Publicité
Publicité
Format du document : text/plain
Prévisualisation
start
CloseProcesses:
CreateRestorePoint:
(Akamai Technologies, Inc.) C:\Users\franc\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\franc\AppData\Local\Akamai\netsession_win.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2037816613-978093755-3470329968-1001\...\Run: [Akamai NetSession Interface] => C:\Users\franc\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2037816613-978093755-3470329968-1001\...\Run: [Browser Extensions] => C:\Users\franc\AppData\Roaming\BrowserExtensions\BEHelper.exe [553968 2015-11-27] ()
BootExecute: autocheck autochk * sdnclean64.exe
HKU\S-1-5-21-2037816613-978093755-3470329968-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/?type=715483&fr=spigot-yhp-ie
SearchScopes: HKU\S-1-5-21-2037816613-978093755-3470329968-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ggbg_15_52¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtDzyyEyCyByB0CtB0Bzy0D0D0AtB0FtN0D0Tzu0StCyEyDtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCyEzztAzyyBtGtByC0E0EtGtA0CtA0AtGyB0D0C0EtGtDtByC0DtAtC0ByC0CyEtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDyB0D0A0B0FtCtGyBtDtD0BtGyEyDyByEtG0A0B0B0EtGyCzyyDzy0FyCyByD0AyD0D0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D1727402412%26a%3Dwbf_ggbg_15_52%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2037816613-978093755-3470329968-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ggbg_15_52¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtDzyyEyCyByB0CtB0Bzy0D0D0AtB0FtN0D0Tzu0StCyEyDtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCyEzztAzyyBtGtByC0E0EtGtA0CtA0AtGyB0D0C0EtGtDtByC0DtAtC0ByC0CyEtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDyB0D0A0B0FtCtGyBtDtD0BtGyEyDyByEtG0A0B0B0EtGyCzyyDzy0FyCyByD0AyD0D0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D1727402412%26a%3Dwbf_ggbg_15_52%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\franc\AppData\Roaming\BrowserExtensions\Coupons64.dll [2015-11-27] ()
C:\Users\franc\AppData\Roaming\BrowserExtensions\Coupons64.dll
BHO-x32: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\franc\AppData\Roaming\BrowserExtensions\Coupons.dll [2015-11-27] ()
2016-01-12 22:54 - 2016-01-12 22:54 - 00000000 ____D C:\Webzen
2016-01-12 19:17 - 2016-01-12 19:17 - 00000000 ____D C:\ProgramData\WEBZEN
2015-12-23 19:57 - 2015-12-23 19:57 - 0000047 _____ () C:\Users\franc\AppData\Roaming\WB.CFG
Browser Extensions (HKU\S-1-5-21-2037816613-978093755-3470329968-1001\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.8.8.11 - Spigot, Inc.) <==== ATTENTION
Settings Manager (HKU\S-1-5-21-2037816613-978093755-3470329968-1001\...\Settings Manager) (Version: 24.0.0.1 - Spigot, Inc.) <==== ATTENTION
FirewallRules: [TCP Query User{5EDF9FEA-15E3-40B1-8CA7-9C5FB05420BB}C:\users\franc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\franc\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5581A3A1-4062-4FCE-BFBA-CD3F50AD6C55}C:\users\franc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\franc\appdata\local\akamai\netsession_win.exe
EmptyTemp:
end
CloseProcesses:
CreateRestorePoint:
(Akamai Technologies, Inc.) C:\Users\franc\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\franc\AppData\Local\Akamai\netsession_win.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2037816613-978093755-3470329968-1001\...\Run: [Akamai NetSession Interface] => C:\Users\franc\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2037816613-978093755-3470329968-1001\...\Run: [Browser Extensions] => C:\Users\franc\AppData\Roaming\BrowserExtensions\BEHelper.exe [553968 2015-11-27] ()
BootExecute: autocheck autochk * sdnclean64.exe
HKU\S-1-5-21-2037816613-978093755-3470329968-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/?type=715483&fr=spigot-yhp-ie
SearchScopes: HKU\S-1-5-21-2037816613-978093755-3470329968-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ggbg_15_52¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtDzyyEyCyByB0CtB0Bzy0D0D0AtB0FtN0D0Tzu0StCyEyDtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCyEzztAzyyBtGtByC0E0EtGtA0CtA0AtGyB0D0C0EtGtDtByC0DtAtC0ByC0CyEtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDyB0D0A0B0FtCtGyBtDtD0BtGyEyDyByEtG0A0B0B0EtGyCzyyDzy0FyCyByD0AyD0D0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D1727402412%26a%3Dwbf_ggbg_15_52%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2037816613-978093755-3470329968-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ggbg_15_52¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtDzyyEyCyByB0CtB0Bzy0D0D0AtB0FtN0D0Tzu0StCyEyDtBtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyByCyEzztAzyyBtGtByC0E0EtGtA0CtA0AtGyB0D0C0EtGtDtByC0DtAtC0ByC0CyEtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDyB0D0A0B0FtCtGyBtDtD0BtGyEyDyByEtG0A0B0B0EtGyCzyyDzy0FyCyByD0AyD0D0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D1727402412%26a%3Dwbf_ggbg_15_52%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\franc\AppData\Roaming\BrowserExtensions\Coupons64.dll [2015-11-27] ()
C:\Users\franc\AppData\Roaming\BrowserExtensions\Coupons64.dll
BHO-x32: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\franc\AppData\Roaming\BrowserExtensions\Coupons.dll [2015-11-27] ()
2016-01-12 22:54 - 2016-01-12 22:54 - 00000000 ____D C:\Webzen
2016-01-12 19:17 - 2016-01-12 19:17 - 00000000 ____D C:\ProgramData\WEBZEN
2015-12-23 19:57 - 2015-12-23 19:57 - 0000047 _____ () C:\Users\franc\AppData\Roaming\WB.CFG
Browser Extensions (HKU\S-1-5-21-2037816613-978093755-3470329968-1001\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.8.8.11 - Spigot, Inc.) <==== ATTENTION
Settings Manager (HKU\S-1-5-21-2037816613-978093755-3470329968-1001\...\Settings Manager) (Version: 24.0.0.1 - Spigot, Inc.) <==== ATTENTION
FirewallRules: [TCP Query User{5EDF9FEA-15E3-40B1-8CA7-9C5FB05420BB}C:\users\franc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\franc\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5581A3A1-4062-4FCE-BFBA-CD3F50AD6C55}C:\users\franc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\franc\appdata\local\akamai\netsession_win.exe
EmptyTemp:
end