start CreateRestorePoint: CloseProcesses: RemoveProxy: HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: H - H:\Auto.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {0bb34987-652d-11e6-9e02-2089845edd63} - G:\Auto.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {0bb349a6-652d-11e6-9e02-2089845edd63} - G:\Auto.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {2590a1ba-08b1-11e3-a28c-806e6f6e6963} - F:\AutoRun\AutoRunX\AutoRunX.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {28b4bd27-6663-11e6-a764-2089845edd63} - H:\Auto.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {72797b80-6645-11e6-a764-2089845edd63} - G:\Auto.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {9db14fe4-3f31-11e6-970c-db690d3a23b9} - G:\Auto.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {a0b12884-4adb-11e6-bcf4-2089845edd63} - G:\Auto.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {a0de1263-89bc-11e3-88d7-f4b7e2a36de5} - H:\Startme.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {a594ba44-3e64-11e6-8de3-f1f80b61debc} - G:\Auto.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {ddbd31d0-96b9-11e5-9f92-d3000ebbb6b0} - G:\Startme.exe HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\MountPoints2: {e35d9031-3f40-11e6-970c-db690d3a23b9} - G:\Auto.exe GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1107116363-1141585853-316225623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1107116363-1141585853-316225623-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp HKU\S-1-5-21-1107116363-1141585853-316225623-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} Maxiget Software Manager (HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\Maxiget Software Manager) (Version: 1.6.14 - ) <==== ATTENTION Software Management Module (HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\Software Management Module) (Version: 0.1.17.0 - Maxiget Ltd.) <==== ATTENTION Yahoo! Search (HKU\S-1-5-21-1107116363-1141585853-316225623-1000\...\Yahoo! Search) (Version: - Pay-By-Ads) <==== ATTENTION SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1107116363-1141585853-316225623-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1107116363-1141585853-316225623-1000 -> OldSearch URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1107116363-1141585853-316225623-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1107116363-1141585853-316225623-1000 -> {24A95BD9-ECCD-4A8D-95E9-7CCC92D6A847} URL = hxxp://q.search-simple.com/?affID=pr_d0e5a830-d82e-4aa3-ad83-46c42e29153e&q={searchTerms} SearchScopes: HKU\S-1-5-21-1107116363-1141585853-316225623-1000 -> {B2EDD107-A2EA-4E64-9AD4-C41CE59BA20A} URL = hxxp://rts.dsrlte.com/?affID=na&q={searchTerms}&r=949 SearchScopes: HKU\S-1-5-21-1107116363-1141585853-316225623-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1107116363-1141585853-316225623-1000 -> {F5D1979F-2AB2-4C28-B0EE-F36DF89007D6} URL = hxxps://www.google.com/search?q={searchTerms} DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FF ProfilePath: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\f5y3cs7g.default [2017-03-24] FF NewTab: Mozilla\Firefox\Profiles\f5y3cs7g.default -> about:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\f5y3cs7g.default -> Google (avast) FF DefaultSearchUrl: Mozilla\Firefox\Profiles\f5y3cs7g.default -> hxxps://www.google.com/search?trackid=sp-006 FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\f5y3cs7g.default -> Google (avast) FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\f5y3cs7g.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\f5y3cs7g.default -> Google (avast) FF Homepage: Mozilla\Firefox\Profiles\f5y3cs7g.default -> hxxps://www.google.com/?trackid=sp-006 FF Keyword.URL: Mozilla\Firefox\Profiles\f5y3cs7g.default -> hxxps://www.google.com/search?trackid=sp-006 FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] CHR HomePage: Default -> search-results.com/?gct=hp CHR DefaultSearchURL: Default -> hxxp://www.search-results.com/web?q={searchTerms} CHR DefaultSearchKeyword: Default -> search-results.com CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} S3 taphss6; system32\DRIVERS\taphss6.sys [X] Task: {ACDE7277-C3DA-467D-8332-4E97A389CF7B} - System32\Tasks\Yahoo! Search Updater => Wscript.exe //B "C:\Users\acer\AppData\Local\Pay-By-Ads\Yahoo! Search\1.4.2.5\..\updt.js" <==== ATTENTION CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: EmptyTemp: Reboot: end