start::
CloseProcesses:
CreateRestorePoint:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2504377028-1107847357-2258499132-1001\...\Run: [cacaoweb] => C:\Users\eric\Desktop\cacaoweb.exe [568624 2018-02-27] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2504377028-1107847357-2258499132-1001 -> {D97B37B1-4890-4E21-B36C-E0EE7F62D1D9} URL = hxxps://fr.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Pas de nom -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> Pas de fichier
BHO-x32: Pas de nom -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> Pas de fichier
FF Extension: (cacaoweb) - C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\vqgdkn3t.default\Extensions\cacaoweb@cacaoweb.org [2017-11-06] [Legacy] [non signé]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => non trouvé(e)
CHR NewTab: Default -> Active:"chrome-extension://mgdfdooahmmbebpgeglodiacoljfikka/productnewtab.html"
CHR DefaultSearchURL: Default -> hxxps://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxps://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S3 cpuz143; C:\Users\eric\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2018-02-28] (CPUID) <==== ATTENTION
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
2018-02-27 21:04 - 2017-11-06 21:13 - 000000000 ____D C:\Users\eric\AppData\Roaming\cacaoweb
2018-02-27 20:38 - 2014-03-01 19:50 - 000568624 _____ C:\Users\eric\Desktop\cacaoweb.exe
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier
Task: {03B10CAB-CDDD-4D20-A898-78EDA0009C74} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {1B386EDB-53C5-4B7A-822A-0E219C7E5DCF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {3D4A313A-EA69-4784-BCBE-A0D04AB3C728} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {59DD0B7B-0CD1-45FD-BACF-02F362ECD323} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {64C02A34-E1A1-4DF2-8B5B-884CFF9310A1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {7C59E9D3-3BF5-4A21-9112-4DEDEFF7B116} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {81FC2B6B-1F70-490E-A330-6DB5C29BB43D} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {A619E541-0298-4BC3-AB5B-DD59818D4A42} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {E1FF3EAE-51D8-400F-9A86-FE24E9FC8E80} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {E5288816-7589-4160-AEFD-82CE0792E91E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {E8C38C18-DC9C-4487-A7E7-2D3EAB4115C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
Task: {F1F2CBEB-D5F2-446D-AD8C-156CF626F630} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
FirewallRules: [UDP Query User{846BADC5-0142-46E5-90E4-AD7165CFCD08}C:\users\eric\desktop\cacaoweb.exe] => (Allow) C:\users\eric\desktop\cacaoweb.exe
FirewallRules: [TCP Query User{7AC67547-EF47-42A9-BD31-143A31EDADD5}C:\users\eric\desktop\cacaoweb.exe] => (Allow) C:\users\eric\desktop\cacaoweb.exe
FirewallRules: [UDP Query User{0CF305F4-330D-45B7-8A00-A64F55925E67}C:\users\eric\desktop\cacaoweb.exe] => (Allow) C:\users\eric\desktop\cacaoweb.exe
FirewallRules: [TCP Query User{5870CF44-65C5-4578-A908-85D6A6709DC4}C:\users\eric\desktop\cacaoweb.exe] => (Allow) C:\users\eric\desktop\cacaoweb.exe
FirewallRules: [UDP Query User{CFCCAEC4-4705-456C-A917-442B63F48B01}C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [TCP Query User{B1A00013-F339-42D3-A6D8-D297F40A3821}C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [UDP Query User{39602584-0E4A-4086-8D7B-5BAAEACA942C}C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [TCP Query User{AE802F60-A24C-4E36-85EA-B92E467C4369}C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cacaoweb
C:\Users\eric\Desktop\cacaoweb.exe
DeleteValue: HKU\S-1-5-21-2504377028-1107847357-2258499132-1001\Software\Microsoft\Windows\CurrentVersion\Run|cacaoweb
C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\mgdfdooahmmbebpgeglodiacoljfikka
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
DeleteKey: HKLM\Software\Classes\CLSID\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
DeleteKey: HKCU\SOFTWARE\cacaoweb
DeleteKey: HKCU\SOFTWARE\DriverTuner
DeleteKey: HKCU\SOFTWARE\DriverTuner_Init
C:\Users\eric\AppData\Roaming\cacaoweb
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{846BADC5-0142-46E5-90E4-AD7165CFCD08}C:\users\eric\desktop\cacaoweb.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{7AC67547-EF47-42A9-BD31-143A31EDADD5}C:\users\eric\desktop\cacaoweb.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{09565784-AA39-40B1-A6D4-5B83BB5A9C79}C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5CEFA28F-8138-4E57-955F-F020F17B33A3}C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B80F1B5C-EDCD-4E04-B083-16B635D54E83}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6B5113B4-6F4A-4881-AD26-E6900E11D285}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{0CF305F4-330D-45B7-8A00-A64F55925E67}C:\users\eric\desktop\cacaoweb.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5870CF44-65C5-4578-A908-85D6A6709DC4}C:\users\eric\desktop\cacaoweb.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CFCCAEC4-4705-456C-A917-442B63F48B01}C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe
C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{B1A00013-F339-42D3-A6D8-D297F40A3821}C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{39602584-0E4A-4086-8D7B-5BAAEACA942C}C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{AE802F60-A24C-4E36-85EA-B92E467C4369}C:\users\eric\appdata\roaming\cacaoweb\cacaoweb.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{28DBA380-B88C-4384-8A79-2E5781479ABC}C:\program files (x86)\mozilla firefox\plugin-container.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{2721FB4B-ED01-4C16-B5B7-830CD457F78C}C:\program files (x86)\mozilla firefox\plugin-container.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{272F6CFC-1577-4C66-B1EC-03BEAB38A316}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7D86301D-1BAC-463C-A056-BFEAF4BD09B6}
C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgdfdooahmmbebpgeglodiacoljfikka
C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\vqgdkn3t.default\extensions\cacaoweb@cacaoweb.org
DeleteKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ddcea2a-7b00-4349-8acb-af7ba6da251f}
EmptyTemp:
end::