - System32\Tasks\CCleanerSkipUAC - papyo => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd) Task: {9C92DBB1-3E57-47FE-BDDC-348FB3A13BA5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-23] (Mozilla Corporation -> Mozilla Foundation) Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] FF Extension: (Norton Safe Web) - C:\Users\papyo\AppData\Roaming\Mozilla\Firefox\Profiles\yhmqlnnc.default-release-1607678590077\Extensions\nortonsafeweb@symantec.com.xpi [2021-08-28] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier Toolbar: HKU\S-1-5-21-2371481684-2106917738-1379841812-1001 -> Pas de nom - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Pas de fichier AV: Norton 360 (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D} AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75} AV: Norton Internet Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D} AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A} FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E} FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1} FW: Norton 360 (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6} FW: Norton Internet Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36} HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKU\S-1-5-21-2371481684-2106917738-1379841812-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-2371481684-2106917738-1379841812-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-2371481684-2106917738-1379841812-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1000&geo=FR&ver=22.21.1.151&locale=FR_fr&guid=9A332019-72F9-4ABE-A07B-D42993C9BE96&doi=2016-09-01&o=APN11913&cmpgn=jan21&gct=kwd&qsrc=2869 C:\Users\Gorpyloskev\Links\Desktop.lnk C:\Users\papyo\OneDrive\Coffre-fort.lnk StartRegEdit: Windows Registry Editor Version 5.00 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} -] "URL"="" EndRegEdit: DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|GoogleChromeAutoLaunch_49AFECF8A4BAA7AB9BACBB410FB5B18D DeleteValue: HKEY_USERS\S-1-5-21-2371481684-2106917738-1379841812-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|GoogleChromeAutoLaunch_49AFECF8A4BAA7AB9BACBB410FB5B18D C:\Users\papyo\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi C:\Users\papyo\AppData\Local\Temp\mat-debug-11072.log C:\Users\papyo\AppData\Local\Temp\mat-debug-11080.log C:\Users\papyo\AppData\Local\Temp\mat-debug-2124.log C:\Users\papyo\AppData\Local\Temp\mat-debug-7356.log DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\{44FD00FF-3A10-4ED3-94CC-45794698BC47}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\{44FD00FF-3A10-4ED3-94CC-45794698BC47}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\{D01DDA61-537C-4D18-8F45-83C5FA916BC4}\.cr\XTUSetup.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\{D01DDA61-537C-4D18-8F45-83C5FA916BC4}\.cr\XTUSetup.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-2371481684-2106917738-1379841812-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\{44FD00FF-3A10-4ED3-94CC-45794698BC47}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-2371481684-2106917738-1379841812-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\{44FD00FF-3A10-4ED3-94CC-45794698BC47}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-2371481684-2106917738-1379841812-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\{D01DDA61-537C-4D18-8F45-83C5FA916BC4}\.cr\XTUSetup.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-2371481684-2106917738-1379841812-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\{D01DDA61-537C-4D18-8F45-83C5FA916BC4}\.cr\XTUSetup.exe.ApplicationCompany DeleteKey: HKLM\SOFTWARE\Software DeleteValue: HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} unlock: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\MozillaMaintenance) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService C:\Program Files (x86)\Mozilla Maintenance Service DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BA886AB-D796-40D1-8A26-023970AEC888[ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6BA886AB-D796-40D1-8A26-023970AEC888[ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BA886AB-D796-40D1-8A26-023970AEC888[ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{6BA886AB-D796-40D1-8A26-023970AEC888[ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6BA886AB-D796-40D1-8A26-023970AEC888[ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6BA886AB-D796-40D1-8A26-023970AEC888[ C:\Windows\System32\Tasks\Norton Utility\Live Boost Process Governor] C:\Program Files\Norton Utilities Premium\x64\LBGovernor.exe [ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7720C78A-2303-46B3-AEA3-4DA4830C5556[ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7720C78A-2303-46B3-AEA3-4DA4830C5556[ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7720C78A-2303-46B3-AEA3-4DA4830C5556[ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{7720C78A-2303-46B3-AEA3-4DA4830C5556[ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7720C78A-2303-46B3-AEA3-4DA4830C5556[ DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7720C78A-2303-46B3-AEA3-4DA4830C5556[ C:\Windows\System32\Tasks\Norton Utility\AutomaticCare] C:\Program Files\Norton Utilities Premium\NUP.exe [ C:\WINDOWS\System32\Tasks\Norton Utility\Live Boost Process Governor C:\WINDOWS\System32\Tasks\Norton Utility\AutomaticCare C:\Program Files\Norton Utilities Premium\x64\LBGovernor.exe C:\Users\papyo\AppData\Roaming\Mozilla\Firefox\Profiles\yhmqlnnc.default-release-1607678590077\extensions\nortonsafeweb@symantec.com.xpi C:\Users\papyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36896A40-D958-486B-8A43-31A41E129FE2} DeleteKey: HKLM\SOFTWARE\Norton DeleteKey: HKLM\SOFTWARE\WOW6432Node\Norton DeleteKey: HKCU\SOFTWARE\Norton DeleteKey: HKCU\SOFTWARE\AppDataLow\Software\Norton DeleteKey: HKU\.DEFAULT\SOFTWARE\Norton DeleteKey: HKU\S-1-5-21-2371481684-2106917738-1379841812-1001\SOFTWARE\Norton C:\Program Files\Norton Utilities C:\Program Files\Norton Utilities Premium C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton C:\ProgramData\Norton C:\ProgramData\Norton Secure VPN C:\ProgramData\NortonInstaller C:\Users\papyo\AppData\Roaming\Norton C:\Users\papyo\AppData\Local\Norton C:\Users\papyo\AppData\Local\Norton Secure VPN DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe DeleteKey: HKLM\SOFTWARE\Avast Software DeleteKey: HKCU\SOFTWARE\AvastAdSDK DeleteKey: HKU\S-1-5-21-2371481684-2106917738-1379841812-1001\SOFTWARE\AvastAdSDK Reboot: C:\Windows\Temp\ *.* C:\Users\CurrentUserName\Appdata\Local\Temp\ *.* C:\Windows\SoftwareDistribution\Download\ * cmd: ipconfig /flushdns cmd: netsh winsock reset Cmd: netsh advfirewall reset Cmd: Netsh advfirewall set allprofiles state on cmd: dism.exe /online /cleanup-image /restorehealth end::