start::
CreateRestorePoint:
CloseProcesses:
Hosts:
CustomCLSID: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Alexis\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Alexis\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Alexis\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier
Task: {BECE904E-6D83-4955-BC45-BF991858AFDF} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]
IE trusted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\amazon.fr -> hxxps://amazon.fr
IE trusted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\...\100sexlinks.com -> 100sexlinks.com
HKU\S-1-5-21-1244105208-2027887860-2995204308-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1244105208-2027887860-2995204308-1001 -> {EFFCA2A5-355C-4B0D-BB0B-7FED127658F4} URL = hxxps://fr.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
FF user.js: detected! => C:\Users\Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\2hhljtmx.default-1432666075080\user.js [2016-01-23]
2018-09-06 12:18 - 2018-09-11 13:04 - 000000016 _____ () C:\Users\Alexis\AppData\Local\Temp\e928328709b08dd3e8bc669da41ef6e6.dll
cmd: ipconfig /flushdns
end::