start CreateRestorePoint: CloseProcesses: RemoveProxy: GroupPolicy: Restriction <==== ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-621563554-473009413-2991657361-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-621563554-473009413-2991657361-1000] ATTENTION => URLSearchHook par défaut est absent SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente FF Extension: (Элементы Яндекса: Почта) - C:\Users\soft\AppData\Roaming\Mozilla\Firefox\Profiles\a009m65j.default\Extensions\yasearch@yandex.ru.xpi [2017-12-31] FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Pas de fichier] FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Pas de fichier] FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) CHR NewTab: Default -> Not-active:"chrome-extension://kbfibfefojibckgfhaeakamkkhphkmmf/newtab/newtab.html", Not-active:"chrome-extension://dkmodendjhhdblmhbpapnbfmgndpdifg/newtab/newtab.html" S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\soft\AppData\Local\MEGAsync\ShellExtX32.dll -> Pas de fichier ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\soft\AppData\Local\MEGAsync\ShellExtX32.dll -> Pas de fichier ShellIconOverlayIdentifiers-x32-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\soft\AppData\Local\MEGAsync\ShellExtX32.dll -> Pas de fichier ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\soft\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\soft\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\soft\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier Task: {06F1CA19-0872-4EF6-8732-08EA648E04FC} - System32\Tasks\kpke53f4 => C:\Program Files\Common Files\jqgvgwk4\69bcejdhk0nz4.exe <==== ATTENTION Task: {09A53F44-A549-4FF8-936E-92DFAE357203} - System32\Tasks\vncgcsjw => C:\Program Files\Common Files\i1yv2boo\770dby4iqojeg.exe <==== ATTENTION Task: {11664C37-9207-4269-97C6-8D9EF94AB255} - System32\Tasks\tra4hnk5 => C:\Program Files\Common Files\dwgs2ipe\ce565cuupwxea.exe <==== ATTENTION Task: {2A0701EE-43C7-4C2B-BFF7-96B090D8EE3A} - System32\Tasks\z1p0njc3 => C:\Program Files\Common Files\5ml4djys\89c25oxh5fbvd.exe <==== ATTENTION Task: {2B518D9E-F2E1-43E0-82D1-ACFFEFF745C1} - System32\Tasks\prmauct => C:\Windows\system32\config\systemprofile\AppData\Local\Ran-Lux [Argument = /t 2056 8816] <==== ATTENTION Task: {3C20CD1D-B9FA-4925-9762-295191877FCA} - System32\Tasks\jedobmub => C:\Program Files\Common Files\dqjmygv0\040fchb31dgdn.exe <==== ATTENTION Task: {55174923-74AC-4F41-B052-235CEB3B0CD7} - System32\Tasks\qfwqvtfm => C:\Program Files\Common Files\ld1shthe\8c8f2d4eaqvtg.exe <==== ATTENTION Task: {5621B49C-2693-4B6D-AE5B-0F4AEC11483A} - System32\Tasks\{D8C235A1-8AD5-49C7-A6BC-A313B4CAB1D1} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.21.0.100&LastError=-3 Task: {572EA38C-FDA9-4145-9189-41AA8031BEBF} - System32\Tasks\n1213gup => C:\Program Files\Common Files\llnw1bmq\3e683xf0ktg1f.exe <==== ATTENTION Task: {59ADC03F-109D-4481-A63E-FC6D25B53A68} - System32\Tasks\zkglym0t => C:\Program Files\Common Files\h115mr0c\85a5ccmm4do3o.exe <==== ATTENTION Task: {5B58E6C0-45EC-427A-8B64-54621126D2B6} - System32\Tasks\la30te2l => C:\Program Files\Common Files\1zvwtpdt\ed300kgyvopij.exe <==== ATTENTION Task: {74F03326-76A1-4C77-818E-78D0BB4A47D6} - System32\Tasks\yk5a0xzu => C:\Program Files\Common Files\1phw2d25\6fd79ijlx2oto.exe <==== ATTENTION Task: {8282DCB1-8582-423A-852F-CFF0958897F9} - System32\Tasks\nbtfzf3j => C:\Program Files\Common Files\2xk2iwxq\abfa8sb5nd2pd.exe <==== ATTENTION Task: {874B7C1E-988B-4AA4-9CD2-058F5EE249DD} - System32\Tasks\pfn1dfcx => C:\Program Files\Common Files\2oj3r015\4f327bsq4f4ua.exe <==== ATTENTION Task: {95AA2A4C-A510-4C3B-8808-7B20017E2D1A} - System32\Tasks\pis40ldo => C:\Program Files\Common Files\qoq4qkj2\7add3jt5bizqj.exe <==== ATTENTION Task: {A65C0806-B996-4B45-A5A2-CD4D93B9DE6A} - System32\Tasks\tbwlnez3 => C:\Program Files\Common Files\p03rdbst\b7ed0qis4jolo.exe <==== ATTENTION Task: {B026F6BB-E479-468B-ADA4-66810027E72F} - \DRPNPS -> Pas de fichier <==== ATTENTION Task: {B81CCD90-6E5E-4CC1-8C55-748457BE7E2A} - System32\Tasks\mobo3vrd => C:\Program Files\Common Files\gmwdejki\1e478h51mmnc0.exe <==== ATTENTION Task: {D0CE50B4-E00E-4318-B31A-49BEBA92F11F} - System32\Tasks\lbyof2k0 => C:\Program Files\Common Files\v1e3pxnu\62ebaz1akabcr.exe <==== ATTENTION Task: {DB62CAB8-4849-4361-86BE-B4169D416B69} - System32\Tasks\v5ohfde1 => C:\Program Files\Common Files\n2e5t2ji\9ebb6esrdwsxh.exe <==== ATTENTION Task: {DDB7369B-A459-42E0-B46D-3FFC76F71EB5} - System32\Tasks\bkgzr0m2 => C:\Program Files\Common Files\3acsq11p\f7ab6dxxg3yus.exe <==== ATTENTION Task: {E7977416-A12C-4ABB-9083-D07529FF906C} - System32\Tasks\qg4owms1 => C:\Program Files\Common Files\crh5r1qp\ebd2d32hyldjr.exe <==== ATTENTION CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: EmptyTemp: Reboot: end