search

dragokas / hijackthis

A free utility that finds malware, adware and other security threats
http://hjt.sf.net
GNU General Public License v2.0
699 stars 112 forks source link

suspicion de malware dans mon pc #178

Closed hugh33 closed 2 years ago

hugh33 commented 2 years ago

bonjour, j'ai reçu un mail avec mon mdp de messagerie et une demande de rançon de 500$ donc, je me demande si j'ai vraiment été piraté, voici le compte rendu Hijack Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13

Platform: x64 Windows 10 (Home), 10.0.19043.1586 (ReleaseId: 2009, 21H1), Service Pack: 0 Time: 09.04.2022 - 14:03 (UTC+02:00) Language: OS: French (0x40C). Display: French (0x40C). Non-Unicode: French (0x40C) Elevated: Yes Ran by: Utilisateur (group: Administrators) on UTILISATEUR-PC, FirstRun: yes

Chrome: 100.0.4896.75 Firefox: 91.3.0.7971 Internet Explorer: 11.0.19041.1566 Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge)

Boot mode: Normal

Processus en cours: Nombre | Chemin 7 C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe 1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe 1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe 7 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 12 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe 1 C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe 1 C:\Program Files (x86)\Ralink\Common\RaRegistry.exe 1 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe 1 C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe 1 C:\Program Files\AVAST Software\Avast\aswidsagent.exe 1 C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe 1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe 4 C:\Program Files\AVAST Software\Avast\AvastUI.exe 1 C:\Program Files\AVAST Software\Avast\wsc_proxy.exe 1 C:\Program Files\AVAST Software\Cleanup\AvBugReport.exe 1 C:\Program Files\AVAST Software\Cleanup\TuneupSvc.exe 4 C:\Program Files\AVAST Software\Cleanup\TuneupUI.exe 2 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe 1 C:\Program Files\Windows Media Player\wmpnetwk.exe 2 C:\Users\Utilisateur\AppData\Local\Dropbox\Update\DropboxUpdate.exe 1 C:\Users\Utilisateur\AppData\Local\Dropbox\Update\Install{221530B7-A90D-4DE6-A73E-965537AE9216}\DropboxClient_145.4.4921.exe 1 C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\22.055.0313.0001\Microsoft.SharePoint.exe 1 C:\Users\Utilisateur\Downloads\HiJackThis(1).exe 1 C:\Windows\explorer.exe 1 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 1 C:\Windows\System32\audiodg.exe 2 C:\Windows\System32\CompatTelRunner.exe 1 C:\Windows\System32\CompPkgSrv.exe 3 C:\Windows\System32\conhost.exe 2 C:\Windows\System32\csrss.exe 1 C:\Windows\System32\ctfmon.exe 1 C:\Windows\System32\dasHost.exe 1 C:\Windows\System32\dllhost.exe 2 C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_cc1a5d7d67a7b51d\Display.NvContainer\NVDisplay.Container.exe 1 C:\Windows\System32\dwm.exe 2 C:\Windows\System32\fontdrvhost.exe 1 C:\Windows\System32\lsass.exe 1 C:\Windows\System32\MoUsoCoreWorker.exe 1 C:\Windows\System32\mqsvc.exe 1 C:\Windows\System32\oobe\UserOOBEBroker.exe 4 C:\Windows\System32\RuntimeBroker.exe 1 C:\Windows\System32\SearchFilterHost.exe 1 C:\Windows\System32\SearchIndexer.exe 1 C:\Windows\System32\SearchProtocolHost.exe 1 C:\Windows\System32\SecurityHealthService.exe 1 C:\Windows\System32\services.exe 1 C:\Windows\System32\SgrmBroker.exe 1 C:\Windows\System32\sihost.exe 1 C:\Windows\System32\smartscreen.exe 1 C:\Windows\System32\smss.exe 1 C:\Windows\System32\snmp.exe 1 C:\Windows\System32\spoolsv.exe 76 C:\Windows\System32\svchost.exe 1 C:\Windows\System32\taskhostw.exe 1 C:\Windows\System32\wbem\unsecapp.exe 1 C:\Windows\System32\wbem\WmiPrvSE.exe 1 C:\Windows\System32\wininit.exe 1 C:\Windows\System32\winlogon.exe 1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe 1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe 1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.bing.com/?pc=COS2&ptag=D111420-A21ABFDD9D88F4162B1F&form=CONMHP&conlogo=CT3332016 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = view-localhost R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [SuggestionsURL] = https://www.bing.com/osjson.aspx?query={searchTerms} - Bing R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: [SuggestionsURLFallback] = http://api.bing.com/qsml.aspx?query={searchTerms}&market={Language}&pc=AV01&form=AVASDF&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeigh - Microsoft (Bing) O2 - HKLM..\BHO: 24365fa5db744bf7bf434334da0778c60065779 - {11111111-1111-1111-1111-110611571179} - (no file) O2 - HKLM..\BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll O2 - HKLM..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - HKLM..\BHO: CrossriderApp0054253 - {11111111-1111-1111-1111-110511421153} - (no file) O2 - HKLM..\BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll O2-32 - HKLM..\BHO: 24365fa5db744bf7bf434334da0778c60065779 - {11111111-1111-1111-1111-110611571179} - (no file) O2-32 - HKLM..\BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll O2-32 - HKLM..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2-32 - HKLM..\BHO: CrossriderApp0054253 - {11111111-1111-1111-1111-110511421153} - (no file) O2-32 - HKLM..\BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2-32 - HKLM..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll O2-32 - HKLM..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll O3 - HKLM..\Toolbar: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file) O3 - HKLM..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - HKLM..\Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll O3-32 - HKLM..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3-32 - HKLM..\Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKCU..\Run: [MicrosoftEdgeAutoLaunch_214C468C1C6DF33CE795C9511217D27D] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 O4 - HKCU..\StartupApproved\Run: [CyberGhost] = C:\Program Files\CyberGhost 8\Dashboard.exe /autostart /min (2022/04/08) O4 - HKCU..\StartupApproved\Run: [Dropbox Update] = C:\Users\Utilisateur\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c (2017/05/01) O4 - HKCU..\StartupApproved\Run: [iCloudDrive] = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (2017/05/01) O4 - HKCU..\StartupApproved\Run: [iCloudServices] = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (2017/05/01) O4 - HKCU..\StartupApproved\Run: [OneDrive] = C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2018/11/01) O4 - HKCU..\StartupApproved\Run: [Skype for Desktop] = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (2020/12/16) O4 - HKCU..\StartupApproved\StartupFolder: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr (2022/03/13) O4 - HKLM..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui O4 - HKLM..\Run: [TuneupUI.exe] = C:\Program Files\Avast Software\Cleanup\TuneupUI.exe /nogui O4 - HKLM..\Session Manager: [BootExecute] = autocheck autochk (file missing) O4 - HKLM..\Session Manager: [BootExecute] = C:\WINDOWS\system32\autochk.exe /p \??\G: (Microsoft) O4 - HKLM..\StartupApproved\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe (2017/05/07) O4 - HKLM..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s (2021/12/13) O4 - HKLM..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2018/11/01) O4 - HKLM..\StartupApproved\Run32: [Aimersoft Helper Compact.exe] = C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (2018/11/01) O4 - HKLM..\StartupApproved\Run32: [AirBackupHelper] = C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe (2018/11/01) O4 - HKLM..\StartupApproved\Run32: [APSDaemon] = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (2018/11/01) O4 - HKLM..\StartupApproved\Run32: [CanonQuickMenu] = C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon (2017/05/01) O4 - HKLM..\StartupApproved\Run32: [CompeGPSDev] = C:\Program Files (x86)\TwoNav Land\CompeGPSDev.exe -cie "C:\Program Files (x86)\TwoNav Land\CompeGPSDev.bat" (2018/11/01) O4 - HKLM..\StartupApproved\Run32: [DivXMediaServer] = C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (2018/11/01) O4 - HKLM..\StartupApproved\Run32: [DivXUpdate] = C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW (2017/05/01) O4 - HKLM..\StartupApproved\Run32: [EverioService] = C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe (2018/11/01) O4 - HKLM..\StartupApproved\Run32: [IJNetworkScannerSelectorEX] = C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE (2018/11/01) O4 - HKLM..\StartupApproved\Run32: [Live Update] = C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER (2020/12/16) O4 - HKLM..\StartupApproved\Run32: [MSIRegister] = C:\MSI\MSIRegister\MSIRegister.exe (2020/12/16) O4 - HKLM..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2021/12/13) O4 - HKLM..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe -s (2020/12/16) O4 - HKLM..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station pour Livebox.lnk -> C:\Program Files (x86)\Hercules\WiFi Station pour Livebox\WiFiLB.exe -s (2020/12/16) O4 - HKU\S-1-5-19..\StartupApproved\Run: [OneDriveSetup] = C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (2021/12/13) O4 - HKU\S-1-5-20..\StartupApproved\Run: [OneDriveSetup] = C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (2021/12/13) O4 - Startup: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup O5 - Applet: C:\WINDOWS\SysWOW64\DivXControlPanelApplet.cpl (Sign: 'DivX, LLC') O7 - TroubleShooting: (EV) HKLM..\Environment: [PSModulePath] = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ O15 - Trusted Zone: .localhost O15 - Trusted Zone: http://webcompanion.com O15 - Trusted Zone: https://biscuitsbouvard-files.sharepoint.com O15 - Trusted Zone: https://biscuitsbouvard-myfiles.sharepoint.com O16-32 - DPF: HKLM..{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation: (no name) [CODEBASE] = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - DHCP DNS 1: 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip..{98e9de6f-0cec-4e67-91e2-fbfcef04fd9b}: [NameServer] = 10.0.0.243 O18 - HKLM\Software\Classes\Protocols\Handler\wlpg: [CLSID] = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Google\Drive\googledrivesync64.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ - C:\Program Files\AVAST Software\Avast\ashShell.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ - C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.52.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ - C:\Program Files\AVAST Software\Avast\x86\ashShell.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ - C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt.52.0.dll O22 - BITS Job: (download) {37B451DF-FB37-4A81-8C46-2050ED4BEA0F} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/97.0.1/update/win64/fr/firefox-97.0-97.0.1.partial.mar -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\updates\downloading\update.mar O22 - BITS Job: (download) {5A0A04CA-7CEB-4668-95F3-06C36160823D} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/98.0/update/win64/fr/firefox-97.0.2-98.0.partial.mar -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\updates\downloading\update.mar O22 - BITS Job: (download) {829E8A13-5DCA-4970-B928-CDE87EA0A3BD} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/96.0.2/update/win64/fr/firefox-96.0.1-96.0.2.partial.mar -> C:\ProgramData\Mozilla\updates\E7CF176E110C211B\updates\downloading\update.mar O22 - BITS Job: (download) {C083DC5B-5817-4DB0-8EC2-806230CA34B5} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/96.0.3/update/win64/fr/firefox-96.0.2-96.0.3.partial.mar -> C:\ProgramData\Mozilla\updates\E7CF176E110C211B\updates\downloading\update.mar O22 - BITS Job: Fix all (including legit) O22 - Task (.job): DropboxUpdateTaskUserS-1-5-21-3717486734-2063140306-1105771252-1000Core.job - C:\Users\Utilisateur\AppData\Local\Dropbox\Update\DropboxUpdate.exe O22 - Task (.job): DropboxUpdateTaskUserS-1-5-21-3717486734-2063140306-1105771252-1000UA.job - C:\Users\Utilisateur\AppData\Local\Dropbox\Update\DropboxUpdate.exe O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1883EC1B-6887-4541-80CF-AC8BD85C429D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{27FB6008-B0B6-4B9F-846C-117D2F200E2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3B2008AB-76E7-4333-B1BC-2B8E9B01136A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3E7DD53D-2D01-4725-B9CD-79F37C902D5E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6A63455E-88F9-4105-AB02-FCB4A35792D8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7E3F05D6-EAB2-435E-9DDE-418BB16CB613} - \Microsoft\Windows\Setup\gwx\launchtrayprocess (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B61CEA6F-04AD-4FBB-91DD-754AE5B9D99D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F603DB69-86DD-462F-A9D5-4640346C7772} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F9C6F3AF-F2BB-48D5-AF86-D2128F3571EA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FBC7697B-1C3B-41C5-A9B5-6650E6F67FB5} - \Microsoft\Windows\UNP\RunCampaignManager (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FBC7697B-1C3B-41C5-A9B5-6650E6F67FB5} (no key) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FF2F0F55-5E24-4781-AEDB-C6C3C484708F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FF91C3B2-D35A-4A78-AF95-3E646085509E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig (no xml) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software (empty) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy (empty) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD (empty) O22 - Task: (disabled) (telemetry) \Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft) O22 - Task: (disabled) (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft) O22 - Task: (disabled) (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft) O22 - Task: (disabled) \Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing) O22 - Task: (disabled) \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /RestartRecording (file missing) O22 - Task: (disabled) \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor - {EA9155A3-8A39-40B4-8963-D3C761B18371} - (no file) O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file) O22 - Task: (disabled) \Microsoft\Windows\Shell\WindowsParentalControls - {DFA14C43-F385-4170-99CC-1B7765FA0E4A} - (no file) O22 - Task: (disabled) \Microsoft\Windows\Shell\WindowsParentalControlsMigration - {343D770D-7788-47C2-B62A-B7C4CED925CB} - (no file) O22 - Task: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file) O22 - Task: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDFE067B1} - (no file) O22 - Task: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file) O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\WaaSMedic\MaintenanceWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},MaintenanceWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft) O22 - Task: (disabled) Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O22 - Task: (disabled) DropboxUpdateTaskUserS-1-5-21-3717486734-2063140306-1105771252-1000Core - C:\Users\Utilisateur\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c O22 - Task: (disabled) DropboxUpdateTaskUserS-1-5-21-3717486734-2063140306-1105771252-1000UA - C:\Users\Utilisateur\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft) O22 - Task: (telemetry) NvTmMon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe O22 - Task: (telemetry) NvTmRep{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe O22 - Task: (telemetry) NvTmRepCR1{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim O22 - Task: (telemetry) NvTmRepCR2{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim O22 - Task: (telemetry) NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim O22 - Task: \AVAST Software\Avast Cleanup BugReport - C:\Program Files\Avast Software\Cleanup\AvBugReport.exe --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 80c8db2d-a811-40c7-a924-7e2bc54991de O22 - Task: \AVAST Software\Avast Cleanup Update - C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent O22 - Task: \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (file missing) O22 - Task: \AVAST Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file) O22 - Task: \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing) O22 - Task: \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing) O22 - Task: \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing) O22 - Task: \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing) O22 - Task: \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing) O22 - Task: \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing) O22 - Task: \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\WINDOWS\ehome\mcupdate -crl -hms -pscn 15 (file missing) O22 - Task: \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (file missing) O22 - Task: \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (file missing) O22 - Task: \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing) O22 - Task: \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing) O22 - Task: \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing) O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing) O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing) O22 - Task: \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (file missing) O22 - Task: \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (file missing) O22 - Task: \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing) O22 - Task: \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing) O22 - Task: \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (file missing) O22 - Task: \Microsoft\Windows\Media Center\StartRecording - C:\WINDOWS\ehome\ehrec /StartRecording (file missing) O22 - Task: \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing) O22 - Task: \Microsoft\Windows\MobilePC\HotStart - {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} - (no file) O22 - Task: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - (no file) O22 - Task: \Microsoft\Windows\SideShow\GadgetManager - {FF87090D-4A9A-4F47-879B-29A80C355D61},$(Arg0) - (no file) O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" O22 - Task: \Microsoft\Windows\Tcpip\IpAddressConflict1 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem (Microsoft) O22 - Task: \Microsoft\Windows\Tcpip\IpAddressConflict2 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem (Microsoft) O22 - Task: \Mozilla\Firefox Background Update E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate O22 - Task: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B" O22 - Task: {2A084F41-11BF-4B6D-B2B4-8AE5FC5DD23A} - C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Dell V310-V510 Series\Install\x64\instgui.exe" -d "C:\Program Files\Dell V310-V510 Series\Install\x64" -c /u MODEL="V310 Series" PRODUCTCODE="44431DW" O22 - Task: {3AE8BD8D-72DD-41E9-8804-A928FFAA173F} - C:\Windows\system32\pcalua.exe -a C:\Users\Utilisateur\Documents\epson374984eu.exe -d C:\Users\Utilisateur\Documents O22 - Task: {54CF63B3-EB70-4554-B432-1956BF5FF74E} - C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\WinRAR\WinRAR.exe" -d "C:\Program Files (x86)\Mozilla Firefox" -c "C:\Users\UTILIS~1\AppData\Local\Temp\VirtualDub-1.9.11-AMD64.zip" O22 - Task: {D930B98F-6313-4EE1-8579-6A37CD71EAC1} - C:\Windows\system32\pcalua.exe -a "D:\winzip winrar win ace win image +key +patch fr +\winzip winrar win ace win image +key +patch fr +\WINRAR\WinRAR.v3.10.+.Crack.Fr.exe" -d "D:\winzip winrar win ace win image +key +patch fr +\winzip winrar win ace win image +key +patch fr +\WINRAR" O22 - Task: Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe O22 - Task: Avast Secure Browser Heartbeat Task (Hourly) - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly O22 - Task: Avast Secure Browser Heartbeat Task (Logon) - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon O22 - Task: avastBCLRestartS-1-5-21-3717486734-2063140306-1105771252-1000 - C:\Program Files (x86)\Mozilla Firefox\firefox.exe O22 - Task: AvastUpdateTaskMachineCore - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c O22 - Task: AvastUpdateTaskMachineUA - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler O22 - Task: DriverUpdate Scan - C:\Program Files\DriverUpdate\DriverUpdate.exe scheduled (file missing) O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler O22 - Task: MacsFanControl - C:\Program Files (x86)\Macs Fan Control\MacsFanControl.exe /minimized (file missing) O22 - Task: NvBatteryBoostCheckOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log O22 - Task: NvDriverUpdateCheckDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log O22 - Task: NVIDIA GeForce Experience SelfUpdate{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe O22 - Task: NvNodeLauncher{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler O22 - Task: NvProfileUpdaterDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe O22 - Task: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe O22 - Task: OneDrive Reporting Task-S-1-5-21-3717486734-2063140306-1105771252-1000 - C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe /runassvc O23 - Service R2: Avast Cleanup - (CleanupPSvc) - C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe O23 - Service R2: Avast Tools - (avast! Tools) - C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe /runassvc O23 - Service R2: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc /rpcserver O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_cc1a5d7d67a7b51d\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_cc1a5d7d67a7b51d\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r O23 - Service R2: RalinkRegistryWriter - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe O23 - Service R2: RalinkRegistryWriter64 - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe O23 - Service R2: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service S2: Service %1!s! Update (avast) - (avast) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc O23 - Service S2: Service Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc O23 - Service S3: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) - (AvastSecureBrowserElevationService) - C:\Program Files (x86)\AVAST Software\Browser\Application\99.0.15399.85\elevation_service.exe O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.75\elevation_service.exe O23 - Service S3: Google Software Updater - (gusvc) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" O23 - Service S3: Service %1!s! Update (avastm) - (avastm) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc O23 - Service S3: Service Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc

-- End of file - Time spent: 162,2 sec. - 69418 bytes, CRC32: FFFFFFFF. Sign: 婼ḕ

merci pour vos réponses. Hugues

dragokas commented 2 years ago

Hi, hugh33 We only speaking here on English, Russian and Ukrainian languages. Please, use appropriate one if you want to get support. Thanks for understanding.

If you need our assistance:

Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics. Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook.

hugh33 commented 2 years ago

hello, I received an email with my password and a ransom demand of $500 so I wonder if I was really hacked, here is the Hijack report [HiJackThis log is removed]

thanks for your aid.

Hugues

dragokas commented 2 years ago

This is not the log we requested. Please, read the above post carefully. Follow the links. There are screenshots explaining.

hugh33 commented 2 years ago

Ok thanks

Hugues.

Le 9 avr. 2022 à 18:10, Stanislav Polshyn @.***> a écrit :

This is not the log we requested. Please, read the above post carefully. Follow the links. There are screenshots explaining.

dragokas commented 2 years ago

Closed. Reason: no answer for 10 days. If you still need our help, please, execute the last steps, requested by a helper. Also, download again AutoLogger, prepare new CollectionLog, and write what problems remained.