start::
closeprocesses:
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-4059531746-636612358-2214297834-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Wissam\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => Pas de fichier
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> Pas de fichier
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> Pas de fichier
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> Pas de fichier
Task: {0E1B33AF-BD73-427C-BD3D-0C8DE4317F37} - \Microsoft\Windows\Setup\EOSNotify -> Pas de fichier <==== ATTENTION
IE trusted site: HKU\S-1-5-21-4059531746-636612358-2214297834-1001\...\sharepoint.com -> hxxps://eduservices-myfiles.sharepoint.com
FirewallRules: [UDP Query User{6572494A-0813-4706-A2C9-C47A6A9EEDF6}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{A6DE6AE5-D12D-4897-AE7F-F7CE4882FA0A}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{6E98B32E-7334-46CF-9351-8CE9032E9B1D}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{42FCC5BB-7E8C-45E2-B3FC-54F5B8745D4B}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
HKLM-x32\...\Run: [LManager] => [X]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrj8rem5krhc5mQfe4JcHJJaEnBh_0a-W2Hf7VWuFX-RyNYveLdI5juR-8uvkt4BS3iVcFTKl_V2USnOdANTdiET5ybtja8_5Q,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrjwvDU4jYMWNpc41ZFDCx_-GdAXwJLc_zj0Xg7BuPiUFJF1Ui0LXwkEDhbVa_1fu2oPb7HtprabRC15FwepIx3WC4iQ7HLqRA,,&q={searchTerms}
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrjwvDU4jYMWNpc41ZFDCx_-GdAXwJLc_zj0Xg7BuPiUFJF1Ui0LXwkEDhbVa_1fu2oPb7HtprabRC15E-kzlF2D2K-W0BimLA,,&q={searchTerms}
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrj8rem5krhc5mQfe4JcHJJaEnBh_0a-W2Hf7VWuFX-RyNYveLdI5juR-8uvkt4BS3iVcFTKl_V2USnOcLAqS5QxZC0RHSHWsQ,,
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://kogoa.com
HKU\S-1-5-21-4059531746-636612358-2214297834-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=F26E1A763F00CAA9&affID=119357&tsp=5020
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-4059531746-636612358-2214297834-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-4059531746-636612358-2214297834-1001 -> {2891CFCE-B595-4609-95F3-F784F5C7A308} URL =
BHO: Pas de nom -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Pas de fichier
FF Homepage: Mozilla\Firefox\Profiles\tr8iro4m.default -> hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrj8rem5krhc5mQfe4JcHJJaEnBh_0a-W2Hf7VWuFX-RyNYveLdI5juR-8uvkt4BS3iVcFTKl_V2USnOcLAqS5QxZC0RHSHWsQ,,
FF NewTab: Mozilla\Firefox\Profiles\tr8iro4m.default -> hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrj6dV7J9uAJhLaUo4GRubhyggzhbdgZLxSMUai2tyIuvID6ySabp0vseTld2an4cftZy2HbOXiG4XHeP_XNne9S5G6ePTtL9A,,
FF SearchPlugin: C:\Users\Wissam\AppData\Roaming\Mozilla\Firefox\Profiles\tr8iro4m.default\searchplugins\Web Search.xml [2015-05-22]
CHR HomePage: Default -> hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6YBCFyuyOThLNwz57p8HO0CgRh5dTVDwaxuV90cd7CN1T-inQtVsroWrpVph0JRoWGq8JuByscNRrj8rem5krhc5mQfe4JcHJJaEnBh_0a-W2Hf7VWuFX-RyNYveLdI5juR-8uvkt4BS3iVcFTKl_V2USnOdANTdiET5ybtja8_5Q,,
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
2018-04-14 14:47 - 2014-07-23 12:31 - 000000000 ____D C:\Users\Wissam\AppData\Local\Smartbar
2018-04-06 10:28 - 2012-07-26 10:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-04-12 13:22 - 2018-04-12 14:49 - 000086016 _____ () C:\Users\Wissam\AppData\Local\Temp\-qt1hpg2.dll
2018-04-12 19:18 - 2018-04-12 21:29 - 000086016 _____ () C:\Users\Wissam\AppData\Local\Temp\i_rsbilp.dll
2016-10-23 22:56 - 2016-10-23 22:56 - 000737856 _____ (Oracle Corporation) C:\Users\Wissam\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-08-10 18:01 - 2017-08-10 18:01 - 000740416 _____ (Oracle Corporation) C:\Users\Wissam\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-17 20:52 - 2017-10-17 20:52 - 001856576 _____ (Oracle Corporation) C:\Users\Wissam\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-04-17 21:27 - 2018-04-17 21:27 - 001884616 _____ (Oracle Corporation) C:\Users\Wissam\AppData\Local\Temp\jre-8u171-windows-au.exe
cmd: ipconfig /flushdns
emptytemp:
end::