Publicité
Publicité
Format du document : text/plain
Prévisualisation
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\Run: [known] => C:\Users\PATRICK\AppData\Local\Temp\IRe.exe
HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\Run: [*B0DAE11B06A3DDE4<*>] => C:\Users\PATRICK\AppData\Roaming\B0DAE11B06A3DDE4\B0DAE11B06A3DDE4.exe
HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\CurrentVersion\Windows: [Load] C:\Users\PATRICK\LOCALS~1\Temp\mskwixead.pif
HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\Run: [MSConfig] => C:\Users\PATRICK\dwsgijh.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {843362A7-DA5D-49B4-B90F-4B9DE6ED0EDC} URL =
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
FF HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc3.xpi
FF Extension: (Pas de nom) - C:\Program Files\Internet Download Manager\idmmzcc3.xpi [2017-05-16]
FF HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\PATRICK\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\PATRICK\AppData\Roaming\IDM\idmmzcc5 [2017-04-11] [non signé]
FF HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\PATRICK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-05-17]
2017-06-17 18:56 - 2017-06-17 18:56 - 49115136 ____H (Ugisoft ) C:\Users\PATRICK\dwsgijh.exe
2017-06-29 17:08 - 2017-06-29 17:08 - 00000000 ____D C:\Users\PATRICK\AppData\Roaming\Imminent
2017-06-24 00:25 - 2017-06-24 00:28 - 00000000 __SHD C:\Users\PATRICK\AppData\Roaming\Yl9dVUAx
2017-06-21 21:03 - 2017-06-21 21:03 - 00000000 ____D C:\Users\PATRICK\AppData\Roaming\B0DAE11B06A3DDE4
2017-06-18 00:44 - 2016-10-30 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-06-18 00:44 - 2016-10-30 18:57 - 00000000 ____D C:\Users\PATRICK\AppData\Roaming\Lavasoft
2017-06-18 00:44 - 2016-10-30 18:57 - 00000000 ____D C:\ProgramData\Lavasoft
2017-06-18 00:44 - 2016-10-30 18:57 - 00000000 ____D C:\Program Files\Lavasoft
2016-04-06 10:59 - 2016-04-06 10:59 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{14E7A000-8B26-4FBE-B3AA-4076302B3467}
2016-06-20 09:15 - 2016-06-20 09:15 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{15A18A41-1F0D-45BA-9132-827A6BE58450}
2016-05-22 09:40 - 2016-05-22 09:40 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{1844537B-1E79-4F07-8002-A0DBD893F268}
2016-03-07 11:42 - 2016-03-07 11:42 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{252F981B-6C86-434A-8071-CE443F56844F}
2016-09-17 08:56 - 2016-09-17 08:57 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{4B4C4290-75BE-4430-98A7-67A4D4E0F9FD}
2016-07-01 08:41 - 2016-07-01 08:41 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{79299EB8-12C7-4360-ACAB-744791828110}
2016-03-27 12:41 - 2016-03-27 12:41 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{7A8D4DA9-6CE2-4AAC-A626-2ACFACC8F37A}
2016-04-20 10:54 - 2016-04-20 10:54 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{98BBAE14-BA39-4B08-97B3-36F5D56E9641}
2016-03-15 09:50 - 2016-03-15 09:50 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{ABF50D25-06CC-41A2-924F-90204EA3A1A4}
2016-09-29 07:34 - 2016-09-29 07:35 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{BF4BDE12-512C-4718-B5EC-9CD278210BAB}
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll => Pas de fichier
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Pas de fichier
Task: {3EDCAE45-4B4F-49C1-875B-1A26A69D8223} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {40897A63-BB3E-4B8E-B34E-3DF47FB06128} - System32\Tasks\{92CAD9A8-6F72-4275-B2C0-A37CFDFFEB1D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/fr/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Pas de fichier <==== ATTENTION
Task: {64C7F4A7-B75D-4439-B465-5814EC87A2B7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Pas de fichier
Task: {8562A7DB-1664-4800-BA19-AFDD9B7762A3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Pas de fichier <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Pas de fichier
Task: {B44A5476-7428-41AF-A6AD-28CFBB33C065} - System32\Tasks\{A28B0269-2CEE-4690-8046-7AA5B256E779} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/fr/abandoninstall?source=lightinstaller&page=tsInstall
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> Pas de fichier
Task: {FC4B6CC1-8211-4F79-9ED4-00FB1ABF4FB8} - System32\Tasks\Yl9dVUAx => C:\Users\PATRICK\AppData\Roaming\Yl9dVUAx\jvauyc32.exe [2017-06-24] ()
Shortcut: C:\Users\PATRICK\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Mes sites Web sur MSN\target.lnk -> hxxp://fr.msnusers.co
2017-06-24 00:25 - 2017-06-24 00:25 - 00273408 __RSH () C:\Users\PATRICK\AppData\Roaming\Yl9dVUAx\jvauyc32.exe
AlternateDataStreams: C:\Users\PATRICK\Local Settings:init [8638060]
AlternateDataStreams: C:\Users\PATRICK\AppData\Local:init [8638060]
AlternateDataStreams: C:\Users\PATRICK\AppData\Local\Application Data:init [8638060]
Hosts:
RemoveProxy:
EmptyTemp:
cmd: ipconfig /flushdns
end
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\Run: [known] => C:\Users\PATRICK\AppData\Local\Temp\IRe.exe
HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\Run: [*B0DAE11B06A3DDE4<*>] => C:\Users\PATRICK\AppData\Roaming\B0DAE11B06A3DDE4\B0DAE11B06A3DDE4.exe
HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\CurrentVersion\Windows: [Load] C:\Users\PATRICK\LOCALS~1\Temp\mskwixead.pif
HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\Run: [MSConfig] => C:\Users\PATRICK\dwsgijh.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {843362A7-DA5D-49B4-B90F-4B9DE6ED0EDC} URL =
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
FF HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc3.xpi
FF Extension: (Pas de nom) - C:\Program Files\Internet Download Manager\idmmzcc3.xpi [2017-05-16]
FF HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\PATRICK\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\PATRICK\AppData\Roaming\IDM\idmmzcc5 [2017-04-11] [non signé]
FF HKU\S-1-5-21-488908626-3959387196-2964971739-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\PATRICK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-05-17]
2017-06-17 18:56 - 2017-06-17 18:56 - 49115136 ____H (Ugisoft ) C:\Users\PATRICK\dwsgijh.exe
2017-06-29 17:08 - 2017-06-29 17:08 - 00000000 ____D C:\Users\PATRICK\AppData\Roaming\Imminent
2017-06-24 00:25 - 2017-06-24 00:28 - 00000000 __SHD C:\Users\PATRICK\AppData\Roaming\Yl9dVUAx
2017-06-21 21:03 - 2017-06-21 21:03 - 00000000 ____D C:\Users\PATRICK\AppData\Roaming\B0DAE11B06A3DDE4
2017-06-18 00:44 - 2016-10-30 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-06-18 00:44 - 2016-10-30 18:57 - 00000000 ____D C:\Users\PATRICK\AppData\Roaming\Lavasoft
2017-06-18 00:44 - 2016-10-30 18:57 - 00000000 ____D C:\ProgramData\Lavasoft
2017-06-18 00:44 - 2016-10-30 18:57 - 00000000 ____D C:\Program Files\Lavasoft
2016-04-06 10:59 - 2016-04-06 10:59 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{14E7A000-8B26-4FBE-B3AA-4076302B3467}
2016-06-20 09:15 - 2016-06-20 09:15 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{15A18A41-1F0D-45BA-9132-827A6BE58450}
2016-05-22 09:40 - 2016-05-22 09:40 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{1844537B-1E79-4F07-8002-A0DBD893F268}
2016-03-07 11:42 - 2016-03-07 11:42 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{252F981B-6C86-434A-8071-CE443F56844F}
2016-09-17 08:56 - 2016-09-17 08:57 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{4B4C4290-75BE-4430-98A7-67A4D4E0F9FD}
2016-07-01 08:41 - 2016-07-01 08:41 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{79299EB8-12C7-4360-ACAB-744791828110}
2016-03-27 12:41 - 2016-03-27 12:41 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{7A8D4DA9-6CE2-4AAC-A626-2ACFACC8F37A}
2016-04-20 10:54 - 2016-04-20 10:54 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{98BBAE14-BA39-4B08-97B3-36F5D56E9641}
2016-03-15 09:50 - 2016-03-15 09:50 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{ABF50D25-06CC-41A2-924F-90204EA3A1A4}
2016-09-29 07:34 - 2016-09-29 07:35 - 0000000 _____ () C:\Users\PATRICK\AppData\Local\{BF4BDE12-512C-4718-B5EC-9CD278210BAB}
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-488908626-3959387196-2964971739-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll => Pas de fichier
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Pas de fichier
Task: {3EDCAE45-4B4F-49C1-875B-1A26A69D8223} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {40897A63-BB3E-4B8E-B34E-3DF47FB06128} - System32\Tasks\{92CAD9A8-6F72-4275-B2C0-A37CFDFFEB1D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/fr/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Pas de fichier <==== ATTENTION
Task: {64C7F4A7-B75D-4439-B465-5814EC87A2B7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Pas de fichier
Task: {8562A7DB-1664-4800-BA19-AFDD9B7762A3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Pas de fichier <==== ATTENTION
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Pas de fichier
Task: {B44A5476-7428-41AF-A6AD-28CFBB33C065} - System32\Tasks\{A28B0269-2CEE-4690-8046-7AA5B256E779} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/fr/abandoninstall?source=lightinstaller&page=tsInstall
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> Pas de fichier
Task: {FC4B6CC1-8211-4F79-9ED4-00FB1ABF4FB8} - System32\Tasks\Yl9dVUAx => C:\Users\PATRICK\AppData\Roaming\Yl9dVUAx\jvauyc32.exe [2017-06-24] ()
Shortcut: C:\Users\PATRICK\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Mes sites Web sur MSN\target.lnk -> hxxp://fr.msnusers.co
2017-06-24 00:25 - 2017-06-24 00:25 - 00273408 __RSH () C:\Users\PATRICK\AppData\Roaming\Yl9dVUAx\jvauyc32.exe
AlternateDataStreams: C:\Users\PATRICK\Local Settings:init [8638060]
AlternateDataStreams: C:\Users\PATRICK\AppData\Local:init [8638060]
AlternateDataStreams: C:\Users\PATRICK\AppData\Local\Application Data:init [8638060]
Hosts:
RemoveProxy:
EmptyTemp:
cmd: ipconfig /flushdns
end