start::
CreateRestorePoint:
CloseProcesses:
(Sysinternals - www.sysinternals.com) C:\Documents and Settings\GUY\Mes documents\telechargements Firefox\Téléchargements\ProcessExplorer\procexp.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKU\S-1-5-21-1244932473-1437103906-3774367802-1000\...\Run: [] => [X]
HKU\S-1-5-21-1244932473-1437103906-3774367802-1000\...\Winlogon: [Shell] D:\Windows\explorer.exe [2972672 2016-08-29] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Restriction ?
S1 asrdmon; \SystemRoot\system32\drivers\asrdmon.sys [X]
D:\Program Files\Advanced System Repair Pro 1.8.0.2
D:\Windows\Prefetch\ADVANCEDSYSTEMREPAIRPRO.EXE-C54DCAAD.pf
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{4100CA8F-FCE9-4434-8DB8-569B0E732BD0}C:\program files\lanping\lanping.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{F1363B84-025E-498E-8D5D-BEECEE065995}C:\program files\lanping\lanping.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{BB9B992C-CCC3-41EB-9B6A-6F30B3D10228}C:\program files\lanping\lanping.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{19668B56-1A58-42D1-BBC7-171ED3D44A5E}C:\program files\lanping\lanping.exe
2019-01-04 13:22 - 2019-01-04 13:22 - 000392704 ____N () D:\Users\GUY Win7\AppData\Local\Temp\dfr2094.tmp.dll
2019-01-04 17:31 - 2019-01-04 17:31 - 000392704 _____ () D:\Users\GUY Win7\AppData\Local\Temp\dfr32A1.tmp.dll
2019-01-04 19:15 - 2019-01-04 19:15 - 000392704 _____ () D:\Users\GUY Win7\AppData\Local\Temp\dfr7981.tmp.dll
2019-01-04 19:26 - 2019-01-04 19:26 - 000392704 _____ () D:\Users\GUY Win7\AppData\Local\Temp\dfrD127.tmp.dll
2019-01-07 12:48 - 2019-01-07 12:48 - 000684032 _____ (PC SOFT) D:\Users\GUY Win7\AppData\Local\Temp\WD140IMG.DLL
Task: {3DF9AD60-9479-4507-B21A-B091B26DEA28} - \DecGUY Win7 -> Pas de fichier
Task: {6F4AADD7-CA80-4E82-9CC1-76E2FD2160D3} - System32\Tasks\{094D962C-3D31-4D08-8BD7-ECFB7824B5E1} => D:\Users\GUY Win7\Desktop\RESTORED\2018-08-01_20-23-40\winpurifier.exe
Task: {70367B66-89DD-4AE3-B9D8-33A32BFDB789} - System32\Tasks\{873FA1C1-0D95-4534-82BD-1F95E256A027} => D:\Users\GUY Win7\Desktop\RESTORED\2018-08-01_20-23-40\winpurifier.exe
Task: D:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6f2fd503-39f8-46b2-bfc2-31048840b3a8.job => D:\Program Files\SUPERAntiSpyware\SASTask.exedD:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: D:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a47b36d7-d818-412f-86df-cf8c2870eda1.job => D:\Program Files\SUPERAntiSpyware\SASTask.exedD:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: D:\Windows\Tasks\_DEFAULT.job => D:\Users\GUY Win7\Desktop\RESTORED\2018-08-01_20-23-40\winpurifier.exe
Hosts:
EmptyTemp:
end::