start:: CreateRestorePoint: CloseProcesses: Hosts: RemoveProxy: EmptyTemp: HKU\S-1-5-21-2353494631-2672914251-1853476458-1004\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe SearchScopes: HKU\.DEFAULT -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart= SearchScopes: HKU\S-1-5-21-2353494631-2672914251-1853476458-1004 -> DefaultScope {FE371A36-ADD5-4F4A-9995-966064BF75DA} URL = FF SearchPlugin: C:\Users\mathi\AppData\Roaming\Mozilla\Firefox\Profiles\lwzhz5fh.default\searchplugins\bing-lavasoft-ff59.xml FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe 2018-05-18 11:43 - 2018-05-18 14:29 - 000000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2018-05-17 12:21 - 2018-01-04 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2018-04-13 18:59 - 2018-04-13 18:59 - 000001155 _____ () C:\Users\mathi\AppData\Roaming\SpeedRunnersLog.txt CustomCLSID: HKU\S-1-5-21-2353494631-2672914251-1853476458-1004_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E0C9075BF770}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Pas de fichier ShortcutWithArgument: C:\Users\mathi\Desktop\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://chercheztout.com/tram/101 ShortcutWithArgument: C:\Users\mathi\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://chercheztout.com/tram/103 ShortcutWithArgument: C:\Users\mathi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.LNK -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://chercheztout.com/tram/101 ShortcutWithArgument: C:\Users\mathi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.LNK -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://chercheztout.com/tram/103 2018-01-04 18:27 - 2018-04-06 11:13 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe 2018-01-04 18:27 - 2018-04-06 11:13 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll 2018-01-04 18:27 - 2018-04-06 11:13 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll 2018-01-04 18:27 - 2018-04-06 11:13 - 000114280 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll 2018-01-04 18:27 - 2018-04-06 11:13 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2018-01-04 18:27 - 2018-04-06 11:13 - 000361064 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2018-01-04 18:27 - 2018-04-06 11:13 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2018-01-04 18:27 - 2018-04-06 11:13 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll 2018-01-04 18:27 - 2018-04-06 11:13 - 000057448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll AlternateDataStreams: C:\Users\Public\AppData:CSM [482] IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-2353494631-2672914251-1853476458-1004\...\webcompanion.com -> hxxp://webcompanion.com cmd: ipconfig /flushdns end::