Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected by malware named Black Sky

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected by malware named Black Sky

Unread postby Johndoe225 » December 12th, 2022, 7:30 am

Hello,

I got infected by a malware named "Black Sky"
Here is a youtube video about it : https://www.youtube.com/watch?v=CXNS3IkBINY
Would you kindly help me get rid of it a clean my computer ?
Thanks in adavance

Below are my FRST logs

FRST.txt
Code: Select all
Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2022
Exécuté par TOM (administrateur) sur MY_LAPTOP (HP HP EliteBook 840 G8 Notebook PC) (12-12-2022 11:01:03)
Exécuté depuis C:\Users\TOM\Desktop
Profils chargés: TOM
Plate-forme: Microsoft Windows 10 Entreprise Version 22H2 19045.2251 (X64) Langue: Français (France)
Navigateur par défaut: Edge
Mode d'amorçage: Normal

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe <8>
(C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.15.2874.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.15.2874.0_x64__8wekyb3d8bbwe\OpenConsole.exe <2>
(C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.15.2874.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.15.2874.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wsl.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCopyAccelerator.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_0fbb2cdf4fb6467e\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0fbb2cdf4fb6467e\igfxEMN.exe
(explorer.exe ->) () [Fichier non signé] C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shingeki no kyojin.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <4>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <39>
(explorer.exe ->) (Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\TOM\Documents\Tools\Sysinternals\SysinternalsSuite\Autoruns.exe
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.15.2874.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
(explorer.exe ->) (OpenVPN Inc. -> ) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\com.docker.service
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_c33d3226824e4250\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_e2143fc8249238dd\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_e2143fc8249238dd\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0fbb2cdf4fb6467e\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_7322d271029d40e8\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c3bfb56a1230fdfd\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_33a6982ac1e20313\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_7616b976fc6840bd\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Windows -> ) C:\Windows\System32\OpenSSH\ssh-agent.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe
(services.exe ->) (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b8f1bff0e3af96f2\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (The Apache Software Foundation -> Apache Software Foundation) C:\Users\TOM\Documents\Tools\neo4j-community-4.4.11\bin\tools\prunsrv-amd64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.214.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\lxss\wslhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(vmcompute.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\vmwp.exe

==================== Registre (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b8f1bff0e3af96f2\RtkAudUService64.exe [1594248 2022-08-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2022-09-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [281432 2022-08-10] (Docker Inc -> Docker Inc.)
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Run: [MicrosoftEdgeAutoLaunch_8EE6ED75BAABE45714C69E0EFA79F89F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3877288 2022-12-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [869144 2022-11-11] (OpenVPN Inc. -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{4DC5E5B0-0BC0-4A2B-B118-1F2E3796E8A4}] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\108.0.5359.99\Installer\chrmstp.exe [2022-12-08] (Google LLC -> Google LLC)
Startup: C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2022-10-11]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shingeki no kyojin.exe [1980-01-04] () [Fichier non signé]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Tâches planifiées (Avec liste blanche) ============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {030F4DCD-F437-4DC7-8FDB-5436CEB610FC} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\Installer\setup.exe [3367840 2022-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {17D6E61C-B855-4883-B5AF-B1D5F1404A3A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25E4D2EA-23B0-4148-8041-DAC9AB13DBE6} - System32\Tasks\GoogleUpdateTaskMachineCore{816FA00C-AF00-4598-A6A5-AD3FDFAA39C6} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-19] (Google LLC -> Google LLC)
Task: {36E0837E-34CD-4729-817B-5E955EDA4FCA} - System32\Tasks\GoogleUpdateTaskMachineUA{1C074024-B478-4246-8AAE-4B43E3B2D864} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-19] (Google LLC -> Google LLC)
Task: {3E8A841D-6F4C-46CC-A589-83A9D288E092} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Pas de fichier)
Task: {63E37383-418D-45B8-8DDD-092AC7D13EAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {666254A2-C79C-4E10-AEC4-36E90EE8E14A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {795CCFAD-5E43-4818-BCC0-716843FF247E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CF8BDF5-4A1A-49BA-9655-7E7AA64971AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {9721C737-FAFB-461A-97DB-ACBCB3FFF3E6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B887709B-9A2F-46D7-9D6F-1E615D867DF1} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-08-18] () [Fichier non signé]
Task: {E892E222-5986-4FB5-BCAD-C0E8B7103EB0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)


==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

AutoConfigURL: [{34753BBF-14BA-41B0-9B83-5C30F4688EB6}] => hxxp://proxy.homelab.local/ <==== ATTENTION
Winsock: Catalog9 15 C:\Windows\SysWOW64\vsocklib.dll [44128 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\vsocklib.dll [44128 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [48224 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [48224 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\..\Interfaces\{7386cfae-11ae-4f48-b4ba-9f6742b53a70}: [DhcpNameServer] 196.201.90.4 196.201.90.20

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\TOM\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-12]
Edge Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\TOM\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-11-24]
Edge Extension: (HP Dynamic Audio) - C:\Users\TOM\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iahgjpkfebmcdcaifedofgakoancmoli [2022-08-10]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default [2022-12-12]
CHR Extension: (Google Traduction) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-11-24]
CHR Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-12-12]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2022-11-28]
CHR Extension: (Google Docs hors connexion) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-12]
CHR Extension: (Vue.js devtools) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhdogjmejiglipccpnnnanhbledajbpd [2022-10-20]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-19]
CHR Extension: (Proxy Switcher and Manager) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\onnfghpihccifgojkpnnncpagjcdbjod [2022-10-19]

==================== Services (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [19832 2022-08-10] (Docker Inc -> Docker Inc.)
S3 filezilla-server; C:\Program Files\FileZilla Server\filezilla-server.exe [6052352 2022-07-29] (FileZilla Project) [Fichier non signé]
R2 FMAPOService; C:\Windows\System32\FMService64.exe [482200 2022-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HotKeyServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_e2143fc8249238dd\HotKeyServiceUWP.exe [1556592 2022-06-14] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\AppHelperCap.exe [791544 2022-10-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\DiagsCap.exe [790488 2022-10-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\NetworkCap.exe [787416 2022-10-24] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\SysInfoCap.exe [791496 2022-10-24] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_c33d3226824e4250\x64\TouchpointAnalyticsClientService.exe [493664 2022-09-28] (HP Inc. -> HP Inc.)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\\AS\\IAS\\IntelAudioService.exe [532024 ] (Intel Corporation -> Intel)
R2 LanWlanWwanSwitchingServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_e2143fc8249238dd\LanWlanWwanSwitchingServiceUWP.exe [602224 2022-06-14] (HP Inc. -> HP Inc.)
S3 LxssManagerUser; C:\Windows\system32\lxss\wslclient.dll [301056 2022-08-24] (Microsoft Windows -> Microsoft Corporation)
R2 neo4j; C:\Users\TOM\Documents\Tools\neo4j-community-4.4.11\bin\tools\prunsrv-amd64.exe [116648 2022-08-29] (The Apache Software Foundation -> Apache Software Foundation)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [67360 2022-11-11] (OpenVPN Inc. -> The OpenVPN Project)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224216 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [254112 2021-07-14] (Intel Corporation -> Intel Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [748664 2022-07-19] (Oracle Corporation -> Oracle Corporation)
S2 WbfPolicyService110; C:\Windows\System32\WbfPolicyService110.exe [715704 2022-07-29] (Synaptics Incorporated -> Synaptics Incorporated.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Pilotes (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-15] (HP Inc. -> HP Inc.)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1546944 2021-10-20] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_d97909364d9908a5\IntcUSB.sys [892968 2022-06-02] (Intel Corporation -> Intel(R) Corporation)
R3 MpKslf059e526; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E1DA5E9-08B3-4D3C-B5D8-FD4E91010BB7}\MpKslDrv.sys [214280 2022-12-12] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [77336 2022-08-19] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [77336 2022-08-19] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 SynStykFilterHID; C:\Windows\System32\drivers\SynTP.sys [810952 2021-09-02] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2022-11-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [242656 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [252560 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1081592 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [60344 2022-07-10] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [67072 2022-07-10] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [105912 2021-08-16] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2022-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473376 2022-12-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-12] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_6e6883aaac7c1f77\WiManH\WiManH.sys [180312 2022-06-29] (Intel Corporation -> Intel Corporation)
R3 wintun; C:\Windows\System32\drivers\wintun.sys [38176 2022-11-19] (WireGuard LLC -> WireGuard LLC)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois (créés) (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2022-12-12 11:01 - 2022-12-12 11:01 - 000026394 _____ C:\Users\TOM\Desktop\FRST.txt
2022-12-12 11:00 - 2022-12-12 11:01 - 000000000 ____D C:\FRST
2022-12-12 10:55 - 2022-12-12 10:55 - 002375680 _____ (Farbar) C:\Users\TOM\Desktop\FRST64.exe
2022-12-12 10:44 - 2022-12-12 10:44 - 000000000 ____D C:\Users\TOM\Documents\temp2
2022-12-12 10:00 - 2022-12-12 10:00 - 000043224 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2022-12-08 18:14 - 2022-12-08 18:20 - 019268943 _____ C:\Users\TOM\Downloads\Non confirmé 729468.crdownload
2022-12-07 16:18 - 2022-12-07 16:18 - 000088940 _____ C:\Users\TOM\Downloads\ccna_4-commandes_nat_et_pat.pdf
2022-12-07 16:17 - 2022-12-07 16:17 - 000242574 _____ C:\Users\TOM\Downloads\dns.pdf
2022-12-07 15:25 - 2022-12-07 15:25 - 000167768 _____ C:\Users\TOM\Downloads\tp_dhcp_dns_natpat.pdf
2022-12-06 15:52 - 2022-12-06 15:52 - 002239919 _____ C:\Users\TOM\Desktop\CIS_Docker_Benchmark_v1_2_0.pdf
2022-12-05 16:40 - 2022-12-09 19:50 - 000000000 ____D C:\Users\TOM\Documents\CNAM
2022-12-05 16:40 - 2022-12-07 15:25 - 000000184 _____ C:\Users\TOM\.packettracer
2022-12-05 16:40 - 2022-12-05 16:42 - 000000000 ____D C:\Users\TOM\Cisco Packet Tracer 5.3.3
2022-12-05 16:40 - 2022-12-05 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer
2022-12-05 16:39 - 2022-12-05 16:40 - 000000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 5.3.3
2022-12-05 16:38 - 2022-12-05 16:39 - 084110703 _____ (Cisco Systems, Inc. ) C:\Users\TOM\Downloads\PacketTracer533_setup.exe
2022-12-02 16:17 - 2022-12-02 16:19 - 000000000 ____D C:\.ssh
2022-11-29 11:30 - 2022-11-29 11:30 - 099112901 _____ C:\Users\TOM\Downloads\faraday-server_amd64.rpm
2022-11-25 08:32 - 2022-12-02 15:29 - 000000000 ____D C:\Users\TOM\Documents\Other TOM
2022-11-24 07:27 - 2022-11-24 07:27 - 000000000 ____D C:\Users\TOM\AppData\LocalLow\Oracle
2022-11-23 08:16 - 2022-11-23 08:16 - 000000000 ____D C:\Users\TOM\AppData\Roaming\java
2022-11-23 08:15 - 2022-11-23 08:16 - 000000000 ____D C:\Users\TOM\AppData\Roaming\SQL Developer
2022-11-23 08:15 - 2022-11-23 08:15 - 000000000 ____D C:\Users\TOM\AppData\Roaming\sqldeveloper
2022-11-23 08:10 - 2022-11-23 08:10 - 000000000 ____D C:\Users\TOM\AppData\Roaming\HeidiSQL
2022-11-22 08:39 - 2022-11-22 08:40 - 000000000 ____D C:\Users\TOM\Documents\Objectifs
2022-11-19 17:53 - 2022-11-19 17:53 - 000039920 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2022-11-19 17:53 - 2022-11-19 17:53 - 000038176 _____ (WireGuard LLC) C:\Windows\system32\Drivers\wintun.sys
2022-11-19 17:53 - 2022-11-19 17:53 - 000001996 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2022-11-19 17:53 - 2022-11-19 17:53 - 000000000 ____D C:\Users\TOM\OpenVPN
2022-11-19 17:53 - 2022-11-19 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2022-11-19 17:53 - 2022-11-19 17:53 - 000000000 ____D C:\Program Files\OpenVPN
2022-11-19 17:52 - 2022-11-19 17:52 - 004419584 _____ C:\Users\TOM\Downloads\OpenVPN-2.5.8-I603-amd64.msi
2022-11-19 17:20 - 2022-11-19 17:54 - 000000000 ____D C:\Users\TOM\Documents\Hackthebox
2022-11-18 11:09 - 2022-11-18 11:09 - 000000000 ___HD C:\$WinREAgent
2022-11-18 11:01 - 2022-11-18 11:01 - 000000000 ____D C:\Users\TOM\Documents\Zoom
2022-11-18 11:00 - 2022-11-18 11:00 - 000137600 _____ (Zoom Video Communications, Inc.) C:\Users\TOM\Downloads\Zoom_cm_ds_mfgiXX8B7vVy4TSHYrmFgaMGH61rfkglOGmgA@4OqJSLJS42sTU7S-_k9b3f903bcb334978_.exe
2022-11-18 11:00 - 2022-11-18 11:00 - 000000000 ____D C:\Users\TOM\AppData\Roaming\Zoom
2022-11-18 11:00 - 2022-11-18 11:00 - 000000000 ____D C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-11-18 11:00 - 2022-11-18 11:00 - 000000000 ____D C:\Users\TOM\AppData\Local\Zoom
2022-11-17 13:04 - 2022-11-17 13:04 - 010175044 _____ C:\Users\TOM\Downloads\wstg-v4.2 (1).pdf
2022-11-16 08:50 - 2022-12-05 16:25 - 000000704 _____ C:\Users\TOM\Desktop\temp.txt
2022-11-14 14:55 - 2022-12-12 10:21 - 000004172 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{CEF436DB-BC3D-4AE7-9D7D-28B4355EE9B4}
2022-11-14 08:40 - 2022-11-14 08:40 - 005453100 _____ C:\Users\TOM\Downloads\Vendre la guerre - Pierre Conesa.epub

==================== Un mois (modifiés) ==================

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2022-12-12 11:00 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF
2022-12-12 10:56 - 2022-11-08 08:04 - 000000000 ____D C:\Users\TOM\AppData\Roaming\uTorrent
2022-12-12 10:50 - 2022-10-19 10:12 - 000000000 ____D C:\Program Files (x86)\Google
2022-12-12 10:38 - 2022-09-22 09:08 - 000000000 ____D C:\Users\TOM\Documents\Tools
2022-12-12 10:23 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-12-12 09:47 - 2022-08-09 06:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-12-12 09:05 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness
2022-12-12 08:58 - 2022-08-09 06:57 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-12-12 08:52 - 2022-08-10 16:38 - 000000514 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2022-12-12 08:47 - 2022-08-24 17:22 - 000000000 __SHD C:\Users\TOM\IntelGraphicsProfiles
2022-12-12 08:47 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-12-09 19:51 - 2022-10-18 17:04 - 000000000 ____D C:\Users\TOM\AppData\Roaming\vlc
2022-12-09 19:41 - 2022-09-21 13:33 - 000000000 ____D C:\ProgramData\VMware
2022-12-08 20:18 - 2022-10-19 10:13 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-12-08 15:24 - 2022-08-09 07:05 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4291724383-3096681415-704644627-1001
2022-12-08 15:24 - 2022-08-09 07:02 - 000002411 _____ C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-12-07 15:58 - 2022-08-09 07:02 - 000000000 ____D C:\Users\TOM\AppData\Local\Packages
2022-12-07 15:24 - 2022-08-10 16:06 - 000004784 _____ C:\Windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-12-07 15:24 - 2022-08-09 06:57 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-12-06 14:23 - 2022-09-22 10:28 - 000000000 ____D C:\Users\TOM\AppData\Roaming\Code
2022-12-05 16:40 - 2022-08-09 07:02 - 000000000 ____D C:\Users\TOM
2022-12-05 13:24 - 2022-08-24 13:19 - 000000000 ____D C:\Users\TOM\Documents\Backups
2022-12-02 16:26 - 2022-09-21 13:34 - 000000000 ____D C:\Users\TOM\AppData\Roaming\VMware
2022-11-29 10:13 - 2022-09-21 13:34 - 000000000 ____D C:\Users\TOM\AppData\Local\VMware
2022-11-24 17:57 - 2022-08-23 18:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-11-24 09:33 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\NDF
2022-11-24 07:29 - 2022-09-26 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2022-11-24 07:29 - 2022-09-25 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-11-24 07:29 - 2022-09-25 20:36 - 000000000 ____D C:\Program Files\Java
2022-11-24 07:29 - 2022-08-09 07:03 - 001689652 _____ C:\Windows\system32\PerfStringBackup.INI
2022-11-24 07:29 - 2019-12-07 14:49 - 000760790 _____ C:\Windows\system32\perfh00C.dat
2022-11-24 07:29 - 2019-12-07 14:49 - 000144070 _____ C:\Windows\system32\perfc00C.dat
2022-11-24 07:22 - 2022-08-10 16:26 - 000000000 ____D C:\ProgramData\DockerDesktop
2022-11-24 07:22 - 2022-08-09 07:18 - 000000000 ____D C:\Intel
2022-11-24 07:22 - 2022-08-09 06:57 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-24 07:22 - 2022-08-09 06:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-11-24 07:22 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\ServiceState
2022-11-23 16:47 - 2019-12-07 09:03 - 001835008 _____ C:\Windows\system32\config\BBI
2022-11-23 08:55 - 2022-08-10 15:57 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4291724383-3096681415-704644627-1001
2022-11-22 08:40 - 2022-09-22 14:38 - 000000000 ____D C:\Users\TOM\Documents\Red Team
2022-11-21 12:07 - 2022-11-02 13:31 - 000000000 ____D C:\Users\TOM\Documents\scripts
2022-11-21 10:22 - 2022-08-23 18:44 - 000000000 ____D C:\Users\TOM\AppData\Roaming\FileZilla
2022-11-19 17:45 - 2022-08-10 16:36 - 000000000 ____D C:\Users\TOM\AppData\Local\PlaceholderTileLogoFolder
2022-11-19 17:45 - 2022-08-09 07:02 - 000000000 ____D C:\ProgramData\Packages
2022-11-18 11:11 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp
2022-11-18 10:12 - 2022-09-26 09:47 - 000000000 ____D C:\Users\TOM\AppData\Roaming\com.adobe.dunamis
2022-11-18 09:51 - 2022-08-10 16:29 - 000001575 _____ C:\Windows\system32\config\VSMIDK
2022-11-18 08:44 - 2022-11-01 08:26 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2022-11-17 18:06 - 2022-09-26 17:06 - 000000000 ____D C:\Users\TOM\AppData\Roaming\bloodhound
2022-11-16 11:10 - 2022-09-22 10:27 - 000000000 ____D C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2022-11-16 11:03 - 2022-10-12 16:01 - 000000000 ____D C:\Users\TOM\AppData\Local\ElevatedDiagnostics
2022-11-16 11:03 - 2022-08-09 09:49 - 000000000 ____D C:\Users\TOM\AppData\Local\D3DSCache
2022-11-15 14:54 - 2022-08-09 06:57 - 000436216 _____ C:\Windows\system32\FNTCACHE.DAT
2022-11-15 14:54 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-11-15 14:53 - 2022-08-10 16:29 - 000000000 ___SD C:\Windows\system32\lxss
2022-11-15 14:53 - 2019-12-07 14:52 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SystemResources
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\oobe
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\Dism
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\bcastdvr
2022-11-14 17:48 - 2022-10-20 12:28 - 000000000 ____D C:\Users\TOM\Documents\Audits
2022-11-14 14:57 - 2019-12-07 09:14 - 000000000 ___SD C:\Windows\Downloaded Program Files
2022-11-14 10:34 - 2022-11-08 08:10 - 000000000 ____D C:\Users\TOM\AppData\Local\BitTorrentHelper
2022-11-14 08:37 - 2022-08-09 06:57 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-14 08:37 - 2022-08-09 06:57 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Fichiers à la racine de certains dossiers ========

2022-09-21 18:52 - 2022-09-21 18:52 - 000000128 ____H () C:\Users\TOM\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2022-11-02 13:27 - 2022-11-02 13:28 - 000000149 _____ () C:\Users\TOM\AppData\Local\zenmap.exe.log

==================== SigCheck ============================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

==================== Fin de FRST.txt ========================


Addition.txt
Code: Select all
Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 11-12-2022
Exécuté par TOM (12-12-2022 11:02:01)
Exécuté depuis C:\Users\TOM\Desktop
Microsoft Windows 10 Entreprise Version 22H2 19045.2251 (X64) (2022-08-09 06:58:53)
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================


(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

Administrateur (S-1-5-21-4291724383-3096681415-704644627-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4291724383-3096681415-704644627-503 - Limited - Disabled)
Invité (S-1-5-21-4291724383-3096681415-704644627-501 - Limited - Disabled)
TOM (S-1-5-21-4291724383-3096681415-704644627-1001 - Administrator - Enabled) => C:\Users\TOM
WDAGUtilityAccount (S-1-5-21-4291724383-3096681415-704644627-504 - Limited - Disabled)

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 22.003.20282 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.8.2 - Angry IP Scanner)
Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version:  - Cisco Systems, Inc.)
Docker Desktop (HKLM\...\Docker Desktop) (Version: 4.11.1 - Docker Inc.)
FileZilla 3.60.2 (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\FileZilla Client) (Version: 3.60.2 - Tim Kosse)
FileZilla Server 1.5.1 (HKLM\...\FileZilla Server) (Version: 1.5.1 - Tim Kosse <tim.kosse@filezilla-project.org>)
Free Cam 8 (HKLM-x32\...\{31FACC6B-2EB0-4092-B715-FE8B8916A967}) (Version: 8.7.27159 - iSpring Solutions Inc.)
Genymotion version 3.1.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 3.1.0 - Genymobile)
Git (HKLM\...\Git_is1) (Version: 2.37.3 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 108.0.5359.99 - Google LLC)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 351 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180351F0}) (Version: 8.0.3510.10 - Oracle Corporation)
Java(TM) SE Development Kit 11.0.16.1 (64-bit) (HKLM\...\{C92DE8EA-63C2-5A16-B603-60C43057E595}) (Version: 11.0.16.1 - Oracle Corporation)
Logiciel d'archivage WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Magnet AXIOM (HKLM\...\{5945B0AF-553E-4B9B-8466-445432018FF3}}_is1) (Version: 6.6.0.33061 - Magnet Forensics Inc.)
Microsoft Access MUI (French) 2016 (HKLM-x32\...\{90160000-0015-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft DCF MUI (French) 2016 (HKLM-x32\...\{90160000-0090-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 108.0.1462.42 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 108.0.1462.46 - Microsoft Corporation)
Microsoft Excel MUI (French) 2016 (HKLM-x32\...\{90160000-0016-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (French) 2016 (HKLM-x32\...\{90160000-00BA-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (French) 2016 (HKLM-x32\...\{90160000-0044-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2016 (HKLM\...\{90160000-002A-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2016 – Deutsch (HKLM-x32\...\{90160000-001F-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (French) 2016 (HKLM-x32\...\{90160000-00E1-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (French) 2016 (HKLM-x32\...\{90160000-00E2-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professionnel Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing (French) 2016 (HKLM-x32\...\{90160000-002C-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM-x32\...\{90160000-001F-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - اللغة العربية (HKLM-x32\...\{90160000-001F-0401-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (French) 2016 (HKLM\...\{90160000-002A-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2016 (HKLM-x32\...\{90160000-006E-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\OneDriveSetup.exe) (Version: 22.232.1106.0002 - Microsoft Corporation)
Microsoft OneNote MUI (French) 2016 (HKLM-x32\...\{90160000-00A1-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (French) 2016 (HKLM-x32\...\{90160000-001A-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (French) 2016 (HKLM-x32\...\{90160000-0018-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (French) 2016 (HKLM-x32\...\{90160000-0019-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Skype for Business MUI (French) 2016 (HKLM-x32\...\{90160000-012B-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29913 (HKLM-x32\...\{572DCD10-CF2E-43D1-8151-8BD9AC9086D0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29913 (HKLM-x32\...\{6236EBBD-F50F-40B3-B819-8DB0C608308C}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.73.1 - Microsoft Corporation)
Microsoft Word MUI (French) 2016 (HKLM-x32\...\{90160000-001B-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nipper (HKLM-x32\...\NipperStudio) (Version: 2.13.0 - Titania)
Nmap 7.93 (HKLM-x32\...\Nmap) (Version: 7.93 - Nmap Project)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.71 - Nmap Project)
OpenVPN 2.5.8-I603 amd64 (HKLM\...\{4DC5E5B0-0BC0-4A2B-B118-1F2E3796E8A4}) (Version: 2.5.039 - OpenVPN, Inc.)
Oracle VM VirtualBox 6.1.36 (HKLM\...\{C4FD4C3F-BA9F-4B03-B87A-809A9D0FAFEC}) (Version: 6.1.36 - Oracle Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Postman x86_64 10.1.2 (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Postman) (Version: 10.1.2 - Postman)
Python 3.10.7 (64-bit) (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\{c62ef944-a7c9-4646-9fc7-d9e658defc1f}) (Version: 3.10.7150.0 - Python Software Foundation)
Python 3.10.7 Add to Path (64-bit) (HKLM\...\{585A1EFD-29F6-4016-9AD0-93068F81AD0C}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Core Interpreter (64-bit) (HKLM\...\{D4C83865-A602-4834-8390-B094CAF22F71}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Development Libraries (64-bit) (HKLM\...\{C9D65557-5B19-4B9B-860E-4E5477F9B10A}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Executables (64-bit) (HKLM\...\{CE8E4C24-9C7B-447B-B974-CD8236BE09B9}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 pip Bootstrap (64-bit) (HKLM\...\{30C9588C-5E1D-479E-988A-DA38CADFA384}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Standard Library (64-bit) (HKLM\...\{08D7A4E8-F704-409B-A676-457432DA3248}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Utility Scripts (64-bit) (HKLM\...\{E1A1200C-5CC4-404B-BF93-E33C463963CD}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{96BFBDD2-78C9-42B5-9893-FABA2BB527C4}) (Version: 3.10.7917.0 - Python Software Foundation)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM-x32\...\{90160000-001F-0413-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows Subsystem for Linux Update (HKLM\...\{36EF257E-21D5-44F7-8451-07923A8C465E}) (Version: 5.10.16 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\ZoomUMX) (Version: 5.12.8 (10232) - Zoom Video Communications, Inc.)

Packages:
=========
Centre de configuration des graphiques Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-08-24] (INTEL CORP) [Startup Task]
Centre de contrôle Thunderbolt™ -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.36.0_x64__8j3eq9eme6ctt [2022-09-26] (INTEL CORP)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_2.39.278.0_x64__dt26b99r8h8gj [2022-10-22] (Realtek Semiconductor Corp)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.29.0_x64__v10z8vjag6ke6 [2022-08-24] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-16] (INTEL CORP)
Kali Linux -> C:\Program Files\WindowsApps\KaliLinux.54290C8133FEE_1.14.0.0_x64__ey8k8hqnwqnmg [2022-12-08] (Kali Linux)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-08] (Microsoft Studios) [MS Ad]
Synaptics PointStick Settings Manager – Commercial -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPCommercialStykDApp_19006.1005.0.0_x64__807d65c4rvak2 [2022-08-23] (Synaptics Incorporated)
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu_2204.1.7.0_x64__79rhkp1fndgsc [2022-11-09] (Canonical Group Limited)

==================== Personnalisé CLSID (Avec liste blanche): ==============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_1b9744c2f44d96c2\OptaneShellExt.dll [2021-10-20] (Intel Corporation -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Fichier non signé]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [Fichier non signé]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [Fichier non signé]
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2022-07-10] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2022-07-10] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_1b9744c2f44d96c2\OptaneShellExt.dll [2021-10-20] (Intel Corporation -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Fichier non signé]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [Fichier non signé]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [Fichier non signé]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Fichier non signé]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [Fichier non signé]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [Fichier non signé]

==================== Codecs (Avec liste blanche) ====================

==================== Raccourcis & WMI ========================

(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

Shortcut: C:\Users\TOM\Documents\jxplorer\JXplorer.lnk -> C:\Users\stephanie\Desktop\outputs\files\jxplorer\jxplorer.bat (Pas de fichier)

==================== Modules chargés (Avec liste blanche) =============

2022-08-09 07:08 - 2010-03-15 09:28 - 000166400 _____ () [Fichier non signé] C:\Program Files\WinRAR\rarext.dll
2022-07-15 19:00 - 2022-07-15 19:00 - 000094720 _____ (Igor Pavlov) [Fichier non signé] C:\Program Files\7-Zip\7-zip.dll
2022-11-24 07:22 - 2022-11-24 07:22 - 000254464 ____N (Java(TM) Native Access (JNA)) [Fichier non signé] C:\Windows\Temp\jna--666108941\jna1750024592914009253.dll
2020-10-22 22:42 - 2020-10-22 22:42 - 000217600 _____ (RSA - The Security Division of EMC) [Fichier non signé] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll
2020-10-22 22:42 - 2020-10-22 22:42 - 000404480 _____ (RSA - The Security Division of EMC) [Fichier non signé] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll
2020-10-22 22:42 - 2020-10-22 22:42 - 000379904 _____ (RSA - The Security Division of EMC) [Fichier non signé] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll
2020-10-22 22:42 - 2020-10-22 22:42 - 000504320 _____ (RSA - The Security Division of EMC) [Fichier non signé] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll
2020-10-22 22:42 - 2020-10-22 22:42 - 000218624 _____ (RSA - The Security Division of EMC) [Fichier non signé] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll

==================== Alternate Data Streams (Avec liste blanche) ========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)

AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\TOM\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\TOM\AppData\Roaming:iSpring Solutions [128]

==================== Mode sans échec (Avec liste blanche) ==================

==================== Asstomation (Avec liste blanche) =================

==================== Internet Explorer (Avec liste blanche) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_351\bin\ssv.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts contenu: =========================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2019-12-07 09:14 - 2022-11-03 18:07 - 000001056 _____ C:\Windows\system32\drivers\etc\hosts
192.168.1.31 host.docker.internal
192.168.1.31 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal

2022-08-10 16:38 - 2022-12-12 08:52 - 000000514 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.24.176.1 MY_LAPTOP.mshome.net # 2027 12 6 11 8 52 15 983
72.21.48.1 MY_LAPTOP.mshome.net # 2027 9 2 21 18 21 4 757

==================== Autres zones ===========================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Java\jdk-11.0.16.1;C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\VMware\VMware Player\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Docker\Docker\resources\bin;C:\ProgramData\DockerDesktop\version-bin;C:\Program Files\Git\cmd;
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\c.bmp
DNS Servers: 196.201.90.4 - 196.201.90.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Le Pare-feu est activé.

Network Binding:
=============
OpenVPN Wintun: VMware Bridge Protocol -> vmware_bridge (enabled) 
OpenVPN Wintun: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network #2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network #2: VMware Bridge Protocol -> vmware_bridge (enabled) 
VirtualBox Host-Only Network #2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
OpenVPN TAP-Windows6: VMware Bridge Protocol -> vmware_bridge (enabled) 
OpenVPN TAP-Windows6: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
OpenVPN TAP-Windows6: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled) 
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
vEthernet (WSL): VMware Bridge Protocol -> vmware_bridge (enabled) 
vEthernet (WSL): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
vEthernet (WSL): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VirtualBox Host-Only Network: VMware Bridge Protocol -> vmware_bridge (enabled) 
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 

==================== MSCONFIG/TASK MANAGER éléments désactivés ==

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\StartupApproved\StartupFolder: => "Envoyer * OneNote.lnk<*>"
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\StartupApproved\Run: => "Docker Desktop"
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\StartupApproved\Run: => "ut"

==================== RèglesPare-feu (Avec liste blanche) ================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [{48F8AD51-915C-4B2F-8E35-1CD1D01644F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90B43D50-41E3-4E9A-B967-72C8FCD56120}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{92187504-99F7-49B3-8973-AE5B2A23988A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{872C29EA-EB7C-4B47-A96B-D1BCBDD46032}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D47E19A0-EF83-4416-AE3C-B9BF48315708}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [Fichier non signé]
FirewallRules: [UDP Query User{4C1D0FDD-C484-4CB0-A268-0743EB350094}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [Fichier non signé]
FirewallRules: [{A27F14C8-B43C-49DF-8A4D-0F96AEB19FEE}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{4D51F720-0B36-4BF7-B082-D389164852C8}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{D8A93E84-3987-42BE-A05A-0002CEB8FF82}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{086886C4-C34C-4994-BD23-BB49F7B8C851}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{83E28FCD-C95C-4D65-A81C-01326E3D0EF4}C:\program files\python\python310\python.exe] => (Allow) C:\program files\python\python310\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [UDP Query User{A5EFB03D-5E21-4A43-A6A9-5CF5A1960898}C:\program files\python\python310\python.exe] => (Allow) C:\program files\python\python310\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [TCP Query User{FFB7F1D3-667B-4A60-B68E-5D225F163423}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run => Pas de fichier
FirewallRules: [UDP Query User{F63238D5-B9A8-45B2-8D32-519F179924F0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run => Pas de fichier
FirewallRules: [TCP Query User{0277EAB2-BFCA-4A12-BD39-19CA530B3F9C}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx => Pas de fichier
FirewallRules: [UDP Query User{D93784F8-3A2F-41B2-A87C-FC9F6E12F9D0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx => Pas de fichier
FirewallRules: [{9E77B729-43A7-4738-AC79-9FA819458491}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FC178899-6DC0-45CE-89CF-BD98CFE546D2}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier
FirewallRules: [{4232EDA5-FEF9-454C-8720-0EAC8EDD1256}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier
FirewallRules: [TCP Query User{C6F51621-278A-4C4A-8016-9B53B6DBD87D}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd => Pas de fichier
FirewallRules: [UDP Query User{DE6FB1B2-97FD-46A4-99E4-63354BFEB44E}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd => Pas de fichier
FirewallRules: [TCP Query User{99149935-F5D4-4141-85D3-A933BC30A0DF}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [Fichier non signé]
FirewallRules: [UDP Query User{B3A0C955-0C14-4139-BD8F-C3D7604F41EB}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [Fichier non signé]
FirewallRules: [{C1484939-B268-48FF-91D2-046D17A2F6C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4AA30488-8B46-4B58-BC0B-F45F097A0EFC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F71D635-BCB5-461A-B3BA-041C1D8E9F8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{028B9DBD-7890-4702-BA90-106DA50CA878}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{6698CC05-5DB2-42C9-862A-CB2FC0841AFB}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe () [Fichier non signé]
FirewallRules: [UDP Query User{6BA7C7F2-F0C2-44D0-A5E9-1D56CAF1BC3E}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe () [Fichier non signé]
FirewallRules: [{5CF58141-8C9B-4F49-9DF8-6ED4C94A5B31}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ECB5373A-FC9E-4AEA-9573-BB91248E15D1}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Points de restauration =========================

ATTENTION: La Restauration système est désactivée (Total:930.89 GB) (Free:643.83 GB) (69%)

==================== Éléments en erreur du Gestionnaire de périphériques ============


==================== Erreurs du Journal des événements: ========================

Erreurs Application:
==================
Error: (12/08/2022 12:35:48 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Échec de l’acquisition d’un ticket authentique (hr=0x80072EFD) pour l’Id de modèle {99d92734-d682-4d71-983e-d6ec3f16059f}

Error: (12/08/2022 12:35:48 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Détails de l’échec d’acquisition de la licence. 
hr=0x80072EFD

Error: (12/06/2022 03:28:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme explorer.exe version 10.0.19041.2193 a cessé d'interagir avec Windows et a été fermé. Pour voir si plus d'informations sur le problème sont disponibles, vérifiez l'historique des problèmes dans le Panneau de configuration Sécurité et maintenance.

ID de processus : 5284

Heure de début : 01d905a0d642a757

Heure d'arrêt : 0

Chemin d'accès à l'application : C:\Windows\explorer.exe

ID de rapport : 35baf412-8b18-42df-9967-831fd6011135

Nom complet du package défectueux : 

ID de l'application relative à un package défectueux : 

Type de blocage : Unknown

Error: (12/01/2022 12:35:36 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Échec de l’acquisition d’un ticket authentique (hr=0x80072EFD) pour l’Id de modèle {99d92734-d682-4d71-983e-d6ec3f16059f}

Error: (12/01/2022 12:35:36 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Détails de l’échec d’acquisition de la licence. 
hr=0x80072EFD

Error: (12/01/2022 12:35:25 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Échec de l’acquisition d’un ticket authentique (hr=0x80072EFD) pour l’Id de modèle {99d92734-d682-4d71-983e-d6ec3f16059f}

Error: (12/01/2022 12:35:25 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Détails de l’échec d’acquisition de la licence. 
hr=0x80072EFD

Error: (11/28/2022 05:36:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante HotKeyServiceUWP.exe, version : 8.10.35.44674, horodatage : 0x62a06fc3
Nom du module défaillant : ntdll.dll, version : 10.0.19041.2130, horodatage : 0xb5ced1c6
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000002faad
ID du processus défaillant : 0xda4
Heure de début de l’application défaillante : 0x01d8ffd575f5430c
Chemin d’accès de l’application défaillante : C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_e2143fc8249238dd\HotKeyServiceUWP.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll
ID de rapport : b121ce7a-7ad5-4e5d-87d2-0bf7ada89bc6
Nom complet du package défaillant : 
ID de l’application relative au package défaillant :


Erreurs système:
=============
Error: (12/12/2022 08:47:33 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: AUTORITE NT)
Description: Le miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {ceae3841-e5a0-4371-9faa-5ad39dc42763}, a eu l’événement 74

Error: (12/09/2022 02:32:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service HotKeyServiceUWP.

Error: (12/09/2022 02:30:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service HotKeyServiceUWP.

Error: (12/09/2022 02:27:00 PM) (Source: DCOM) (EventID: 10010) (User: AUTORITE NT)
Description: Le serveur {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (12/09/2022 02:23:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service HPAppHelperCap.

Error: (12/09/2022 02:13:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service HPAppHelperCap.

Error: (12/09/2022 02:10:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Client de stratégie de groupe n’a pas pu démarrer en raison de l’erreur : 
Le service n’a pas répondu assez vite à la demande de lancement ou de contrôle.

Error: (12/09/2022 02:10:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Client de stratégie de groupe.


Windows Defender:
================
Date: 2022-12-12 09:05:36
Description: 
L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin.
ID de l’analyse : {AC2AD6FB-36A3-4876-A534-145C7B7A5273}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse rapide
Utilisateur : AUTORITE NT\Système

Date: 2022-12-08 12:22:20
Description: 
L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin.
ID de l’analyse : {7EA25C73-7DA6-408F-ACD3-483243BCF334}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse rapide
Utilisateur : AUTORITE NT\Système

Date: 2022-12-06 18:21:26
Description: 
L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin.
ID de l’analyse : {15FF2332-7536-41E6-80AD-F1A2DB87802B}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse rapide
Utilisateur : AUTORITE NT\Système

Date: 2022-12-05 11:37:16
Description: 
L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin.
ID de l’analyse : {A9328335-BF15-45BD-913E-7E161C831A66}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse rapide
Utilisateur : AUTORITE NT\Système

Date: 2022-12-02 14:39:22
Description: 
L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin.
ID de l’analyse : {B5EB09C4-56D7-42DC-8D94-74BA3D307104}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse rapide
Utilisateur : AUTORITE NT\Système
Event[0]:

Date: 2022-12-09 09:26:28
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:28
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Logiciel anti-espion
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:28
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:23
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:23
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Logiciel anti-espion
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

CodeIntegrity:
===============
Date: 2022-12-12 09:05:31
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-12-12 09:01:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_33a6982ac1e20313\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-12-12 08:47:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_33a6982ac1e20313\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Infos Mémoire =========================== 

BIOS: HP T37 Ver. 01.10.00 07/15/2022
Carte mère: HP 8AB8
Processeur: 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz
Pourcentage de mémoire utilisée: 36%
Mémoire physique - RAM - totale: 32448.21 MB
Mémoire physique - RAM - disponible: 20721.3 MB
Mémoire virtuelle totale: 37312.21 MB
Mémoire virtuelle disponible: 24619.16 MB

==================== Lecteurs ================================

Drive c: () (Fixed) (Total:930.89 GB) (Free:643.83 GB) (Model: KINGSTON SNVS1000GB) NTFS
Drive d: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:583.56 GB) (Model: Seagate Expansion SCSI Disk Device) NTFS

\\?\Volume{1fac8aa4-ea46-47c8-a2a1-40d56c8ac893}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{f2a9c796-48fc-4fde-bc26-1b9830efe024}\ () (Fixed) (Total:0.09 GB) (Free:0.02 GB) FAT32

==================== MBR & Table des partitions ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 43E6412F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Fin de Addition.txt =======================
Johndoe225
Active Member
 
Posts: 12
Joined: June 21st, 2019, 3:17 pm
Advertisement
Register to Remove

Re: Infected by malware named Black Sky

Unread postby Gary R » December 12th, 2022, 9:48 am

This is an English speaking forum.

I see you are using a non-English version of FRST. This makes it difficult for me to read your logs, so please do the following ....
  • Rename FRST64.exe to FRSTEnglish.exe
  • Run a new scan
  • Post the new FRST.txt and Addition.txt logs, which should now be in English.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25741
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected by malware named Black Sky

Unread postby Johndoe225 » December 12th, 2022, 10:49 am

Gary R wrote:This is an English speaking forum.

I see you are using a non-English version of FRST. This makes it difficult for me to read your logs, so please do the following ....
  • Rename FRST64.exe to FRSTEnglish.exe
  • Run a new scan
  • Post the new FRST.txt and Addition.txt logs, which should now be in English.


Hello Gary,

I don't know if it'll help. A few system/application logs in the outputs are in french. But yes, changing the name to FRSTEnglish.exe made most of the output in English

Below are the results

FRST.txt
Code: Select all
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2022
Ran by TOM (administrator) on MY_LAPTOP (HP HP EliteBook 840 G8 Notebook PC) (12-12-2022 14:36:14)
Running from C:\Users\TOM\Desktop
Loaded Profiles: TOM
Platform: Microsoft Windows 10 Entreprise Version 22H2 19045.2251 (X64) Language: Français (France)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe <8>
(C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.15.2874.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.15.2874.0_x64__8wekyb3d8bbwe\OpenConsole.exe <3>
(C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.15.2874.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <3>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCopyAccelerator.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_0fbb2cdf4fb6467e\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0fbb2cdf4fb6467e\igfxEMN.exe
(explorer.exe ->) () [File not signed] C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shingeki no kyojin.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <4>
(explorer.exe ->) (Eric R. Zimmerman -> Eric R. Zimmerman) C:\Users\TOM\Documents\Tools\Zimmerman\TimelineExplorer\TimelineExplorer.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <28>
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.15.2874.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(explorer.exe ->) (OpenVPN Inc. -> ) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\com.docker.service
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_c33d3226824e4250\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_e2143fc8249238dd\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_e2143fc8249238dd\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0fbb2cdf4fb6467e\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_7322d271029d40e8\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c3bfb56a1230fdfd\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_33a6982ac1e20313\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_7616b976fc6840bd\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Windows -> ) C:\Windows\System32\OpenSSH\ssh-agent.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe
(services.exe ->) (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b8f1bff0e3af96f2\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (The Apache Software Foundation -> Apache Software Foundation) C:\Users\TOM\Documents\Tools\neo4j-community-4.4.11\bin\tools\prunsrv-amd64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\lxss\wslhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(vmcompute.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\vmwp.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b8f1bff0e3af96f2\RtkAudUService64.exe [1594248 2022-08-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2022-09-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [281432 2022-08-10] (Docker Inc -> Docker Inc.)
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Run: [MicrosoftEdgeAutoLaunch_8EE6ED75BAABE45714C69E0EFA79F89F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3877288 2022-12-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [869144 2022-11-11] (OpenVPN Inc. -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{4DC5E5B0-0BC0-4A2B-B118-1F2E3796E8A4}] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\108.0.5359.99\Installer\chrmstp.exe [2022-12-08] (Google LLC -> Google LLC)
Startup: C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2022-10-11]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shingeki no kyojin.exe [1980-01-04] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {030F4DCD-F437-4DC7-8FDB-5436CEB610FC} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\Installer\setup.exe [3367840 2022-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {17D6E61C-B855-4883-B5AF-B1D5F1404A3A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25E4D2EA-23B0-4148-8041-DAC9AB13DBE6} - System32\Tasks\GoogleUpdateTaskMachineCore{816FA00C-AF00-4598-A6A5-AD3FDFAA39C6} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-19] (Google LLC -> Google LLC)
Task: {36E0837E-34CD-4729-817B-5E955EDA4FCA} - System32\Tasks\GoogleUpdateTaskMachineUA{1C074024-B478-4246-8AAE-4B43E3B2D864} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-19] (Google LLC -> Google LLC)
Task: {3E8A841D-6F4C-46CC-A589-83A9D288E092} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (No File)
Task: {63E37383-418D-45B8-8DDD-092AC7D13EAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {666254A2-C79C-4E10-AEC4-36E90EE8E14A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {795CCFAD-5E43-4818-BCC0-716843FF247E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CF8BDF5-4A1A-49BA-9655-7E7AA64971AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {9721C737-FAFB-461A-97DB-ACBCB3FFF3E6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B887709B-9A2F-46D7-9D6F-1E615D867DF1} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-08-18] () [File not signed]
Task: {E892E222-5986-4FB5-BCAD-C0E8B7103EB0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [{34753BBF-14BA-41B0-9B83-5C30F4688EB6}] => hxxp://proxy.homelab.local/ <==== ATTENTION
Winsock: Catalog9 15 C:\Windows\SysWOW64\vsocklib.dll [44128 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\vsocklib.dll [44128 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [48224 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [48224 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 196.201.90.4 196.201.90.20
Tcpip\..\Interfaces\{7386cfae-11ae-4f48-b4ba-9f6742b53a70}: [DhcpNameServer] 196.201.90.4 196.201.90.20

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\TOM\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-12]
Edge Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\TOM\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-11-24]
Edge Extension: (HP Dynamic Audio) - C:\Users\TOM\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iahgjpkfebmcdcaifedofgakoancmoli [2022-08-10]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default [2022-12-12]
CHR Extension: (Google Traduction) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-11-24]
CHR Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-12-12]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2022-11-28]
CHR Extension: (Google Docs hors connexion) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-12]
CHR Extension: (Vue.js devtools) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhdogjmejiglipccpnnnanhbledajbpd [2022-10-20]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-19]
CHR Extension: (Proxy Switcher and Manager) - C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\onnfghpihccifgojkpnnncpagjcdbjod [2022-10-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [19832 2022-08-10] (Docker Inc -> Docker Inc.)
S3 filezilla-server; C:\Program Files\FileZilla Server\filezilla-server.exe [6052352 2022-07-29] (FileZilla Project) [File not signed]
R2 FMAPOService; C:\Windows\System32\FMService64.exe [482200 2022-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HotKeyServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_e2143fc8249238dd\HotKeyServiceUWP.exe [1556592 2022-06-14] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\AppHelperCap.exe [791544 2022-10-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\DiagsCap.exe [790488 2022-10-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\NetworkCap.exe [787416 2022-10-24] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\SysInfoCap.exe [791496 2022-10-24] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_c33d3226824e4250\x64\TouchpointAnalyticsClientService.exe [493664 2022-09-28] (HP Inc. -> HP Inc.)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\\AS\\IAS\\IntelAudioService.exe [532024 ] (Intel Corporation -> Intel)
R2 LanWlanWwanSwitchingServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_e2143fc8249238dd\LanWlanWwanSwitchingServiceUWP.exe [602224 2022-06-14] (HP Inc. -> HP Inc.)
S3 LxssManagerUser; C:\Windows\system32\lxss\wslclient.dll [301056 2022-08-24] (Microsoft Windows -> Microsoft Corporation)
R2 neo4j; C:\Users\TOM\Documents\Tools\neo4j-community-4.4.11\bin\tools\prunsrv-amd64.exe [116648 2022-08-29] (The Apache Software Foundation -> Apache Software Foundation)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [67360 2022-11-11] (OpenVPN Inc. -> The OpenVPN Project)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224216 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [254112 2021-07-14] (Intel Corporation -> Intel Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [748664 2022-07-19] (Oracle Corporation -> Oracle Corporation)
S2 WbfPolicyService110; C:\Windows\System32\WbfPolicyService110.exe [715704 2022-07-29] (Synaptics Incorporated -> Synaptics Incorporated.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-15] (HP Inc. -> HP Inc.)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1546944 2021-10-20] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_d97909364d9908a5\IntcUSB.sys [892968 2022-06-02] (Intel Corporation -> Intel(R) Corporation)
R3 MpKslf059e526; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E1DA5E9-08B3-4D3C-B5D8-FD4E91010BB7}\MpKslDrv.sys [214280 2022-12-12] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [77336 2022-08-19] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [77336 2022-08-19] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 SynStykFilterHID; C:\Windows\System32\drivers\SynTP.sys [810952 2021-09-02] (Synaptics Incorporated -> Synaptics Incorporated)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2022-11-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [242656 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [252560 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1081592 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [60344 2022-07-10] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [67072 2022-07-10] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [105912 2021-08-16] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2022-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473376 2022-12-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-12] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_6e6883aaac7c1f77\WiManH\WiManH.sys [180312 2022-06-29] (Intel Corporation -> Intel Corporation)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [38176 2022-11-19] (WireGuard LLC -> WireGuard LLC)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-12 14:36 - 2022-12-12 14:36 - 000025954 _____ C:\Users\TOM\Desktop\FRST.txt
2022-12-12 14:30 - 2022-12-12 14:30 - 056560655 _____ C:\Users\TOM\Downloads\MFTExplorer.zip
2022-12-12 12:43 - 2022-07-19 16:09 - 000445856 _____ (Sysinternals - www.sysinternals.com) C:\Windows\sigcheck.exe
2022-12-12 12:43 - 2022-02-16 22:18 - 000712080 _____ (Sysinternals - www.sysinternals.com) C:\Windows\Autorunsc.exe
2022-12-12 11:00 - 2022-12-12 14:36 - 000000000 ____D C:\FRST
2022-12-12 10:55 - 2022-12-12 10:55 - 002375680 _____ (Farbar) C:\Users\TOM\Desktop\FRSTEnglish.exe
2022-12-12 10:44 - 2022-12-12 10:44 - 000000000 ____D C:\Users\TOM\Documents\temp2
2022-12-12 10:00 - 2022-12-12 10:00 - 000043224 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2022-12-08 18:14 - 2022-12-08 18:20 - 019268943 _____ C:\Users\TOM\Downloads\Non confirmé 729468.crdownload
2022-12-08 12:47 - 2022-12-08 16:55 - 000001230 _____ C:\Users\TOM\Desktop\sqli
2022-12-07 16:18 - 2022-12-07 16:18 - 000088940 _____ C:\Users\TOM\Downloads\ccna_4-commandes_nat_et_pat.pdf
2022-12-07 16:17 - 2022-12-07 16:17 - 000242574 _____ C:\Users\TOM\Downloads\dns.pdf
2022-12-07 15:25 - 2022-12-07 15:25 - 000167768 _____ C:\Users\TOM\Downloads\tp_dhcp_dns_natpat.pdf
2022-12-06 15:52 - 2022-12-06 15:52 - 002239919 _____ C:\Users\TOM\Desktop\CIS_Docker_Benchmark_v1_2_0.pdf
2022-12-05 16:40 - 2022-12-09 19:50 - 000000000 ____D C:\Users\TOM\Documents\CNAM
2022-12-05 16:40 - 2022-12-07 15:25 - 000000184 _____ C:\Users\TOM\.packettracer
2022-12-05 16:40 - 2022-12-05 16:42 - 000000000 ____D C:\Users\TOM\Cisco Packet Tracer 5.3.3
2022-12-05 16:40 - 2022-12-05 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer
2022-12-05 16:39 - 2022-12-05 16:40 - 000000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 5.3.3
2022-12-05 16:38 - 2022-12-05 16:39 - 084110703 _____ (Cisco Systems, Inc. ) C:\Users\TOM\Downloads\PacketTracer533_setup.exe
2022-12-02 16:17 - 2022-12-02 16:19 - 000000000 ____D C:\.ssh
2022-11-29 11:30 - 2022-11-29 11:30 - 099112901 _____ C:\Users\TOM\Downloads\faraday-server_amd64.rpm
2022-11-25 08:36 - 2022-11-25 08:36 - 000002151 _____ C:\Users\TOM\Downloads\Mot de passe (2).zip
2022-11-25 08:32 - 2022-12-02 15:29 - 000000000 ____D C:\Users\TOM\Documents\Other TOM
2022-11-24 07:27 - 2022-11-24 07:27 - 000000000 ____D C:\Users\TOM\AppData\LocalLow\Oracle
2022-11-23 08:16 - 2022-11-23 08:16 - 000000000 ____D C:\Users\TOM\AppData\Roaming\java
2022-11-23 08:15 - 2022-11-23 08:16 - 000000000 ____D C:\Users\TOM\AppData\Roaming\SQL Developer
2022-11-23 08:15 - 2022-11-23 08:15 - 000000000 ____D C:\Users\TOM\AppData\Roaming\sqldeveloper
2022-11-23 08:10 - 2022-11-23 08:10 - 000000000 ____D C:\Users\TOM\AppData\Roaming\HeidiSQL
2022-11-22 08:39 - 2022-11-22 08:40 - 000000000 ____D C:\Users\TOM\Documents\Objectifs
2022-11-19 17:53 - 2022-11-19 17:53 - 000039920 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2022-11-19 17:53 - 2022-11-19 17:53 - 000038176 _____ (WireGuard LLC) C:\Windows\system32\Drivers\wintun.sys
2022-11-19 17:53 - 2022-11-19 17:53 - 000001996 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2022-11-19 17:53 - 2022-11-19 17:53 - 000000000 ____D C:\Users\TOM\OpenVPN
2022-11-19 17:53 - 2022-11-19 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2022-11-19 17:53 - 2022-11-19 17:53 - 000000000 ____D C:\Program Files\OpenVPN
2022-11-19 17:52 - 2022-11-19 17:52 - 004419584 _____ C:\Users\TOM\Downloads\OpenVPN-2.5.8-I603-amd64.msi
2022-11-19 17:20 - 2022-11-19 17:54 - 000000000 ____D C:\Users\TOM\Documents\Hackthebox
2022-11-18 11:09 - 2022-11-18 11:09 - 000000000 ___HD C:\$WinREAgent
2022-11-18 11:01 - 2022-11-18 11:01 - 000000000 ____D C:\Users\TOM\Documents\Zoom
2022-11-18 11:00 - 2022-11-18 11:00 - 000137600 _____ (Zoom Video Communications, Inc.) C:\Users\TOM\Downloads\Zoom_cm_ds_mfgiXX8B7vVy4TSHYrmFgaMGH61rfkglOGmgA@4OqJSLJS42sTU7S-_k9b3f903bcb334978_.exe
2022-11-18 11:00 - 2022-11-18 11:00 - 000000000 ____D C:\Users\TOM\AppData\Roaming\Zoom
2022-11-18 11:00 - 2022-11-18 11:00 - 000000000 ____D C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-11-18 11:00 - 2022-11-18 11:00 - 000000000 ____D C:\Users\TOM\AppData\Local\Zoom
2022-11-17 13:04 - 2022-11-17 13:04 - 010175044 _____ C:\Users\TOM\Downloads\wstg-v4.2 (1).pdf
2022-11-16 08:50 - 2022-12-05 16:25 - 000000704 _____ C:\Users\TOM\Desktop\temp.txt
2022-11-14 14:55 - 2022-12-12 11:29 - 000004172 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{CEF436DB-BC3D-4AE7-9D7D-28B4355EE9B4}

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-12 14:29 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-12-12 14:28 - 2022-10-19 10:12 - 000000000 ____D C:\Program Files (x86)\Google
2022-12-12 14:16 - 2022-08-09 06:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-12-12 12:26 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness
2022-12-12 11:53 - 2022-09-22 09:08 - 000000000 ____D C:\Users\TOM\Documents\Tools
2022-12-12 11:03 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF
2022-12-12 10:56 - 2022-11-08 08:04 - 000000000 ____D C:\Users\TOM\AppData\Roaming\uTorrent
2022-12-12 08:58 - 2022-08-09 06:57 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-12-12 08:52 - 2022-08-10 16:38 - 000000514 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2022-12-12 08:47 - 2022-08-24 17:22 - 000000000 __SHD C:\Users\TOM\IntelGraphicsProfiles
2022-12-12 08:47 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-12-09 19:51 - 2022-10-18 17:04 - 000000000 ____D C:\Users\TOM\AppData\Roaming\vlc
2022-12-09 19:41 - 2022-09-21 13:33 - 000000000 ____D C:\ProgramData\VMware
2022-12-08 20:18 - 2022-10-19 10:13 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-12-08 15:24 - 2022-08-09 07:05 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4291724383-3096681415-704644627-1001
2022-12-08 15:24 - 2022-08-09 07:02 - 000002411 _____ C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-12-07 15:58 - 2022-08-09 07:02 - 000000000 ____D C:\Users\TOM\AppData\Local\Packages
2022-12-07 15:24 - 2022-08-10 16:06 - 000004784 _____ C:\Windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-12-07 15:24 - 2022-08-09 06:57 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-12-06 14:23 - 2022-09-22 10:28 - 000000000 ____D C:\Users\TOM\AppData\Roaming\Code
2022-12-05 16:40 - 2022-08-09 07:02 - 000000000 ____D C:\Users\TOM
2022-12-05 13:24 - 2022-08-24 13:19 - 000000000 ____D C:\Users\TOM\Documents\Backups
2022-12-02 16:26 - 2022-09-21 13:34 - 000000000 ____D C:\Users\TOM\AppData\Roaming\VMware
2022-11-29 10:13 - 2022-09-21 13:34 - 000000000 ____D C:\Users\TOM\AppData\Local\VMware
2022-11-24 17:57 - 2022-08-23 18:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-11-24 09:33 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\NDF
2022-11-24 07:29 - 2022-09-26 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2022-11-24 07:29 - 2022-09-25 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-11-24 07:29 - 2022-09-25 20:36 - 000000000 ____D C:\Program Files\Java
2022-11-24 07:29 - 2022-08-09 07:03 - 001689652 _____ C:\Windows\system32\PerfStringBackup.INI
2022-11-24 07:29 - 2019-12-07 14:49 - 000760790 _____ C:\Windows\system32\perfh00C.dat
2022-11-24 07:29 - 2019-12-07 14:49 - 000144070 _____ C:\Windows\system32\perfc00C.dat
2022-11-24 07:22 - 2022-08-10 16:26 - 000000000 ____D C:\ProgramData\DockerDesktop
2022-11-24 07:22 - 2022-08-09 07:18 - 000000000 ____D C:\Intel
2022-11-24 07:22 - 2022-08-09 06:57 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-24 07:22 - 2022-08-09 06:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-11-24 07:22 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\ServiceState
2022-11-23 16:47 - 2019-12-07 09:03 - 001835008 _____ C:\Windows\system32\config\BBI
2022-11-23 08:55 - 2022-08-10 15:57 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4291724383-3096681415-704644627-1001
2022-11-22 08:40 - 2022-09-22 14:38 - 000000000 ____D C:\Users\TOM\Documents\Red Team
2022-11-21 12:07 - 2022-11-02 13:31 - 000000000 ____D C:\Users\TOM\Documents\scripts
2022-11-21 10:22 - 2022-08-23 18:44 - 000000000 ____D C:\Users\TOM\AppData\Roaming\FileZilla
2022-11-19 17:45 - 2022-08-10 16:36 - 000000000 ____D C:\Users\TOM\AppData\Local\PlaceholderTileLogoFolder
2022-11-19 17:45 - 2022-08-09 07:02 - 000000000 ____D C:\ProgramData\Packages
2022-11-18 11:11 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp
2022-11-18 10:12 - 2022-09-26 09:47 - 000000000 ____D C:\Users\TOM\AppData\Roaming\com.adobe.dunamis
2022-11-18 09:51 - 2022-08-10 16:29 - 000001575 _____ C:\Windows\system32\config\VSMIDK
2022-11-18 08:44 - 2022-11-01 08:26 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2022-11-17 18:06 - 2022-09-26 17:06 - 000000000 ____D C:\Users\TOM\AppData\Roaming\bloodhound
2022-11-16 11:10 - 2022-09-22 10:27 - 000000000 ____D C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2022-11-16 11:03 - 2022-10-12 16:01 - 000000000 ____D C:\Users\TOM\AppData\Local\ElevatedDiagnostics
2022-11-16 11:03 - 2022-08-09 09:49 - 000000000 ____D C:\Users\TOM\AppData\Local\D3DSCache
2022-11-15 14:54 - 2022-08-09 06:57 - 000436216 _____ C:\Windows\system32\FNTCACHE.DAT
2022-11-15 14:54 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-11-15 14:53 - 2022-08-10 16:29 - 000000000 ___SD C:\Windows\system32\lxss
2022-11-15 14:53 - 2019-12-07 14:52 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SystemResources
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\oobe
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\Dism
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\bcastdvr
2022-11-14 17:48 - 2022-10-20 12:28 - 000000000 ____D C:\Users\TOM\Documents\Audits
2022-11-14 14:57 - 2019-12-07 09:14 - 000000000 ___SD C:\Windows\Downloaded Program Files
2022-11-14 10:34 - 2022-11-08 08:10 - 000000000 ____D C:\Users\TOM\AppData\Local\BitTorrentHelper
2022-11-14 08:37 - 2022-08-09 06:57 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-14 08:37 - 2022-08-09 06:57 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2022-09-21 18:52 - 2022-09-21 18:52 - 000000128 ____H () C:\Users\TOM\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2022-11-02 13:27 - 2022-11-02 13:28 - 000000149 _____ () C:\Users\TOM\AppData\Local\zenmap.exe.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Addition.txt
Code: Select all
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2022
Ran by TOM (12-12-2022 14:36:55)
Running from C:\Users\TOM\Desktop
Microsoft Windows 10 Entreprise Version 22H2 19045.2251 (X64) (2022-08-09 06:58:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrateur (S-1-5-21-4291724383-3096681415-704644627-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4291724383-3096681415-704644627-503 - Limited - Disabled)
Invité (S-1-5-21-4291724383-3096681415-704644627-501 - Limited - Disabled)
TOM (S-1-5-21-4291724383-3096681415-704644627-1001 - Administrator - Enabled) => C:\Users\TOM
WDAGUtilityAccount (S-1-5-21-4291724383-3096681415-704644627-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 22.003.20282 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.8.2 - Angry IP Scanner)
Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version:  - Cisco Systems, Inc.)
Docker Desktop (HKLM\...\Docker Desktop) (Version: 4.11.1 - Docker Inc.)
FileZilla 3.60.2 (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\FileZilla Client) (Version: 3.60.2 - Tim Kosse)
FileZilla Server 1.5.1 (HKLM\...\FileZilla Server) (Version: 1.5.1 - Tim Kosse <tim.kosse@filezilla-project.org>)
Free Cam 8 (HKLM-x32\...\{31FACC6B-2EB0-4092-B715-FE8B8916A967}) (Version: 8.7.27159 - iSpring Solutions Inc.)
Genymotion version 3.1.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 3.1.0 - Genymobile)
Git (HKLM\...\Git_is1) (Version: 2.37.3 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 108.0.5359.99 - Google LLC)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 351 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180351F0}) (Version: 8.0.3510.10 - Oracle Corporation)
Java(TM) SE Development Kit 11.0.16.1 (64-bit) (HKLM\...\{C92DE8EA-63C2-5A16-B603-60C43057E595}) (Version: 11.0.16.1 - Oracle Corporation)
Logiciel d'archivage WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Magnet AXIOM (HKLM\...\{5945B0AF-553E-4B9B-8466-445432018FF3}}_is1) (Version: 6.6.0.33061 - Magnet Forensics Inc.)
Microsoft Access MUI (French) 2016 (HKLM-x32\...\{90160000-0015-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft DCF MUI (French) 2016 (HKLM-x32\...\{90160000-0090-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 108.0.1462.42 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 108.0.1462.46 - Microsoft Corporation)
Microsoft Excel MUI (French) 2016 (HKLM-x32\...\{90160000-0016-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (French) 2016 (HKLM-x32\...\{90160000-00BA-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (French) 2016 (HKLM-x32\...\{90160000-0044-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2016 (HKLM\...\{90160000-002A-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2016 – Deutsch (HKLM-x32\...\{90160000-001F-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (French) 2016 (HKLM-x32\...\{90160000-00E1-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (French) 2016 (HKLM-x32\...\{90160000-00E2-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professionnel Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing (French) 2016 (HKLM-x32\...\{90160000-002C-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM-x32\...\{90160000-001F-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - اللغة العربية (HKLM-x32\...\{90160000-001F-0401-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (French) 2016 (HKLM\...\{90160000-002A-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2016 (HKLM-x32\...\{90160000-006E-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\OneDriveSetup.exe) (Version: 22.232.1106.0002 - Microsoft Corporation)
Microsoft OneNote MUI (French) 2016 (HKLM-x32\...\{90160000-00A1-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (French) 2016 (HKLM-x32\...\{90160000-001A-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (French) 2016 (HKLM-x32\...\{90160000-0018-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (French) 2016 (HKLM-x32\...\{90160000-0019-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Skype for Business MUI (French) 2016 (HKLM-x32\...\{90160000-012B-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29913 (HKLM-x32\...\{572DCD10-CF2E-43D1-8151-8BD9AC9086D0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29913 (HKLM-x32\...\{6236EBBD-F50F-40B3-B819-8DB0C608308C}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.73.1 - Microsoft Corporation)
Microsoft Word MUI (French) 2016 (HKLM-x32\...\{90160000-001B-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nipper (HKLM-x32\...\NipperStudio) (Version: 2.13.0 - Titania)
Nmap 7.93 (HKLM-x32\...\Nmap) (Version: 7.93 - Nmap Project)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.71 - Nmap Project)
OpenVPN 2.5.8-I603 amd64 (HKLM\...\{4DC5E5B0-0BC0-4A2B-B118-1F2E3796E8A4}) (Version: 2.5.039 - OpenVPN, Inc.)
Oracle VM VirtualBox 6.1.36 (HKLM\...\{C4FD4C3F-BA9F-4B03-B87A-809A9D0FAFEC}) (Version: 6.1.36 - Oracle Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Postman x86_64 10.1.2 (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Postman) (Version: 10.1.2 - Postman)
Python 3.10.7 (64-bit) (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\{c62ef944-a7c9-4646-9fc7-d9e658defc1f}) (Version: 3.10.7150.0 - Python Software Foundation)
Python 3.10.7 Add to Path (64-bit) (HKLM\...\{585A1EFD-29F6-4016-9AD0-93068F81AD0C}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Core Interpreter (64-bit) (HKLM\...\{D4C83865-A602-4834-8390-B094CAF22F71}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Development Libraries (64-bit) (HKLM\...\{C9D65557-5B19-4B9B-860E-4E5477F9B10A}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Executables (64-bit) (HKLM\...\{CE8E4C24-9C7B-447B-B974-CD8236BE09B9}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 pip Bootstrap (64-bit) (HKLM\...\{30C9588C-5E1D-479E-988A-DA38CADFA384}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Standard Library (64-bit) (HKLM\...\{08D7A4E8-F704-409B-A676-457432DA3248}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Utility Scripts (64-bit) (HKLM\...\{E1A1200C-5CC4-404B-BF93-E33C463963CD}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{96BFBDD2-78C9-42B5-9893-FABA2BB527C4}) (Version: 3.10.7917.0 - Python Software Foundation)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM-x32\...\{90160000-001F-0413-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows Subsystem for Linux Update (HKLM\...\{36EF257E-21D5-44F7-8451-07923A8C465E}) (Version: 5.10.16 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\ZoomUMX) (Version: 5.12.8 (10232) - Zoom Video Communications, Inc.)

Packages:
=========
Centre de configuration des graphiques Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-08-24] (INTEL CORP) [Startup Task]
Centre de contrôle Thunderbolt™ -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.36.0_x64__8j3eq9eme6ctt [2022-09-26] (INTEL CORP)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_2.39.278.0_x64__dt26b99r8h8gj [2022-10-22] (Realtek Semiconductor Corp)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.29.0_x64__v10z8vjag6ke6 [2022-08-24] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-16] (INTEL CORP)
Kali Linux -> C:\Program Files\WindowsApps\KaliLinux.54290C8133FEE_1.14.0.0_x64__ey8k8hqnwqnmg [2022-12-08] (Kali Linux)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-08] (Microsoft Studios) [MS Ad]
Synaptics PointStick Settings Manager – Commercial -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPCommercialStykDApp_19006.1005.0.0_x64__807d65c4rvak2 [2022-08-23] (Synaptics Incorporated)
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu_2204.1.7.0_x64__79rhkp1fndgsc [2022-11-09] (Canonical Group Limited)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_1b9744c2f44d96c2\OptaneShellExt.dll [2021-10-20] (Intel Corporation -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2022-07-10] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2022-07-10] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_1b9744c2f44d96c2\OptaneShellExt.dll [2021-10-20] (Intel Corporation -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\TOM\Documents\Backups\Linux\backup\AuditsTOM\Douanes\29-06-2020\outputs\files\jxplorer\JXplorer.lnk -> C:\Users\stephanie\Desktop\outputs\files\jxplorer\jxplorer.bat (No File)

==================== Loaded Modules (Whitelisted) =============

2022-08-09 07:08 - 2010-03-15 09:28 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2022-07-15 19:00 - 2022-07-15 19:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-11-24 07:22 - 2022-11-24 07:22 - 000254464 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Windows\Temp\jna--666108941\jna1750024592914009253.dll
2020-10-22 22:42 - 2020-10-22 22:42 - 000217600 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll
2020-10-22 22:42 - 2020-10-22 22:42 - 000404480 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll
2020-10-22 22:42 - 2020-10-22 22:42 - 000379904 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll
2020-10-22 22:42 - 2020-10-22 22:42 - 000504320 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll
2020-10-22 22:42 - 2020-10-22 22:42 - 000218624 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\TOM\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\TOM\AppData\Roaming:iSpring Solutions [128]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_351\bin\ssv.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 09:14 - 2022-11-03 18:07 - 000001056 _____ C:\Windows\system32\drivers\etc\hosts
192.168.1.31 host.docker.internal
192.168.1.31 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal

2022-08-10 16:38 - 2022-12-12 08:52 - 000000514 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.24.176.1 MY_LAPTOP.mshome.net # 2027 12 6 11 8 52 15 983
72.21.48.1 MY_LAPTOP.mshome.net # 2027 9 2 21 18 21 4 757

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Java\jdk-11.0.16.1;C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\VMware\VMware Player\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Docker\Docker\resources\bin;C:\ProgramData\DockerDesktop\version-bin;C:\Program Files\Git\cmd;C:\Users\TOM\Documents\Tools\Zimmerman;
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\c.bmp
DNS Servers: 196.201.90.4 - 196.201.90.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
OpenVPN Wintun: VMware Bridge Protocol -> vmware_bridge (enabled) 
OpenVPN Wintun: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network #2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network #2: VMware Bridge Protocol -> vmware_bridge (enabled) 
VirtualBox Host-Only Network #2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
OpenVPN TAP-Windows6: VMware Bridge Protocol -> vmware_bridge (enabled) 
OpenVPN TAP-Windows6: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
OpenVPN TAP-Windows6: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled) 
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
vEthernet (WSL): VMware Bridge Protocol -> vmware_bridge (enabled) 
vEthernet (WSL): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
vEthernet (WSL): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VirtualBox Host-Only Network: VMware Bridge Protocol -> vmware_bridge (enabled) 
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\StartupApproved\StartupFolder: => "Envoyer * OneNote.lnk<*>"
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\StartupApproved\Run: => "Docker Desktop"
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\StartupApproved\Run: => "ut"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48F8AD51-915C-4B2F-8E35-1CD1D01644F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90B43D50-41E3-4E9A-B967-72C8FCD56120}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{92187504-99F7-49B3-8973-AE5B2A23988A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{872C29EA-EB7C-4B47-A96B-D1BCBDD46032}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D47E19A0-EF83-4416-AE3C-B9BF48315708}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [File not signed]
FirewallRules: [UDP Query User{4C1D0FDD-C484-4CB0-A268-0743EB350094}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [File not signed]
FirewallRules: [{A27F14C8-B43C-49DF-8A4D-0F96AEB19FEE}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{4D51F720-0B36-4BF7-B082-D389164852C8}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{D8A93E84-3987-42BE-A05A-0002CEB8FF82}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{086886C4-C34C-4994-BD23-BB49F7B8C851}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{83E28FCD-C95C-4D65-A81C-01326E3D0EF4}C:\program files\python\python310\python.exe] => (Allow) C:\program files\python\python310\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [UDP Query User{A5EFB03D-5E21-4A43-A6A9-5CF5A1960898}C:\program files\python\python310\python.exe] => (Allow) C:\program files\python\python310\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [TCP Query User{FFB7F1D3-667B-4A60-B68E-5D225F163423}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run => No File
FirewallRules: [UDP Query User{F63238D5-B9A8-45B2-8D32-519F179924F0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run => No File
FirewallRules: [TCP Query User{0277EAB2-BFCA-4A12-BD39-19CA530B3F9C}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx => No File
FirewallRules: [UDP Query User{D93784F8-3A2F-41B2-A87C-FC9F6E12F9D0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx => No File
FirewallRules: [{9E77B729-43A7-4738-AC79-9FA819458491}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FC178899-6DC0-45CE-89CF-BD98CFE546D2}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{4232EDA5-FEF9-454C-8720-0EAC8EDD1256}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{C6F51621-278A-4C4A-8016-9B53B6DBD87D}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd => No File
FirewallRules: [UDP Query User{DE6FB1B2-97FD-46A4-99E4-63354BFEB44E}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd => No File
FirewallRules: [TCP Query User{99149935-F5D4-4141-85D3-A933BC30A0DF}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [File not signed]
FirewallRules: [UDP Query User{B3A0C955-0C14-4139-BD8F-C3D7604F41EB}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [File not signed]
FirewallRules: [{C1484939-B268-48FF-91D2-046D17A2F6C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4AA30488-8B46-4B58-BC0B-F45F097A0EFC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F71D635-BCB5-461A-B3BA-041C1D8E9F8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{028B9DBD-7890-4702-BA90-106DA50CA878}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.91.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{6698CC05-5DB2-42C9-862A-CB2FC0841AFB}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe () [File not signed]
FirewallRules: [UDP Query User{6BA7C7F2-F0C2-44D0-A5E9-1D56CAF1BC3E}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe () [File not signed]
FirewallRules: [{5CF58141-8C9B-4F49-9DF8-6ED4C94A5B31}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ECB5373A-FC9E-4AEA-9573-BB91248E15D1}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:930.89 GB) (Free:643.93 GB) (69%)

==================== Faulty Device Manager Devices ============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter #2
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Wintun Userspace Tunnel
Description: Wintun Userspace Tunnel
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WireGuard LLC
Service: wintun
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Hyper-V Virtual Ethernet Adapter
Description: Carte Ethernet virtuelle Hyper-V
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: VMSNPXYMP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/08/2022 12:35:48 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Échec de l’acquisition d’un ticket authentique (hr=0x80072EFD) pour l’Id de modèle {99d92734-d682-4d71-983e-d6ec3f16059f}

Error: (12/08/2022 12:35:48 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Détails de l’échec d’acquisition de la licence. 
hr=0x80072EFD

Error: (12/06/2022 03:28:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme explorer.exe version 10.0.19041.2193 a cessé d'interagir avec Windows et a été fermé. Pour voir si plus d'informations sur le problème sont disponibles, vérifiez l'historique des problèmes dans le Panneau de configuration Sécurité et maintenance.

ID de processus : 5284

Heure de début : 01d905a0d642a757

Heure d'arrêt : 0

Chemin d'accès à l'application : C:\Windows\explorer.exe

ID de rapport : 35baf412-8b18-42df-9967-831fd6011135

Nom complet du package défectueux : 

ID de l'application relative à un package défectueux : 

Type de blocage : Unknown

Error: (12/01/2022 12:35:36 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Échec de l’acquisition d’un ticket authentique (hr=0x80072EFD) pour l’Id de modèle {99d92734-d682-4d71-983e-d6ec3f16059f}

Error: (12/01/2022 12:35:36 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Détails de l’échec d’acquisition de la licence. 
hr=0x80072EFD

Error: (12/01/2022 12:35:25 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Échec de l’acquisition d’un ticket authentique (hr=0x80072EFD) pour l’Id de modèle {99d92734-d682-4d71-983e-d6ec3f16059f}

Error: (12/01/2022 12:35:25 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Détails de l’échec d’acquisition de la licence. 
hr=0x80072EFD

Error: (11/28/2022 05:36:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante HotKeyServiceUWP.exe, version : 8.10.35.44674, horodatage : 0x62a06fc3
Nom du module défaillant : ntdll.dll, version : 10.0.19041.2130, horodatage : 0xb5ced1c6
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000002faad
ID du processus défaillant : 0xda4
Heure de début de l’application défaillante : 0x01d8ffd575f5430c
Chemin d’accès de l’application défaillante : C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_e2143fc8249238dd\HotKeyServiceUWP.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll
ID de rapport : b121ce7a-7ad5-4e5d-87d2-0bf7ada89bc6
Nom complet du package défaillant : 
ID de l’application relative au package défaillant :


System errors:
=============
Error: (12/12/2022 08:47:33 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: AUTORITE NT)
Description: Le miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {ceae3841-e5a0-4371-9faa-5ad39dc42763}, a eu l’événement 74

Error: (12/09/2022 02:32:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service HotKeyServiceUWP.

Error: (12/09/2022 02:30:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service HotKeyServiceUWP.

Error: (12/09/2022 02:27:00 PM) (Source: DCOM) (EventID: 10010) (User: AUTORITE NT)
Description: Le serveur {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (12/09/2022 02:23:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service HPAppHelperCap.

Error: (12/09/2022 02:13:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service HPAppHelperCap.

Error: (12/09/2022 02:10:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Client de stratégie de groupe n’a pas pu démarrer en raison de l’erreur : 
Le service n’a pas répondu assez vite à la demande de lancement ou de contrôle.

Error: (12/09/2022 02:10:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Client de stratégie de groupe.


Windows Defender:
================
Date: 2022-12-12 12:51:59
Description: 
Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Linux/CVE-2016-5195.A!MTB&threatid=2147769944&enterprise=0
Nom : Trojan:Linux/CVE-2016-5195.A!MTB
ID : 2147769944
Gravité : Grave
Catégorie : Cheval de Troie
Chemin : file:_C:\Program Files\Magnet Forensics\Magnet AXIOM\AXIOM Process\Binaries\64\exploit
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : MY_LAPTOP\TOM
Nom du processus : C:\Windows\sigcheck.exe
Version de la veille de sécurité : AV: 1.381.310.0, AS: 1.381.310.0, NIS: 1.381.310.0
Version du moteur : AM: 1.1.19900.2, NIS: 1.1.19900.2

Date: 2022-12-12 12:46:18
Description: 
Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Mimikatz.D&threatid=2147729891&enterprise=0
Nom : HackTool:Win32/Mimikatz.D
ID : 2147729891
Gravité : Élevée
Catégorie : Outil
Chemin : file:_C:\$Recycle.Bin\S-1-5-21-4291724383-3096681415-704644627-1001\$R9R8MIY.exe
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : MY_LAPTOP\TOM
Nom du processus : C:\Windows\sigcheck.exe
Version de la veille de sécurité : AV: 1.381.310.0, AS: 1.381.310.0, NIS: 1.381.310.0
Version du moteur : AM: 1.1.19900.2, NIS: 1.1.19900.2

Date: 2022-12-12 09:05:36
Description: 
L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin.
ID de l’analyse : {AC2AD6FB-36A3-4876-A534-145C7B7A5273}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse rapide
Utilisateur : AUTORITE NT\Système

Date: 2022-12-08 12:22:20
Description: 
L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin.
ID de l’analyse : {7EA25C73-7DA6-408F-ACD3-483243BCF334}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse rapide
Utilisateur : AUTORITE NT\Système

Date: 2022-12-06 18:21:26
Description: 
L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin.
ID de l’analyse : {15FF2332-7536-41E6-80AD-F1A2DB87802B}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse rapide
Utilisateur : AUTORITE NT\Système
Event[0]:

Date: 2022-12-09 09:26:28
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:28
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Logiciel anti-espion
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:28
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:23
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:23
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Logiciel anti-espion
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

CodeIntegrity:
===============
Date: 2022-12-12 09:05:31
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-12-12 09:01:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_33a6982ac1e20313\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-12-12 08:47:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_33a6982ac1e20313\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

BIOS: HP T37 Ver. 01.10.00 07/15/2022
Motherboard: HP 8AB8
Processor: 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz
Percentage of memory in use: 38%
Total physical RAM: 32448.21 MB
Available physical RAM: 20092.15 MB
Total Virtual: 37312.21 MB
Available Virtual: 22807.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.89 GB) (Free:643.93 GB) (Model: KINGSTON SNVS1000GB) NTFS
Drive d: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:582.47 GB) (Model: Seagate Expansion SCSI Disk Device) NTFS

\\?\Volume{1fac8aa4-ea46-47c8-a2a1-40d56c8ac893}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{f2a9c796-48fc-4fde-bc26-1b9830efe024}\ () (Fixed) (Total:0.09 GB) (Free:0.02 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 43E6412F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Johndoe225
Active Member
 
Posts: 12
Joined: June 21st, 2019, 3:17 pm

Re: Infected by malware named Black Sky

Unread postby Gary R » December 12th, 2022, 11:33 am

No problem, I can speak a little schoolboy French, and there's always Google Translate, just needed to reduce the amount of translation I'd need to do.

Looking over your logs now. Dependant on what I find, and how much I need to research, this may or may not take some time.

Will get back to you ASAP.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25741
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected by malware named Black Sky

Unread postby Gary R » December 12th, 2022, 12:02 pm

No obvious signs of an active infection in the logs you've supplied, however there are a few things that I'd like to investigate further, and a few items that should be attended to.

Question ... the IPA for your DNS server has an address in Cote d"Ivoire ....

Tcpip\Parameters: [DhcpNameServer] 196.201.90.4 196.201.90.20

.... as your log is in French, I am assuming that you are connecting from that country. If that is not the case, please let me know.

Next ...

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include Code: Select All ) .....
Code: Select all
VirusTotal:C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shingeki no kyojin.exe;C:\Program Files\FileZilla Server\filezilla-server.exe

Folder: C:\Users\TOM\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6

GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {3E8A841D-6F4C-46CC-A589-83A9D288E092} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (No File)
Task: {B887709B-9A2F-46D7-9D6F-1E615D867DF1} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-08-18] () [File not signed]
AutoConfigURL: [{34753BBF-14BA-41B0-9B83-5C30F4688EB6}] => hxxp://proxy.homelab.local/ <==== ATTENTION
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\TOM\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\TOM\AppData\Roaming:iSpring Solutions [128]
FirewallRules: [TCP Query User{FFB7F1D3-667B-4A60-B68E-5D225F163423}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run => No File
FirewallRules: [UDP Query User{F63238D5-B9A8-45B2-8D32-519F179924F0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run => No File
FirewallRules: [TCP Query User{0277EAB2-BFCA-4A12-BD39-19CA530B3F9C}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx => No File
FirewallRules: [UDP Query User{D93784F8-3A2F-41B2-A87C-FC9F6E12F9D0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx => No File
FirewallRules: [{FC178899-6DC0-45CE-89CF-BD98CFE546D2}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{4232EDA5-FEF9-454C-8720-0EAC8EDD1256}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{C6F51621-278A-4C4A-8016-9B53B6DBD87D}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd => No File
FirewallRules: [UDP Query User{DE6FB1B2-97FD-46A4-99E4-63354BFEB44E}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd => No File

EmptyTemp:
CMD: ipconfig /flushdns

  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

I'd like you to run an online scan for me ...

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25741
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected by malware named Black Sky

Unread postby Johndoe225 » December 12th, 2022, 3:28 pm

Gary R wrote:No obvious signs of an active infection in the logs you've supplied, however there are a few things that I'd like to investigate further, and a few items that should be attended to.

Question ... the IPA for your DNS server has an address in Cote d"Ivoire ....

Tcpip\Parameters: [DhcpNameServer] 196.201.90.4 196.201.90.20

.... as your log is in French, I am assuming that you are connecting from that country. If that is not the case, please let me know.

Next ...

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include Code: Select All ) .....
Code: Select all
VirusTotal:C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shingeki no kyojin.exe;C:\Program Files\FileZilla Server\filezilla-server.exe

Folder: C:\Users\TOM\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6

GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {3E8A841D-6F4C-46CC-A589-83A9D288E092} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (No File)
Task: {B887709B-9A2F-46D7-9D6F-1E615D867DF1} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-08-18] () [File not signed]
AutoConfigURL: [{34753BBF-14BA-41B0-9B83-5C30F4688EB6}] => hxxp://proxy.homelab.local/ <==== ATTENTION
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\TOM\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\TOM\AppData\Roaming:iSpring Solutions [128]
FirewallRules: [TCP Query User{FFB7F1D3-667B-4A60-B68E-5D225F163423}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run => No File
FirewallRules: [UDP Query User{F63238D5-B9A8-45B2-8D32-519F179924F0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run => No File
FirewallRules: [TCP Query User{0277EAB2-BFCA-4A12-BD39-19CA530B3F9C}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx => No File
FirewallRules: [UDP Query User{D93784F8-3A2F-41B2-A87C-FC9F6E12F9D0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx => No File
FirewallRules: [{FC178899-6DC0-45CE-89CF-BD98CFE546D2}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{4232EDA5-FEF9-454C-8720-0EAC8EDD1256}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{C6F51621-278A-4C4A-8016-9B53B6DBD87D}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd => No File
FirewallRules: [UDP Query User{DE6FB1B2-97FD-46A4-99E4-63354BFEB44E}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd => No File

EmptyTemp:
CMD: ipconfig /flushdns

  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

I'd like you to run an online scan for me ...

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.


Hello Gary,

You can find the results below
By the way, it deleted so many python an powershell scripts. But I understand why.

Fixlog.txt
Code: Select all
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2022
Ran by TOM (12-12-2022 17:33:37) Run:1
Running from C:\Users\TOM\Desktop
Loaded Profiles: TOM
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal:C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shingeki no kyojin.exe;C:\Program Files\FileZilla Server\filezilla-server.exe

Folder: C:\Users\TOM\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6

GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {3E8A841D-6F4C-46CC-A589-83A9D288E092} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (No File)
Task: {B887709B-9A2F-46D7-9D6F-1E615D867DF1} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-08-18] () [File not signed]
AutoConfigURL: [{34753BBF-14BA-41B0-9B83-5C30F4688EB6}] => hxxp://proxy.homelab.local/ <==== ATTENTION
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\TOM\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\TOM\AppData\Roaming:iSpring Solutions [128]
FirewallRules: [TCP Query User{FFB7F1D3-667B-4A60-B68E-5D225F163423}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run => No File
FirewallRules: [UDP Query User{F63238D5-B9A8-45B2-8D32-519F179924F0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run => No File
FirewallRules: [TCP Query User{0277EAB2-BFCA-4A12-BD39-19CA530B3F9C}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx => No File
FirewallRules: [UDP Query User{D93784F8-3A2F-41B2-A87C-FC9F6E12F9D0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx => No File
FirewallRules: [{FC178899-6DC0-45CE-89CF-BD98CFE546D2}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{4232EDA5-FEF9-454C-8720-0EAC8EDD1256}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{C6F51621-278A-4C4A-8016-9B53B6DBD87D}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd => No File
FirewallRules: [UDP Query User{DE6FB1B2-97FD-46A4-99E4-63354BFEB44E}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd] => (Allow) C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd => No File

EmptyTemp:
CMD: ipconfig /flushdns
*****************

VirusTotal: C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shingeki no kyojin.exe => https://www.virustotal.com/gui/file/cbc76954bb4b1f66e72b0f294b0f7fdedfb4f48f026cde3134d5586f7c5b0c49/detection/f-cbc76954bb4b1f66e72b0f294b0f7fdedfb4f48f026cde3134d5586f7c5b0c49-1670803275
VirusTotal: C:\Program Files\FileZilla Server\filezilla-server.exe => https://www.virustotal.com/gui/file/df12926d7ada4f667a4b792a7ce56462ef2fc61f4534af13b7eb1d8e375062cc/detection/f-df12926d7ada4f667a4b792a7ce56462ef2fc61f4534af13b7eb1d8e375062cc-1669713528

========================= Folder: C:\Users\TOM\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6 ========================

C:\Users\TOM\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6 = File

====== End of Folder: ======

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E8A841D-6F4C-46CC-A589-83A9D288E092}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E8A841D-6F4C-46CC-A589-83A9D288E092}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B887709B-9A2F-46D7-9D6F-1E615D867DF1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B887709B-9A2F-46D7-9D6F-1E615D867DF1}" => removed successfully
C:\Windows\System32\Tasks\npcapwatchdog => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\npcapwatchdog" => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{34753BBF-14BA-41B0-9B83-5C30F4688EB6} => removed successfully
C:\ProgramData => ":iSpring Solutions" ADS removed successfully
"C:\Users\All Users" => ":iSpring Solutions" ADS not found.
"C:\ProgramData\Application Data" => ":iSpring Solutions" ADS not found.
C:\Users\TOM\Application Data => ":iSpring Solutions" ADS removed successfully
"C:\Users\TOM\AppData\Roaming" => ":iSpring Solutions" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FFB7F1D3-667B-4A60-B68E-5D225F163423}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F63238D5-B9A8-45B2-8D32-519F179924F0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit-latest-linux-x64-installer.run" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0277EAB2-BFCA-4A12-BD39-19CA530B3F9C}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D93784F8-3A2F-41B2-A87C-FC9F6E12F9D0}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\opt\metasploit\nginx\sbin\nginx" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC178899-6DC0-45CE-89CF-BD98CFE546D2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4232EDA5-FEF9-454C-8720-0EAC8EDD1256}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C6F51621-278A-4C4A-8016-9B53B6DBD87D}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DE6FB1B2-97FD-46A4-99E4-63354BFEB44E}C:\users\tom\appdata\local\packages\canonicalgrouplimited.ubuntu_79rhkp1fndgsc\localstate\rootfs\usr\sbin\rpc.statd" => removed successfully

========= ipconfig /flushdns =========


Configuration IP de Windows

Cache de r‚solution DNS vid‚.

========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 73788350 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 104476 B
Windows/system/drivers => 63654059 B
Edge => 0 B
Chrome => 956732727 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 304650 B
TOM => 270429633 B

RecycleBin => 980339117 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:34:32 ====


eset.txt
Code: Select all
12/12/2022 19:16:46
Files scanned: 874180
Detected files: 61
Cleaned files: 61
Total scan time 01:32:49
Scan status: Finished
C:\Program Files\Magnet Forensics\Magnet AXIOM\AXIOM Process\Binaries\32\exploit	a variant of Android/Exploit.CVE-2016-5195.A trojan	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Code\User\History\-767e32ce\4EWi.py	ASP/ReGeorg.S potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shingeki no kyojin.exe	MSIL/Agent.WI worm	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\Scripts\atexec.py	Python/Impacket.B potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\Scripts\dcomexec.py	Python/Impacket.B potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\Scripts\ntlmrelayx.py	Python/Impacket.A potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\Scripts\psexec.py	Python/Impacket.B potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\Scripts\raiseChild.py	Python/HackTool.Agent.W potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\Scripts\secretsdump.py	Python/Impacket.A potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\Scripts\smbexec.py	Python/Impacket.B potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\Scripts\wmiexec.py	Python/Impacket.B potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\site-packages\impacket\examples\__pycache__\secretsdump.cpython-310.pyc	Python/HackTool.Agent.W potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\site-packages\impacket\examples\secretsdump.py	Python/HackTool.Agent.W potentially unsafe application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\site-packages\ldapdomaindump\__pycache__\__init__.cpython-310.pyc	Python/Riskware.LdapDump.A application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\Python\Python310\site-packages\ldapdomaindump\__init__.py	Python/Riskware.LdapDump.A application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\uTorrent\updates\3.5.5_46552.exe	a variant of Win32/uTorrent.E potentially unwanted application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\uTorrent\updates\3.6.0_46554.exe	a variant of Win32/uTorrent_AGen.A potentially unwanted application	cleaned by deleting

C:\Users\TOM\AppData\Roaming\uTorrent\updates\utorrent.exe	a variant of Win32/uTorrent_AGen.A potentially unwanted application	deleted

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\01_07_2020\PowerSploit\Privesc\Get-System.ps1	PowerShell/RiskWare.PowerSploit.C application	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\01_07_2020\PowerSploit\ScriptModification\Out-EncryptedScript.ps1	PowerShell/Agent.WR trojan	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\01_07_2020\PowerSploit\Tests\Privesc.tests.ps1	PowerShell/RiskWare.PowerSploit.BW application	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\03-07-2020\output-03-07-2020\PowerSploit\Privesc\Get-System.ps1	PowerShell/RiskWare.PowerSploit.C application	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\03-07-2020\output-03-07-2020\PowerSploit\ScriptModification\Out-EncryptedScript.ps1	PowerShell/Agent.WR trojan	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\03-07-2020\output-03-07-2020\PowerSploit\Tests\Privesc.tests.ps1	PowerShell/RiskWare.PowerSploit.BW application	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\08-07-2020\output-08-07-2020\MailSniper-master\MailSniper-master\MailSniper.ps1	PowerShell/RiskWare.MailSniper.A application	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\09-07-2020\MailSniper-master\MailSniper-master\MailSniper.ps1	PowerShell/RiskWare.MailSniper.A application	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\09-07-2020\MailSniper-master\MailSniper.ps1	PowerShell/RiskWare.MailSniper.A application	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\29-06-2020\outputs\files\nmap-7.80\ncat.exe	a variant of Win32/NetTool.Ncat.A potentially unsafe application	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\30-06-2020\PowerSploit\Privesc\Get-System.ps1	PowerShell/RiskWare.PowerSploit.C application	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\30-06-2020\PowerSploit\ScriptModification\Out-EncryptedScript.ps1	PowerShell/Agent.WR trojan	cleaned by deleting

C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\30-06-2020\PowerSploit\Tests\Privesc.tests.ps1	PowerShell/RiskWare.PowerSploit.BW application	cleaned by deleting

C:\Users\TOM\Documents\Tools\Bloodhound\SharpHound-v1.0.2\SharpHound.exe	a variant of MSIL/Riskware.SharpHound.A application	cleaned by deleting

C:\Users\TOM\Documents\Tools\Bloodhound\SharpHound-v1.1.0\SharpHound.exe	a variant of MSIL/Riskware.SharpHound.C application	cleaned by deleting

C:\Users\TOM\Documents\Tools\Bloodhound\SharpHound-v1.1.0\SharpHound.ps1	PowerShell/RiskWare.BloodHound.C application	cleaned by deleting

C:\Users\TOM\Documents\Tools\Exploits\WSO2\CVE-2022-29464\exploit.py	Java/Webshell.BF trojan	cleaned by deleting

C:\Users\TOM\Documents\Tools\Exploits\WSO2\CVE-2022-29464\exploit2.py	ASP/ReGeorg.S potentially unsafe application	cleaned by deleting

C:\Users\TOM\Documents\Tools\Kansa\Analysis\disk\Decompress-KansaOutputFile.ps1	PowerShell/TrojanDropper.Agent.YX trojan	cleaned by deleting

C:\Users\TOM\Documents\Tools\Kansa\Analysis\disk\Write-StreamToDisk.ps1	PowerShell/TrojanDropper.Agent.YX trojan	cleaned by deleting

C:\Users\TOM\Documents\Tools\mimikatz\Win32\mimidrv.sys	a variant of Win32/RiskWare.Mimikatz.AU application	cleaned by deleting

C:\Users\TOM\Documents\Tools\mimikatz\Win32\mimikatz.exe	a variant of Win32/RiskWare.Mimikatz.BC application	cleaned by deleting

C:\Users\TOM\Documents\Tools\mimikatz\Win32\mimilib.dll	a variant of Win32/RiskWare.Mimikatz.J application	cleaned by deleting

C:\Users\TOM\Documents\Tools\mimikatz\Win32\mimilove.exe	a variant of Win32/RiskWare.Mimikatz.AR application	cleaned by deleting

C:\Users\TOM\Documents\Tools\mimikatz\x64\mimidrv.sys	a variant of Win64/Riskware.Mimikatz.I application	cleaned by deleting

C:\Users\TOM\Documents\Tools\mimikatz\x64\mimikatz.exe	a variant of Win64/Riskware.Mimikatz.D application	cleaned by deleting

C:\Users\TOM\Documents\Tools\mimikatz\x64\mimilib.dll	a variant of Win64/Riskware.Mimikatz.U application	cleaned by deleting

C:\Users\TOM\Documents\Tools\NetLoader\NetLoader\LOLBins\NetLoader.xml	XML/Agent.AK trojan	cleaned by deleting

C:\Users\TOM\Documents\Tools\NetLoader\NetLoader\Source\explor2.exe	a variant of MSIL/Riskware.SharpHound.A application	cleaned by deleting

C:\Users\TOM\Documents\Tools\NetLoader\NetLoader\Source\explor3.exe	a variant of Win64/Riskware.Mimikatz.D application	cleaned by deleting

C:\Users\TOM\Documents\Tools\NetLoader\NetLoader\Source\explor5.exe	a variant of Win32/Rozena.AA trojan	cleaned by deleting

C:\Users\TOM\Documents\Tools\NetLoader\NetLoader\Source\explor6.exe	a variant of MSIL/Riskware.LsassDumper.K application	cleaned by deleting

C:\Users\TOM\Documents\Tools\NetLoader\NetLoader\Source\explorer.txt	a variant of MSIL/TrojanDownloader.Small.CQJ trojan	cleaned by deleting

C:\Users\TOM\Documents\Tools\NetLoader\NetLoader\Source\explorer1.exe	a variant of MSIL/TrojanDownloader.Small.CQJ trojan	cleaned by deleting

C:\Users\TOM\Documents\Tools\Tunneling\reGeorg\reGeorgSocksProxy.py	Python/Agent.IU trojan	cleaned by deleting

C:\Users\TOM\Documents\Tools\Tunneling\reGeorg\tunnel.ashx	ASP/ReGeorg.B trojan	cleaned by deleting

C:\Users\TOM\Documents\Tools\Tunneling\reGeorg\tunnel.aspx	ASP/ReGeorg.B trojan	cleaned by deleting

C:\Users\TOM\Documents\Tools\Tunneling\reGeorg\tunnel.js	ASP/ReGeorg.B potentially unsafe application	cleaned by deleting

C:\Users\TOM\Documents\Tools\Tunneling\reGeorg\tunnel.jsp	ASP/ReGeorg.A potentially unsafe application	cleaned by deleting

C:\Users\TOM\Documents\Tools\Tunneling\reGeorg\tunnel.nosocket.php	PHP/ReGeorg.A potentially unsafe application	cleaned by deleting

C:\Users\TOM\Documents\Tools\Tunneling\reGeorg\tunnel.php	PHP/ReGeorg.A potentially unsafe application	cleaned by deleting

C:\Users\TOM\Documents\Tools\Tunneling\reGeorg\tunnel.tomcat.5.jsp	ASP/ReGeorg.A potentially unsafe application	cleaned by deleting

C:\Users\TOM\Downloads\uTorrent.exe	Win32/OfferCore.C potentially unwanted application,a variant of Win32/OfferCore.D potentially unwanted application	cleaned by deleting

Johndoe225
Active Member
 
Posts: 12
Joined: June 21st, 2019, 3:17 pm

Re: Infected by malware named Black Sky

Unread postby Gary R » December 12th, 2022, 5:51 pm

Please run a new scan with FRST, and post me your new FRST.txt and Addition.txt logs please.

Also please let me know how your computer is behaving now.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25741
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected by malware named Black Sky

Unread postby Johndoe225 » December 12th, 2022, 6:35 pm

Gary R wrote:Please run a new scan with FRST, and post me your new FRST.txt and Addition.txt logs please.

Also please let me know how your computer is behaving now.


Hello Gary,

My computer seems to be OK. But the desktop wallpaper is still the "black sky" image of the virus that I was infected with (red background with black sky written in white)

Below are the logs you've requested

FRST.txt
Code: Select all
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2022
Ran by OCI (administrator) on LAPTOP-SECBYD-O (HP HP EliteBook 840 G8 Notebook PC) (12-12-2022 22:16:35)
Running from C:\Users\OCI\Desktop
Loaded Profiles: OCI
Platform: Microsoft Windows 10 Entreprise Version 22H2 19045.2251 (X64) Language: Français (France)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DriverStore\FileRepository\cui_dch.inf_amd64_0fbb2cdf4fb6467e\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0fbb2cdf4fb6467e\igfxEMN.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <19>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (OpenVPN Inc. -> ) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\com.docker.service
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_c33d3226824e4250\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0fbb2cdf4fb6467e\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_7322d271029d40e8\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c3bfb56a1230fdfd\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_33a6982ac1e20313\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_7616b976fc6840bd\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Windows -> ) C:\Windows\System32\OpenSSH\ssh-agent.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe
(services.exe ->) (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b8f1bff0e3af96f2\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (The Apache Software Foundation -> Apache Software Foundation) C:\Users\OCI\Documents\Tools\neo4j-community-4.4.11\bin\tools\prunsrv-amd64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.214.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b8f1bff0e3af96f2\RtkAudUService64.exe [1594248 2022-08-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2022-09-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [281432 2022-08-10] (Docker Inc -> Docker Inc.)
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Run: [MicrosoftEdgeAutoLaunch_8EE6ED75BAABE45714C69E0EFA79F89F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3877288 2022-12-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [869144 2022-11-11] (OpenVPN Inc. -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{4DC5E5B0-0BC0-4A2B-B118-1F2E3796E8A4}] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\108.0.5359.99\Installer\chrmstp.exe [2022-12-08] (Google LLC -> Google LLC)
Startup: C:\Users\OCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2022-10-11]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {030F4DCD-F437-4DC7-8FDB-5436CEB610FC} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\Installer\setup.exe [3367840 2022-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {17D6E61C-B855-4883-B5AF-B1D5F1404A3A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25E4D2EA-23B0-4148-8041-DAC9AB13DBE6} - System32\Tasks\GoogleUpdateTaskMachineCore{816FA00C-AF00-4598-A6A5-AD3FDFAA39C6} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-19] (Google LLC -> Google LLC)
Task: {36E0837E-34CD-4729-817B-5E955EDA4FCA} - System32\Tasks\GoogleUpdateTaskMachineUA{1C074024-B478-4246-8AAE-4B43E3B2D864} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-19] (Google LLC -> Google LLC)
Task: {63E37383-418D-45B8-8DDD-092AC7D13EAB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {666254A2-C79C-4E10-AEC4-36E90EE8E14A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {795CCFAD-5E43-4818-BCC0-716843FF247E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CF8BDF5-4A1A-49BA-9655-7E7AA64971AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {9721C737-FAFB-461A-97DB-ACBCB3FFF3E6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E892E222-5986-4FB5-BCAD-C0E8B7103EB0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 15 C:\Windows\SysWOW64\vsocklib.dll [44128 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\vsocklib.dll [44128 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [48224 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [48224 2021-08-16] (VMware, Inc. -> VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7386cfae-11ae-4f48-b4ba-9f6742b53a70}: [DhcpNameServer] 192.168.1.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\OCI\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-12]
Edge Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\OCI\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-11-24]
Edge Extension: (HP Dynamic Audio) - C:\Users\OCI\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iahgjpkfebmcdcaifedofgakoancmoli [2022-08-10]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\OCI\AppData\Local\Google\Chrome\User Data\Default [2022-12-12]
CHR Extension: (Google Traduction) - C:\Users\OCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-11-24]
CHR Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\OCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-12-12]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\OCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2022-11-28]
CHR Extension: (Google Docs hors connexion) - C:\Users\OCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-12]
CHR Extension: (Vue.js devtools) - C:\Users\OCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhdogjmejiglipccpnnnanhbledajbpd [2022-10-20]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\OCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-19]
CHR Extension: (Proxy Switcher and Manager) - C:\Users\OCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\onnfghpihccifgojkpnnncpagjcdbjod [2022-10-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [19832 2022-08-10] (Docker Inc -> Docker Inc.)
S3 filezilla-server; C:\Program Files\FileZilla Server\filezilla-server.exe [6052352 2022-07-29] (FileZilla Project) [File not signed]
R2 FMAPOService; C:\Windows\System32\FMService64.exe [482200 2022-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HotKeyServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe [1561032 2022-10-12] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\AppHelperCap.exe [791544 2022-10-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\DiagsCap.exe [790488 2022-10-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\NetworkCap.exe [787416 2022-10-24] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_0deb2a545d07cbee\x64\SysInfoCap.exe [791496 2022-10-24] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_c33d3226824e4250\x64\TouchpointAnalyticsClientService.exe [493664 2022-09-28] (HP Inc. -> HP Inc.)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\\AS\\IAS\\IntelAudioService.exe [532024 ] (Intel Corporation -> Intel)
R2 LanWlanWwanSwitchingServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\LanWlanWwanSwitchingServiceUWP.exe [606664 2022-10-12] (HP Inc. -> HP Inc.)
S3 LxssManagerUser; C:\Windows\system32\lxss\wslclient.dll [301056 2022-08-24] (Microsoft Windows -> Microsoft Corporation)
R2 neo4j; C:\Users\OCI\Documents\Tools\neo4j-community-4.4.11\bin\tools\prunsrv-amd64.exe [116648 2022-08-29] (The Apache Software Foundation -> Apache Software Foundation)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [67360 2022-11-11] (OpenVPN Inc. -> The OpenVPN Project)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224216 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [254112 2021-07-14] (Intel Corporation -> Intel Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [748664 2022-07-19] (Oracle Corporation -> Oracle Corporation)
S2 WbfPolicyService110; C:\Windows\System32\WbfPolicyService110.exe [715704 2022-07-29] (Synaptics Incorporated -> Synaptics Incorporated.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-15] (HP Inc. -> HP Inc.)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1546944 2021-10-20] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_d97909364d9908a5\IntcUSB.sys [892968 2022-06-02] (Intel Corporation -> Intel(R) Corporation)
R3 MpKslcb7c35da; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BCF7C2DA-4ECC-4FB2-B77B-83BFA5918A70}\MpKslDrv.sys [214280 2022-12-12] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [77336 2022-08-19] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [77336 2022-08-19] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 SynStykFilterHID; C:\Windows\System32\drivers\SynTP.sys [810952 2021-09-02] (Synaptics Incorporated -> Synaptics Incorporated)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2022-11-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [242656 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [252560 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1081592 2022-07-19] (Oracle Corporation -> Oracle Corporation)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [60344 2022-07-10] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [67072 2022-07-10] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [105912 2021-08-16] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2022-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473376 2022-12-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-12] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_6e6883aaac7c1f77\WiManH\WiManH.sys [180312 2022-06-29] (Intel Corporation -> Intel Corporation)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [38176 2022-11-19] (WireGuard LLC -> WireGuard LLC)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-12 22:16 - 2022-12-12 22:16 - 000023255 _____ C:\Users\OCI\Desktop\FRST.txt
2022-12-12 21:06 - 2022-08-31 01:39 - 052735210 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2022-12-12 19:16 - 2022-12-12 19:21 - 000018392 _____ C:\Users\OCI\Desktop\eset.txt
2022-12-12 17:40 - 2022-12-12 17:40 - 000001270 _____ C:\Users\OCI\Desktop\ESET Online Scanner.lnk
2022-12-12 17:39 - 2022-12-12 17:39 - 015274968 _____ (ESET) C:\Users\OCI\Desktop\esetonlinescanner.exe
2022-12-12 17:39 - 2022-12-12 17:39 - 000001376 _____ C:\Users\OCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-12-12 17:39 - 2022-12-12 17:39 - 000000000 ____D C:\Users\OCI\AppData\Local\ESET
2022-12-12 17:35 - 2022-12-12 17:35 - 000000008 __RSH C:\ProgramData\ntuser.pol
2022-12-12 17:33 - 2022-12-12 18:01 - 000009538 _____ C:\Users\OCI\Desktop\Fixlog.txt
2022-12-12 16:02 - 2022-12-12 16:02 - 047710208 _____ C:\Users\OCI\Documents\memdump.mem
2022-12-12 15:59 - 2022-12-12 15:59 - 001738676 _____ C:\Windows\Minidump\121222-14875-01.dmp
2022-12-12 15:57 - 2022-12-12 16:03 - 1956448915 _____ C:\Windows\MEMORY.DMP
2022-12-12 15:57 - 2022-12-12 16:03 - 000000000 ____D C:\Windows\Minidump
2022-12-12 15:49 - 2022-12-12 15:49 - 000002065 _____ C:\Users\Public\Desktop\AccessData FTK Imager.lnk
2022-12-12 15:49 - 2022-12-12 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AccessData
2022-12-12 15:49 - 2022-12-12 15:49 - 000000000 ____D C:\Program Files\AccessData
2022-12-12 14:36 - 2022-12-12 14:46 - 000037833 _____ C:\Users\OCI\Desktop\FRST.old.txt
2022-12-12 14:36 - 2022-12-12 14:43 - 000049464 _____ C:\Users\OCI\Desktop\Addition.old.txt
2022-12-12 12:43 - 2022-07-19 16:09 - 000445856 _____ (Sysinternals - www.sysinternals.com) C:\Windows\sigcheck.exe
2022-12-12 12:43 - 2022-02-16 22:18 - 000712080 _____ (Sysinternals - www.sysinternals.com) C:\Windows\Autorunsc.exe
2022-12-12 11:00 - 2022-12-12 22:16 - 000000000 ____D C:\FRST
2022-12-12 10:55 - 2022-12-12 10:55 - 002375680 _____ (Farbar) C:\Users\OCI\Desktop\FRSTEnglish.exe
2022-12-12 10:44 - 2022-12-12 10:44 - 000000000 ____D C:\Users\OCI\Documents\temp2
2022-12-12 10:00 - 2022-12-12 10:00 - 000043224 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2022-12-08 18:14 - 2022-12-08 18:20 - 019268943 _____ C:\Users\OCI\Downloads\Non confirmé 729468.crdownload
2022-12-08 12:47 - 2022-12-08 16:55 - 000001230 _____ C:\Users\OCI\Desktop\sqli
2022-12-07 16:18 - 2022-12-07 16:18 - 000088940 _____ C:\Users\OCI\Downloads\ccna_4-commandes_nat_et_pat.pdf
2022-12-07 16:17 - 2022-12-07 16:17 - 000242574 _____ C:\Users\OCI\Downloads\dns.pdf
2022-12-07 15:25 - 2022-12-07 15:25 - 000167768 _____ C:\Users\OCI\Downloads\tp_dhcp_dns_natpat.pdf
2022-12-06 15:52 - 2022-12-06 15:52 - 002239919 _____ C:\Users\OCI\Desktop\CIS_Docker_Benchmark_v1_2_0.pdf
2022-12-05 16:40 - 2022-12-09 19:50 - 000000000 ____D C:\Users\OCI\Documents\CNAM
2022-12-05 16:40 - 2022-12-07 15:25 - 000000184 _____ C:\Users\OCI\.packettracer
2022-12-05 16:40 - 2022-12-05 16:42 - 000000000 ____D C:\Users\OCI\Cisco Packet Tracer 5.3.3
2022-12-05 16:40 - 2022-12-05 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer
2022-12-05 16:39 - 2022-12-05 16:40 - 000000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 5.3.3
2022-12-05 16:38 - 2022-12-05 16:39 - 084110703 _____ (Cisco Systems, Inc. ) C:\Users\OCI\Downloads\PacketTracer533_setup.exe
2022-12-02 16:17 - 2022-12-02 16:19 - 000000000 ____D C:\.ssh
2022-12-01 13:32 - 2022-12-01 13:32 - 000728952 _____ C:\Users\OCI\Desktop\OBA_Action_ASSALE.pdf
2022-11-29 11:30 - 2022-11-29 11:30 - 099112901 _____ C:\Users\OCI\Downloads\faraday-server_amd64.rpm
2022-11-25 08:36 - 2022-11-25 08:36 - 000002151 _____ C:\Users\OCI\Downloads\Mot de passe (2).zip
2022-11-25 08:32 - 2022-12-02 15:29 - 000000000 ____D C:\Users\OCI\Documents\Other OCI
2022-11-24 07:54 - 2022-11-24 07:54 - 000000000 ____D C:\Users\OCI\Documents\SANS
2022-11-24 07:27 - 2022-11-24 07:27 - 000000000 ____D C:\Users\OCI\AppData\LocalLow\Oracle
2022-11-23 08:16 - 2022-11-23 08:16 - 000000000 ____D C:\Users\OCI\AppData\Roaming\java
2022-11-23 08:15 - 2022-11-23 08:16 - 000000000 ____D C:\Users\OCI\AppData\Roaming\SQL Developer
2022-11-23 08:15 - 2022-11-23 08:15 - 000000000 ____D C:\Users\OCI\AppData\Roaming\sqldeveloper
2022-11-23 08:10 - 2022-11-23 08:10 - 000000000 ____D C:\Users\OCI\AppData\Roaming\HeidiSQL
2022-11-22 08:39 - 2022-11-22 08:40 - 000000000 ____D C:\Users\OCI\Documents\Objectifs
2022-11-19 18:16 - 2022-11-21 08:56 - 000000420 _____ C:\Users\OCI\Documents\GBAKI-WSL2-Networking.txt
2022-11-19 17:53 - 2022-11-19 17:53 - 000039920 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2022-11-19 17:53 - 2022-11-19 17:53 - 000038176 _____ (WireGuard LLC) C:\Windows\system32\Drivers\wintun.sys
2022-11-19 17:53 - 2022-11-19 17:53 - 000001996 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2022-11-19 17:53 - 2022-11-19 17:53 - 000000000 ____D C:\Users\OCI\OpenVPN
2022-11-19 17:53 - 2022-11-19 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2022-11-19 17:53 - 2022-11-19 17:53 - 000000000 ____D C:\Program Files\OpenVPN
2022-11-19 17:52 - 2022-11-19 17:52 - 004419584 _____ C:\Users\OCI\Downloads\OpenVPN-2.5.8-I603-amd64.msi
2022-11-19 17:20 - 2022-11-19 17:54 - 000000000 ____D C:\Users\OCI\Documents\Hackthebox
2022-11-18 11:09 - 2022-11-18 11:09 - 000000000 ___HD C:\$WinREAgent
2022-11-18 11:01 - 2022-11-18 11:01 - 000000000 ____D C:\Users\OCI\Documents\Zoom
2022-11-18 11:00 - 2022-11-18 11:00 - 000137600 _____ (Zoom Video Communications, Inc.) C:\Users\OCI\Downloads\Zoom_cm_ds_mfgiXX8B7vVy4TSHYrmFgaMGH61rfkglOGmgA@4OqJSLJS42sTU7S-_k9b3f903bcb334978_.exe
2022-11-18 11:00 - 2022-11-18 11:00 - 000000000 ____D C:\Users\OCI\AppData\Roaming\Zoom
2022-11-18 11:00 - 2022-11-18 11:00 - 000000000 ____D C:\Users\OCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-11-18 11:00 - 2022-11-18 11:00 - 000000000 ____D C:\Users\OCI\AppData\Local\Zoom
2022-11-17 13:04 - 2022-11-17 13:04 - 010175044 _____ C:\Users\OCI\Downloads\wstg-v4.2 (1).pdf
2022-11-16 08:50 - 2022-12-05 16:25 - 000000704 _____ C:\Users\OCI\Desktop\temp.txt
2022-11-14 14:55 - 2022-12-12 21:05 - 000004172 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{CEF436DB-BC3D-4AE7-9D7D-28B4355EE9B4}
2022-11-14 14:12 - 2022-11-14 14:12 - 000049664 ____T C:\Users\OCI\Downloads\CentOS_audit.tar
2022-11-14 08:40 - 2022-11-14 08:40 - 005453100 _____ C:\Users\OCI\Downloads\Vendre la guerre - Pierre Conesa.epub

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-12 22:15 - 2022-10-19 10:12 - 000000000 ____D C:\Program Files (x86)\Google
2022-12-12 22:15 - 2022-08-09 06:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-12-12 21:06 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-12-12 21:06 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF
2022-12-12 18:16 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-12-12 18:16 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness
2022-12-12 17:41 - 2022-08-09 07:03 - 001689652 _____ C:\Windows\system32\PerfStringBackup.INI
2022-12-12 17:41 - 2019-12-07 14:49 - 000760790 _____ C:\Windows\system32\perfh00C.dat
2022-12-12 17:41 - 2019-12-07 14:49 - 000144070 _____ C:\Windows\system32\perfc00C.dat
2022-12-12 17:35 - 2022-09-21 13:33 - 000000000 ____D C:\ProgramData\VMware
2022-12-12 17:35 - 2022-08-24 17:22 - 000000000 __SHD C:\Users\OCI\IntelGraphicsProfiles
2022-12-12 17:35 - 2022-08-10 16:26 - 000000000 ____D C:\ProgramData\DockerDesktop
2022-12-12 17:35 - 2022-08-09 07:18 - 000000000 ____D C:\Intel
2022-12-12 17:35 - 2022-08-09 06:57 - 000008192 ___SH C:\DumpStack.log.tmp
2022-12-12 17:35 - 2022-08-09 06:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-12-12 17:35 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\ServiceState
2022-12-12 17:34 - 2022-11-08 10:17 - 000000000 ____D C:\Users\OCI\AppData\LocalLow\Temp
2022-12-12 17:34 - 2022-08-10 16:38 - 000000514 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2022-12-12 17:34 - 2022-08-09 07:02 - 000000000 ____D C:\Users\OCI
2022-12-12 17:34 - 2019-12-07 09:03 - 001835008 _____ C:\Windows\system32\config\BBI
2022-12-12 17:33 - 2019-12-07 09:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2022-12-12 17:33 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2022-12-12 17:21 - 2022-09-22 10:28 - 000000000 ____D C:\Users\OCI\AppData\Roaming\Code
2022-12-12 17:21 - 2022-09-22 10:27 - 000000000 ____D C:\Users\OCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2022-12-12 15:57 - 2022-08-10 16:29 - 000001575 _____ C:\Windows\system32\config\VSMIDK
2022-12-12 11:53 - 2022-09-22 09:08 - 000000000 ____D C:\Users\OCI\Documents\Tools
2022-12-12 10:56 - 2022-11-08 08:04 - 000000000 ____D C:\Users\OCI\AppData\Roaming\uTorrent
2022-12-12 08:58 - 2022-08-09 06:57 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-12-09 19:51 - 2022-10-18 17:04 - 000000000 ____D C:\Users\OCI\AppData\Roaming\vlc
2022-12-08 20:18 - 2022-10-19 10:13 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-12-08 15:24 - 2022-08-09 07:05 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4291724383-3096681415-704644627-1001
2022-12-08 15:24 - 2022-08-09 07:02 - 000002411 _____ C:\Users\OCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-12-07 15:58 - 2022-08-09 07:02 - 000000000 ____D C:\Users\OCI\AppData\Local\Packages
2022-12-07 15:24 - 2022-08-10 16:06 - 000004784 _____ C:\Windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-12-07 15:24 - 2022-08-09 06:57 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-12-05 13:24 - 2022-08-24 13:19 - 000000000 ____D C:\Users\OCI\Documents\Backups
2022-12-02 16:26 - 2022-09-21 13:34 - 000000000 ____D C:\Users\OCI\AppData\Roaming\VMware
2022-11-29 10:13 - 2022-09-21 13:34 - 000000000 ____D C:\Users\OCI\AppData\Local\VMware
2022-11-24 17:57 - 2022-08-23 18:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-11-24 09:33 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\NDF
2022-11-24 07:29 - 2022-09-26 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2022-11-24 07:29 - 2022-09-25 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-11-24 07:29 - 2022-09-25 20:36 - 000000000 ____D C:\Program Files\Java
2022-11-23 08:55 - 2022-08-10 15:57 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4291724383-3096681415-704644627-1001
2022-11-22 08:40 - 2022-09-22 14:38 - 000000000 ____D C:\Users\OCI\Documents\Red Team
2022-11-21 12:07 - 2022-11-02 13:31 - 000000000 ____D C:\Users\OCI\Documents\scripts
2022-11-21 10:22 - 2022-08-23 18:44 - 000000000 ____D C:\Users\OCI\AppData\Roaming\FileZilla
2022-11-19 17:45 - 2022-08-10 16:36 - 000000000 ____D C:\Users\OCI\AppData\Local\PlaceholderTileLogoFolder
2022-11-19 17:45 - 2022-08-09 07:02 - 000000000 ____D C:\ProgramData\Packages
2022-11-18 11:11 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp
2022-11-18 10:12 - 2022-09-26 09:47 - 000000000 ____D C:\Users\OCI\AppData\Roaming\com.adobe.dunamis
2022-11-18 08:44 - 2022-11-01 08:26 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2022-11-17 18:06 - 2022-09-26 17:06 - 000000000 ____D C:\Users\OCI\AppData\Roaming\bloodhound
2022-11-16 11:03 - 2022-10-12 16:01 - 000000000 ____D C:\Users\OCI\AppData\Local\ElevatedDiagnostics
2022-11-16 11:03 - 2022-08-09 09:49 - 000000000 ____D C:\Users\OCI\AppData\Local\D3DSCache
2022-11-15 14:54 - 2022-08-09 06:57 - 000436216 _____ C:\Windows\system32\FNTCACHE.DAT
2022-11-15 14:54 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-11-15 14:53 - 2022-08-10 16:29 - 000000000 ___SD C:\Windows\system32\lxss
2022-11-15 14:53 - 2019-12-07 14:52 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SystemResources
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\oobe
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\Dism
2022-11-15 14:53 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\bcastdvr
2022-11-14 17:48 - 2022-10-20 12:28 - 000000000 ____D C:\Users\OCI\Documents\Audits
2022-11-14 14:57 - 2019-12-07 09:14 - 000000000 ___SD C:\Windows\Downloaded Program Files
2022-11-14 10:34 - 2022-11-08 08:10 - 000000000 ____D C:\Users\OCI\AppData\Local\BitTorrentHelper
2022-11-14 08:37 - 2022-08-09 06:57 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-14 08:37 - 2022-08-09 06:57 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2022-09-21 18:52 - 2022-09-21 18:52 - 000000128 ____H () C:\Users\OCI\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2022-11-02 13:27 - 2022-11-02 13:28 - 000000149 _____ () C:\Users\OCI\AppData\Local\zenmap.exe.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additions.txt
Code: Select all
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2022
Ran by TOM (12-12-2022 22:17:19)
Running from C:\Users\TOM\Desktop
Microsoft Windows 10 Entreprise Version 22H2 19045.2251 (X64) (2022-08-09 06:58:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrateur (S-1-5-21-4291724383-3096681415-704644627-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4291724383-3096681415-704644627-503 - Limited - Disabled)
Invité (S-1-5-21-4291724383-3096681415-704644627-501 - Limited - Disabled)
TOM (S-1-5-21-4291724383-3096681415-704644627-1001 - Administrator - Enabled) => C:\Users\TOM
WDAGUtilityAccount (S-1-5-21-4291724383-3096681415-704644627-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
AccessData FTK Imager (HKLM\...\{46714B4F-795C-4AEA-B6BC-4F70BE800763}) (Version: 4.2.0.13 - AccessData)
Adobe Acrobat Reader - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 22.003.20282 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.8.2 - Angry IP Scanner)
Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version:  - Cisco Systems, Inc.)
Docker Desktop (HKLM\...\Docker Desktop) (Version: 4.11.1 - Docker Inc.)
FileZilla 3.60.2 (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\FileZilla Client) (Version: 3.60.2 - Tim Kosse)
FileZilla Server 1.5.1 (HKLM\...\FileZilla Server) (Version: 1.5.1 - Tim Kosse <tim.kosse@filezilla-project.org>)
Free Cam 8 (HKLM-x32\...\{31FACC6B-2EB0-4092-B715-FE8B8916A967}) (Version: 8.7.27159 - iSpring Solutions Inc.)
Genymotion version 3.1.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 3.1.0 - Genymobile)
Git (HKLM\...\Git_is1) (Version: 2.37.3 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 108.0.5359.99 - Google LLC)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 351 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180351F0}) (Version: 8.0.3510.10 - Oracle Corporation)
Java(TM) SE Development Kit 11.0.16.1 (64-bit) (HKLM\...\{C92DE8EA-63C2-5A16-B603-60C43057E595}) (Version: 11.0.16.1 - Oracle Corporation)
Logiciel d'archivage WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Magnet AXIOM (HKLM\...\{5945B0AF-553E-4B9B-8466-445432018FF3}}_is1) (Version: 6.6.0.33061 - Magnet Forensics Inc.)
Microsoft Access MUI (French) 2016 (HKLM-x32\...\{90160000-0015-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft DCF MUI (French) 2016 (HKLM-x32\...\{90160000-0090-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 108.0.1462.42 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 108.0.1462.46 - Microsoft Corporation)
Microsoft Excel MUI (French) 2016 (HKLM-x32\...\{90160000-0016-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (French) 2016 (HKLM-x32\...\{90160000-00BA-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (French) 2016 (HKLM-x32\...\{90160000-0044-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2016 (HKLM\...\{90160000-002A-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2016 – Deutsch (HKLM-x32\...\{90160000-001F-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (French) 2016 (HKLM-x32\...\{90160000-00E1-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (French) 2016 (HKLM-x32\...\{90160000-00E2-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professionnel Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing (French) 2016 (HKLM-x32\...\{90160000-002C-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM-x32\...\{90160000-001F-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - اللغة العربية (HKLM-x32\...\{90160000-001F-0401-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (French) 2016 (HKLM\...\{90160000-002A-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2016 (HKLM-x32\...\{90160000-006E-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\OneDriveSetup.exe) (Version: 22.232.1106.0002 - Microsoft Corporation)
Microsoft OneNote MUI (French) 2016 (HKLM-x32\...\{90160000-00A1-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (French) 2016 (HKLM-x32\...\{90160000-001A-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (French) 2016 (HKLM-x32\...\{90160000-0018-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (French) 2016 (HKLM-x32\...\{90160000-0019-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Skype for Business MUI (French) 2016 (HKLM-x32\...\{90160000-012B-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29913 (HKLM-x32\...\{572DCD10-CF2E-43D1-8151-8BD9AC9086D0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29913 (HKLM-x32\...\{6236EBBD-F50F-40B3-B819-8DB0C608308C}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.74.0 - Microsoft Corporation)
Microsoft Word MUI (French) 2016 (HKLM-x32\...\{90160000-001B-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nipper (HKLM-x32\...\NipperStudio) (Version: 2.13.0 - Titania)
Nmap 7.93 (HKLM-x32\...\Nmap) (Version: 7.93 - Nmap Project)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.71 - Nmap Project)
OpenVPN 2.5.8-I603 amd64 (HKLM\...\{4DC5E5B0-0BC0-4A2B-B118-1F2E3796E8A4}) (Version: 2.5.039 - OpenVPN, Inc.)
Oracle VM VirtualBox 6.1.36 (HKLM\...\{C4FD4C3F-BA9F-4B03-B87A-809A9D0FAFEC}) (Version: 6.1.36 - Oracle Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Postman x86_64 10.1.2 (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\Postman) (Version: 10.1.2 - Postman)
Python 3.10.7 (64-bit) (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\{c62ef944-a7c9-4646-9fc7-d9e658defc1f}) (Version: 3.10.7150.0 - Python Software Foundation)
Python 3.10.7 Add to Path (64-bit) (HKLM\...\{585A1EFD-29F6-4016-9AD0-93068F81AD0C}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Core Interpreter (64-bit) (HKLM\...\{D4C83865-A602-4834-8390-B094CAF22F71}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Development Libraries (64-bit) (HKLM\...\{C9D65557-5B19-4B9B-860E-4E5477F9B10A}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Executables (64-bit) (HKLM\...\{CE8E4C24-9C7B-447B-B974-CD8236BE09B9}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 pip Bootstrap (64-bit) (HKLM\...\{30C9588C-5E1D-479E-988A-DA38CADFA384}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Standard Library (64-bit) (HKLM\...\{08D7A4E8-F704-409B-A676-457432DA3248}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python 3.10.7 Utility Scripts (64-bit) (HKLM\...\{E1A1200C-5CC4-404B-BF93-E33C463963CD}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{96BFBDD2-78C9-42B5-9893-FABA2BB527C4}) (Version: 3.10.7917.0 - Python Software Foundation)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM-x32\...\{90160000-001F-0413-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows Subsystem for Linux Update (HKLM\...\{36EF257E-21D5-44F7-8451-07923A8C465E}) (Version: 5.10.16 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\ZoomUMX) (Version: 5.12.8 (10232) - Zoom Video Communications, Inc.)

Packages:
=========
Centre de configuration des graphiques Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-08-24] (INTEL CORP) [Startup Task]
Centre de contrôle Thunderbolt™ -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.36.0_x64__8j3eq9eme6ctt [2022-09-26] (INTEL CORP)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_2.39.278.0_x64__dt26b99r8h8gj [2022-10-22] (Realtek Semiconductor Corp)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.29.0_x64__v10z8vjag6ke6 [2022-08-24] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-16] (INTEL CORP)
Kali Linux -> C:\Program Files\WindowsApps\KaliLinux.54290C8133FEE_1.14.0.0_x64__ey8k8hqnwqnmg [2022-12-08] (Kali Linux)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-08] (Microsoft Studios) [MS Ad]
Synaptics PointStick Settings Manager – Commercial -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPCommercialStykDApp_19006.1005.0.0_x64__807d65c4rvak2 [2022-08-23] (Synaptics Incorporated)
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu_2204.1.7.0_x64__79rhkp1fndgsc [2022-11-09] (Canonical Group Limited)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_1b9744c2f44d96c2\OptaneShellExt.dll [2021-10-20] (Intel Corporation -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2022-07-10] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2022-07-10] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_1b9744c2f44d96c2\OptaneShellExt.dll [2021-10-20] (Intel Corporation -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\TOM\Documents\Backups\Linux\backup\TestCase\LabCorp\29-06-2020\outputs\files\jxplorer\JXplorer.lnk -> C:\Users\stephanie\Desktop\outputs\files\jxplorer\jxplorer.bat (No File)

==================== Loaded Modules (Whitelisted) =============

2022-08-09 07:08 - 2010-03-15 09:28 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2022-07-15 19:00 - 2022-07-15 19:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-12-12 17:35 - 2022-12-12 17:35 - 000254464 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Windows\Temp\jna--666108941\jna2381237966691031322.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_351\bin\ssv.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll [2022-11-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 09:14 - 2022-11-03 18:07 - 000001056 _____ C:\Windows\system32\drivers\etc\hosts
192.168.1.31 host.docker.internal
192.168.1.31 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal

2022-08-10 16:38 - 2022-12-12 17:34 - 000000514 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.31.32.1 MY_LAPTOP.mshome.net # 2027 12 6 11 17 34 50 353
72.21.48.1 MY_LAPTOP.mshome.net # 2027 9 2 21 18 21 4 757

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Java\jdk-11.0.16.1;C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\VMware\VMware Player\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Docker\Docker\resources\bin;C:\ProgramData\DockerDesktop\version-bin;C:\Program Files\Git\cmd;C:\Users\TOM\Documents\Tools\Zimmerman;
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\c.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
OpenVPN Wintun: VMware Bridge Protocol -> vmware_bridge (enabled) 
OpenVPN Wintun: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network #2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network #2: VMware Bridge Protocol -> vmware_bridge (enabled) 
VirtualBox Host-Only Network #2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
OpenVPN TAP-Windows6: VMware Bridge Protocol -> vmware_bridge (enabled) 
OpenVPN TAP-Windows6: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
OpenVPN TAP-Windows6: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network: VMware Bridge Protocol -> vmware_bridge (enabled) 
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\StartupApproved\StartupFolder: => "Envoyer * OneNote.lnk<*>"
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\StartupApproved\Run: => "Docker Desktop"
HKU\S-1-5-21-4291724383-3096681415-704644627-1001\...\StartupApproved\Run: => "ut"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48F8AD51-915C-4B2F-8E35-1CD1D01644F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90B43D50-41E3-4E9A-B967-72C8FCD56120}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{92187504-99F7-49B3-8973-AE5B2A23988A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{872C29EA-EB7C-4B47-A96B-D1BCBDD46032}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D47E19A0-EF83-4416-AE3C-B9BF48315708}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [File not signed]
FirewallRules: [UDP Query User{4C1D0FDD-C484-4CB0-A268-0743EB350094}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [File not signed]
FirewallRules: [{A27F14C8-B43C-49DF-8A4D-0F96AEB19FEE}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{4D51F720-0B36-4BF7-B082-D389164852C8}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{D8A93E84-3987-42BE-A05A-0002CEB8FF82}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{086886C4-C34C-4994-BD23-BB49F7B8C851}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{83E28FCD-C95C-4D65-A81C-01326E3D0EF4}C:\program files\python\python310\python.exe] => (Allow) C:\program files\python\python310\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [UDP Query User{A5EFB03D-5E21-4A43-A6A9-5CF5A1960898}C:\program files\python\python310\python.exe] => (Allow) C:\program files\python\python310\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [{9E77B729-43A7-4738-AC79-9FA819458491}] => (Allow) C:\Users\TOM\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{99149935-F5D4-4141-85D3-A933BC30A0DF}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [File not signed]
FirewallRules: [UDP Query User{B3A0C955-0C14-4139-BD8F-C3D7604F41EB}C:\program files\filezilla server\filezilla-server.exe] => (Allow) C:\program files\filezilla server\filezilla-server.exe (FileZilla Project) [File not signed]
FirewallRules: [TCP Query User{6698CC05-5DB2-42C9-862A-CB2FC0841AFB}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe () [File not signed]
FirewallRules: [UDP Query User{6BA7C7F2-F0C2-44D0-A5E9-1D56CAF1BC3E}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe () [File not signed]
FirewallRules: [{5CF58141-8C9B-4F49-9DF8-6ED4C94A5B31}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ECB5373A-FC9E-4AEA-9573-BB91248E15D1}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F1CEA2E-9C64-4032-A6B6-C508B7AD4F49}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DE1E5E48-4C9F-452D-AA47-F570EC53768A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E6844EE0-13F1-4EF9-9A19-A95D87D307AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00325AC6-6DE6-483A-BDDE-76D0A2EE42C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:930.89 GB) (Free:643.82 GB) (69%)

==================== Faulty Device Manager Devices ============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter #2
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Wintun Userspace Tunnel
Description: Wintun Userspace Tunnel
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WireGuard LLC
Service: wintun
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/12/2022 05:34:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours.
.

Error: (12/12/2022 05:34:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours.
]

Error: (12/12/2022 05:34:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours.
.

Error: (12/12/2022 05:34:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours.
]

Error: (12/08/2022 12:35:48 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Échec de l’acquisition d’un ticket authentique (hr=0x80072EFD) pour l’Id de modèle {99d92734-d682-4d71-983e-d6ec3f16059f}

Error: (12/08/2022 12:35:48 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Détails de l’échec d’acquisition de la licence. 
hr=0x80072EFD

Error: (12/06/2022 03:28:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme explorer.exe version 10.0.19041.2193 a cessé d'interagir avec Windows et a été fermé. Pour voir si plus d'informations sur le problème sont disponibles, vérifiez l'historique des problèmes dans le Panneau de configuration Sécurité et maintenance.

ID de processus : 5284

Heure de début : 01d905a0d642a757

Heure d'arrêt : 0

Chemin d'accès à l'application : C:\Windows\explorer.exe

ID de rapport : 35baf412-8b18-42df-9967-831fd6011135

Nom complet du package défectueux : 

ID de l'application relative à un package défectueux : 

Type de blocage : Unknown

Error: (12/01/2022 12:35:36 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Échec de l’acquisition d’un ticket authentique (hr=0x80072EFD) pour l’Id de modèle {99d92734-d682-4d71-983e-d6ec3f16059f}


System errors:
=============
Error: (12/12/2022 09:21:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Client de stratégie de groupe n’a pas pu démarrer en raison de l’erreur : 
Le service n’a pas répondu assez vite à la demande de lancement ou de contrôle.

Error: (12/12/2022 09:21:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Client de stratégie de groupe.

Error: (12/12/2022 06:16:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80073d02 : 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (12/12/2022 05:42:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service eapihdrv n’a pas pu démarrer en raison de l’erreur : 
Le chargement du pilote a été bloqué

Error: (12/12/2022 05:42:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\TOM\AppData\Local\Temp\ehdrv.sys

Error: (12/12/2022 05:42:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service eapihdrv n’a pas pu démarrer en raison de l’erreur : 
Le chargement du pilote a été bloqué

Error: (12/12/2022 05:42:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\TOM\AppData\Local\Temp\ehdrv.sys

Error: (12/12/2022 05:42:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service eapihdrv n’a pas pu démarrer en raison de l’erreur : 
Le chargement du pilote a été bloqué


Windows Defender:
================
Date: 2022-12-12 18:45:55
Description: 
Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Mimikatz&threatid=2147686744&enterprise=0
Nom : HackTool:Win32/Mimikatz
ID : 2147686744
Gravité : Élevée
Catégorie : Outil
Chemin : file:_C:\Users\TOM\Documents\Backups\Windows\AUDITS\mimikatz\mimikatz.exe
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : MY_LAPTOP\TOM
Nom du processus : C:\Users\TOM\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Version de la veille de sécurité : AV: 1.381.337.0, AS: 1.381.337.0, NIS: 1.381.337.0
Version du moteur : AM: 1.1.19900.2, NIS: 1.1.19900.2

Date: 2022-12-12 18:45:55
Description: 
Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/LsassDump.A&threatid=2147816345&enterprise=0
Nom : Trojan:Win32/LsassDump.A
ID : 2147816345
Gravité : Grave
Catégorie : Cheval de Troie
Chemin : file:_C:\Users\TOM\Documents\Backups\Windows\AUDITS\mimikatz\lsass.dmp
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : MY_LAPTOP\TOM
Nom du processus : C:\Users\TOM\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Version de la veille de sécurité : AV: 1.381.337.0, AS: 1.381.337.0, NIS: 1.381.337.0
Version du moteur : AM: 1.1.19900.2, NIS: 1.1.19900.2

Date: 2022-12-12 18:44:15
Description: 
Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Linux/ConnectBack.A!xp&threatid=2147794759&enterprise=0
Nom : Backdoor:Linux/ConnectBack.A!xp
ID : 2147794759
Gravité : Grave
Catégorie : Porte dérobée
Chemin : file:_C:\Users\TOM\Documents\Backups\Linux\backup\Redteam\jmx-config
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : MY_LAPTOP\TOM
Nom du processus : C:\Users\TOM\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Version de la veille de sécurité : AV: 1.381.337.0, AS: 1.381.337.0, NIS: 1.381.337.0
Version du moteur : AM: 1.1.19900.2, NIS: 1.1.19900.2

Date: 2022-12-12 18:44:12
Description: 
Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Java/JNDIExploit.A!MTB&threatid=2147831236&enterprise=0
Nom : HackTool:Java/JNDIExploit.A!MTB
ID : 2147831236
Gravité : Élevée
Catégorie : Outil
Chemin : file:_C:\Users\TOM\Documents\Backups\Linux\backup\Redteam\04-05-2022\log4shell\JNDIExploit-1.2-SNAPSHOT.jar
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : MY_LAPTOP\TOM
Nom du processus : C:\Users\TOM\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Version de la veille de sécurité : AV: 1.381.337.0, AS: 1.381.337.0, NIS: 1.381.337.0
Version du moteur : AM: 1.1.19900.2, NIS: 1.1.19900.2

Date: 2022-12-12 18:08:14
Description: 
Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:PowerShell/BloodHound.G!MSR&threatid=2147762961&enterprise=0
Nom : HackTool:PowerShell/BloodHound.G!MSR
ID : 2147762961
Gravité : Élevée
Catégorie : Outil
Chemin : file:_C:\Users\TOM\Documents\Backups\Linux\backup\AuditsTOM\Douanes\SharpHound.ps1
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : MY_LAPTOP\TOM
Nom du processus : C:\Users\TOM\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Version de la veille de sécurité : AV: 1.381.337.0, AS: 1.381.337.0, NIS: 1.381.337.0
Version du moteur : AM: 1.1.19900.2, NIS: 1.1.19900.2
Event[0]:

Date: 2022-12-09 09:26:28
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:28
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Logiciel anti-espion
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:28
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:23
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Anti-virus
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

Date: 2022-12-09 09:26:23
Description: 
Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité.
Nouvelle version de la veille de sécurité : 
Version précédente de la veille de sécurité : 1.381.75.0
Source de mise à jour : Centre de protection Microsoft contre les logiciels malveillants
Type de veille de sécurité : Logiciel anti-espion
Type de mise à jour : Complet
Utilisateur : AUTORITE NT\SERVICE RÉSEAU
Version actuelle du moteur : 
Version précédente du moteur : 1.1.19900.2
Code d’erreur : 0x80072efd
Description de l’erreur : Impossible d’établir une connexion avec le serveur 

CodeIntegrity:
===============
Date: 2022-12-12 21:08:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_33a6982ac1e20313\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-12-12 09:05:31
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-12-12 08:47:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_33a6982ac1e20313\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

BIOS: HP T37 Ver. 01.10.00 07/15/2022
Motherboard: HP 8AB8
Processor: 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz
Percentage of memory in use: 43%
Total physical RAM: 32448.21 MB
Available physical RAM: 18197.77 MB
Total Virtual: 37312.21 MB
Available Virtual: 23285.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.89 GB) (Free:643.82 GB) (Model: KINGSTON SNVS1000GB) NTFS

\\?\Volume{1fac8aa4-ea46-47c8-a2a1-40d56c8ac893}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{f2a9c796-48fc-4fde-bc26-1b9830efe024}\ () (Fixed) (Total:0.09 GB) (Free:0.02 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
Johndoe225
Active Member
 
Posts: 12
Joined: June 21st, 2019, 3:17 pm

Re: Infected by malware named Black Sky

Unread postby Gary R » December 13th, 2022, 2:03 am

Questions .....

Did you install Docker ?
Have you tried to change your Desktop background back to something of your choosing since you ran E-set ? If so, what was the result.

Next ...

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include Code: Select All ) .....
Code: Select all
VirusTotal:C:\Program Files\Docker\Docker\com.docker.service;C:\Program Files\Docker\Docker\Docker Desktop.exe;C:\Users\OCI\Desktop\temp.txt;C:\Windows\Temp\jna--666108941\jna2381237966691031322.dll

Folder:C:\ProgramData\DockerDesktop;C:\Users\OCI\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6

Hosts:

  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

  • Download ... ADWCleaner
  • Follow these ... Instructions ... for how to use it.
    • Do not select any of your pre-installed programs for removal
  • Please post me a copy of the logfile produced.
    • Click on the Log Files tab
    • Double click on the logfile listed and it will open in Notepad
    • Copy/paste it in your next reply
User avatar
Gary R
Administrator
Administrator
 
Posts: 25741
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected by malware named Black Sky

Unread postby Johndoe225 » December 13th, 2022, 4:11 am

Hello Gary,

Did you install Docker ?

Yes I did. I have Docker Desktop on my laptop for my lab projects.

Have you tried to change your Desktop background back to something of your choosing since you ran E-set ? If so, what was the result.

No I have not. Shall I do it ?

Fixlog.txt
Code: Select all
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2022
Ran by TOM (13-12-2022 08:04:25) Run:2
Running from C:\Users\TOM\Desktop
Loaded Profiles: TOM
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal:C:\Program Files\Docker\Docker\com.docker.service;C:\Program Files\Docker\Docker\Docker Desktop.exe;C:\Users\TOM\Desktop\temp.txt;C:\Windows\Temp\jna--666108941\jna2381237966691031322.dll

Folder:C:\ProgramData\DockerDesktop;C:\Users\TOM\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6

Hosts:
*****************

VirusTotal: C:\Program Files\Docker\Docker\com.docker.service => https://www.virustotal.com/gui/file/0f7d57df2750e435c1e4fe2c898b397b9599384ab461bc68722d0feaecff40a2/detection/f-0f7d57df2750e435c1e4fe2c898b397b9599384ab461bc68722d0feaecff40a2-1667797312
VirusTotal: C:\Program Files\Docker\Docker\Docker Desktop.exe => https://www.virustotal.com/gui/file/2f34dcce7c687180f4112e4ca08e4f9e2e8da1e033d9d874c4c7ae35d9d14f48/detection/f-2f34dcce7c687180f4112e4ca08e4f9e2e8da1e033d9d874c4c7ae35d9d14f48-1670198676
VirusTotal: C:\Users\TOM\Desktop\temp.txt => https://www.virustotal.com/gui/file/c7fef4c4b3847d6bb630e8c105d8930e89082f7cbd291b02da7ae8a39d10c9b3/detection/f-c7fef4c4b3847d6bb630e8c105d8930e89082f7cbd291b02da7ae8a39d10c9b3-1670918670
VirusTotal: C:\Windows\Temp\jna--666108941\jna2381237966691031322.dll => https://www.virustotal.com/gui/file/76f19b52423774932831dcba0596989ec56213f9b217a0432fbc122f99704a2a/detection/f-76f19b52423774932831dcba0596989ec56213f9b217a0432fbc122f99704a2a-1670918671

========================= Folder:C:\ProgramData\DockerDesktop;C:\Users\TOM\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6 ========================

not found.

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

==== End of Fixlog 08:04:29 ====


ADWcleaner logs
Code: Select all
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-13-2022
# Duration: 00:00:06
# OS:       Windows 10 (Build 19045.2251)
# Scanned:  32083
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT 
Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} 



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Johndoe225
Active Member
 
Posts: 12
Joined: June 21st, 2019, 3:17 pm

Re: Infected by malware named Black Sky

Unread postby Gary R » December 13th, 2022, 10:56 am

Everything's looking clean, so try resetting your Desktop background, and let me know whether you were able to do it or not.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25741
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected by malware named Black Sky

Unread postby Johndoe225 » December 13th, 2022, 11:43 am

Gary R wrote:Everything's looking clean, so try resetting your Desktop background, and let me know whether you were able to do it or not.


Hello Gary,

I did restart the desktop background. It was a success
I restarted the Laptop and it was fine.

I deleted the images located at :
- %AppData%\Microsoft\Windows\Themes\CachedFiles
- C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\c.bmp
Johndoe225
Active Member
 
Posts: 12
Joined: June 21st, 2019, 3:17 pm

Re: Infected by malware named Black Sky

Unread postby Gary R » December 13th, 2022, 6:08 pm

In that case, looks like your machine is clean of infection.

If I were you I'd run it for a couple of days to check everything is working the way it should, and if it is, then ....

To uninstall FRST and remove all its files, please do the following ...

  • Rename FRST64.exe to Uninstall.exe
  • Double click on Uninstall.exe to launch it.
    • Your computer will reboot, and on reboot will remove FRST and all its files.

To remove ADWCleaner ...
  • Double click AdwCleaner.exe to run it.
  • Click Settings
  • Scroll down and click Remove.
  • AdwCleaner will close and uninstall itself, it will also remove any files it quarantined.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25741
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected by malware named Black Sky

Unread postby Johndoe225 » December 14th, 2022, 6:38 am

Hello Gary,

Thank you so much !
You've been really really helpful. I was worried.

Best regards
Johndoe225
Active Member
 
Posts: 12
Joined: June 21st, 2019, 3:17 pm

Re: Infected by malware named Black Sky

Unread postby Gary R » December 14th, 2022, 9:22 am

You're welcome. Glad we could help.

Hope you have a very Merry Christmas.

As we now appear to have resolved everything ....

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 25741
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware