start CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-1205918481-316555937-3933596391-1001\...\Run: [Chromium] => c:\users\bureau\appdata\local\chromium\application\chrome.exe [1035264 2016-03-17] (The Chromium Authors) GroupPolicy: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_851eac3879bbeea642¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaITAbQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vmo3vqYVNVFdISIVwVQ4JaYTvFFdISoXwVRdIGYTNVA9GqYVNUI3wGYGwVM3vCk3vFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoVwV5cGWUSNFRcEqULNopcGWUIvmFbF6oWwVM3vCIWNVRdIWYYvFM9I6oXwVU4ICk3wVw3vCIYvFQ4ICISvFM4IGYUNVE9I6IYvFJdISoWwVU4JmIXvFM9JqYXwVU4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFFdJmIVvFFdJGYYNVM9JCISwVI4JaYVvFE9I6oUwVU4IWYVwVw3vCIVvFQ4J6ISNVNdJ6k3vFNdIWYWwVM4JaYVNVM3vGYYNoU9GqYYNVc3wCoUQGR7B6RoN9JbNWZ4NqZ5MWx6QGR7BHFaISopzU0aCaV6CaRaC6wfAo0sASMbB7suNGwuNWEux6MmNWMuB7xcNqZaMrFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D¶m2=LWN9MqF8LGRb HKU\S-1-5-21-1205918481-316555937-3933596391-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_851eac3879bbeea642¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaITAbQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vmo3vqYVNVFdISIVwVQ4JaYTvFFdISoXwVRdIGYTNVA9GqYVNUI3wGYGwVM3vCk3vFE9GqUNNos3wCIYwVA9Jmk4wVA4ICITvFI9J6ILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoVwV5cGWUSNFRcEqULNopcGWUIvmFbF6oWwVM3vCIWNVRdIWYYvFM9I6oXwVU4ICk3wVw3vCIYvFQ4ICISvFM4IGYUNVE9I6IYvFJdISoWwVU4JmIXvFM9JqYXwVU4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFFdJmIVvFFdJGYYNVM9JCISwVI4JaYVvFE9I6oUwVU4IWYVwVw3vCIVvFQ4J6ISNVNdJ6k3vFNdIWYWwVM4JaYVNVM3vGYYNoU9GqYYNVc3wCoUQGR7B6RoN9JbNWZ4NqZ5MWx6QGR7BHFaISopzU0aCaV6CaRaC6wfAo0sASMbB7suNGwuNWEux6MmNWMuB7xcNqZaMrFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D¶m2=LWN9MqF8LGRb FF DefaultSearchEngine: Mozilla\Firefox\Profiles\n30ikmkg.default -> search.yahoo.com FF SelectedSearchEngine: Mozilla\Firefox\Profiles\n30ikmkg.default -> search.yahoo.com FF Extension: (FromDocToPDF) - C:\Users\Bureau\AppData\Roaming\Mozilla\Firefox\Profiles\n30ikmkg.default\Extensions\_65Members_@download.fromdoctopdf.com [2017-05-01] FF Homepage: Mozilla\Firefox\Profiles\n30ikmkg.default -> hxxps://fr.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_26_wnf_adsrch_17_05_ssg03_cg12036¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dfr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzuzyzz0D0E0DtDtByC0FyE0DyBtB0E0F0FtN0D0Tzu0StBtDtDzytN1L2XzutAtFtAtBtFtCtFyDtDtN1L1Czu1M1Q1CtAtBtFtAtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyByEyEtCtByBtB0DtGyEzyyCzytGyEyEtDtCtGyC0AtAtAtG0EtCyE0FyD0D0BtD0AyCzz0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0BtDyE0A0A0CtAtGtDyC0DyEtGyEtAyD0DtGzytDyByCtG0C0CzzyC0D0CtCyC0D0Czy0A2QtN0A0LzuyEtN0D0T0S1P1RzutCyEzyzytDtAyDyEyDtA%26cr%3D471702378%26a%3Dhdr_s_17_26_wnf_adsrch_17_05_ssg03_cg12036%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome CHR NewTab: Default -> Active:"chrome-extension://bpmmandcadflhnnaiclipadomfmdbjbp/ntab.html" CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Extension: (uTab) - C:\Users\Bureau\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpmmandcadflhnnaiclipadomfmdbjbp [2017-07-20] CHR Extension: (hTab) - C:\Users\Bureau\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj [2017-05-31] CHR Extension: (Search Manager) - C:\Users\Bureau\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-07-20] CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [njpedbdniajflhgfoipnjkednnlkngbj] - hxxps://clients2.google.com/service/update2/crx 2017-07-22 10:33 - 2017-07-22 10:33 - 000000000 ____D C:\Users\Bureau\AppData\Local\YSearchUtil C:\Users\Bureau\AppData\Local\YSearchUtil 2017-07-22 10:33 - 2017-07-22 10:33 - 000000000 ____D C:\Program Files (x86)\Yahoo! 2016-12-04 12:18 - 2016-12-04 12:18 - 000000016 _____ () C:\ProgramData\mntemp 2016-12-04 12:18 - 2016-12-04 12:18 - 000005017 _____ () C:\ProgramData\mudtcpaz.vzs C:\Windows\Tasks\{14487118-18FD-72DA-DB32-24C6B11E5052}.job C:\Windows\Tasks\{72CDB00A-4A43-DBE5-214E-772CE728F8B2}.job Task: {6F38E3E4-E592-49AC-A78D-B4E4973AF6CC} - System32\Tasks\Yahoo! Powered forad => C:\Windows\system32\wscript.exe "C:\ProgramData\{1917DC74-9355-56B2-1593-C8F08FD1433E}\mofi.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b31393137444337342d393335352d353642322d313539332d4338463038464431343333457d5c63696c61736f" "433a5c50726f6772616d446174615c7b31393137444337342d393335352d353642322d313539 (l'élément de données a 78 caractères en plus). <==== ATTENTION Task: C:\WINDOWS\Tasks\Bing Search Engine forad.job => Wscript.exe C:\ProgramData\{FEBF3BDC-74FD-B11A-F23B-2F586879A496}\mofi.txt <==== ATTENTION Task: C:\WINDOWS\Tasks\Yahoo! Powered forad.job => Wscript.exe C:\ProgramData\{1917DC74-9355-56B2-1593-C8F08FD1433E}\mofi.txt <==== ATTENTION Task: C:\WINDOWS\Tasks\{14487118-18FD-72DA-DB32-24C6B11E5052}.job => C:\Users\Bureau\AppData\Roaming\Risakadu\PRODUC~1.EXE Task: C:\WINDOWS\Tasks\{72CDB00A-4A43-DBE5-214E-772CE728F8B2}.job => C:\Users\Bureau\AppData\Roaming\72CDB0~1\SyncTask.exe <==== ATTENTION FirewallRules: [{6C4C8416-D92F-4E6B-841E-9D133EBD0009}] => (Allow) C:\Users\Bureau\AppData\Local\Chromium\Application\chrome.exe EmptyTemp: end