Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction
Tcpip\..\Interfaces\{14b02b79-ea20-4db5-8df0-0a9befe49090}: [DhcpNameServer] 40.52.1.13 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_17_07_ssg08¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0CyD0Czz0E0D0C0EtC0E0FyC0F0D0DtN0D0Tzu0StCzzyByEtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0D0DtAtCzy0AzytGyB0C0E0BtGzzyD0FzztGtAyEtB0CtGyDtD0AzytB0F0CtD0FzyyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDtA0DtDzzzy0BtG0BtA0E0DtGyEtA0BtBtG0AyCtB0FtGyCtDyCyEyD0DtC0E0EtDyDtB2QtN0A0LzuyE%26cr%3D238687618%26a%3Dwbf_popjar_17_07_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2729967702-1330283227-560769821-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.accueil-nav.com/ 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_17_07_ssg08¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0CyD0Czz0E0D0C0EtC0E0FyC0F0D0DtN0D0Tzu0StCzzyByEtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0D0DtAtCzy0AzytGyB0C0E0BtGzzyD0FzztGtAyEtB0CtGyDtD0AzytB0F0CtD0FzyyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDtA0DtDzzzy0BtG0BtA0E0DtGyEtA0BtBtG0AyCtB0FtGyCtDyCyEyD0DtC0E0EtDyDtB2QtN0A0LzuyE%26cr%3D238687618%26a%3Dwbf_popjar_17_07_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_17_07_ssg08¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0CyD0Czz0E0D0C0EtC0E0FyC0F0D0DtN0D0Tzu0StCzzyByEtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0D0DtAtCzy0AzytGyB0C0E0BtGzzyD0FzztGtAyEtB0CtGyDtD0AzytB0F0CtD0FzyyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDtA0DtDzzzy0BtG0BtA0E0DtGyEtA0BtBtG0AyCtB0FtGyCtDyCyEyD0DtC0E0EtDyDtB2QtN0A0LzuyE%26cr%3D238687618%26a%3Dwbf_popjar_17_07_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_17_07_ssg08¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0CyD0Czz0E0D0C0EtC0E0FyC0F0D0DtN0D0Tzu0StCzzyByEtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0D0DtAtCzy0AzytGyB0C0E0BtGzzyD0FzztGtAyEtB0CtGyDtD0AzytB0F0CtD0FzyyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDtA0DtDzzzy0BtG0BtA0E0DtGyEtA0BtBtG0AyCtB0FtGyCtDyCyEyD0DtC0E0EtDyDtB2QtN0A0LzuyE%26cr%3D238687618%26a%3Dwbf_popjar_17_07_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_17_07_ssg08¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0CyD0Czz0E0D0C0EtC0E0FyC0F0D0DtN0D0Tzu0StCzzyByEtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0D0DtAtCzy0AzytGyB0C0E0BtGzzyD0FzztGtAyEtB0CtGyDtD0AzytB0F0CtD0FzyyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDtA0DtDzzzy0BtG0BtA0E0DtGyEtA0BtBtG0AyCtB0FtGyCtDyCyEyD0DtC0E0EtDyDtB2QtN0A0LzuyE%26cr%3D238687618%26a%3Dwbf_popjar_17_07_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2729967702-1330283227-560769821-1001 -> DefaultScope {651E80A6-E89C-4FE5-BDA3-79A7377362CE} URL = hxxp://www.accueil-nav.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2729967702-1330283227-560769821-1001 -> {651E80A6-E89C-4FE5-BDA3-79A7377362CE} URL = hxxp://www.accueil-nav.com/search?q={searchTerms} 
CHR HomePage: Default -> hxxp://www.accueil-nav.com/
CHR StartupUrls: Default -> "hxxp://www.accueil-nav.com/"
CHR DefaultSearchURL: Default -> hxxp://www.accueil-nav.com/search?q={searchTerms} 
C:\Users\rih73\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2729967702-1330283227-560769821-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx 
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx 
S2 0193201535293203mcinstcleanup; C:\Users\rih73\AppData\Local\Temp\019320~1.EXE -cleanup -nolog [X]
2017-10-21 10:35 - 2017-10-21 10:35 - 0005108 _____ () C:\ProgramData\mudtcpaz.vzs 
C:\Program Files\WebBarMedia
C:\Program Files\ByteFence
C:\Program Files (x86)\PRO PC Cleaner
C:\ProgramData\{58359D56-D277-1790-54B1-89D2CEF3021C}
Task: {01E69002-D5F8-41FF-8451-260CF828C07E} - System32\Tasks\WBUpdateTask => C:\Program Files\WebBarMedia\5.6.6773.23330\winwb.exe 
Task: {048F2C47-83DF-41F1-872D-2F4B64A42BEF} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe
Task: {1440D4A4-BF1D-47AD-9E5F-8B45016AA13B} - System32\Tasks\PROPCCleaner_Start => C:\Program Files (x86)\PRO PC Cleaner\PROPCCleaner.exe
Task: {5BF972C9-FEF2-44CF-976B-5B2C15C81547} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe
Task: {B00BEAA3-3D5A-4988-8B6D-DF6D1B47D0BD} - System32\Tasks\PROPCCleaner_Popup => C:\Program Files (x86)\PRO PC Cleaner\Splash.exe
Task: {B8BA0E13-F1A4-483C-9AF5-0922A0F6F1AC} - System32\Tasks\Yahoo! Powered didom => Wscript.exe "C:\ProgramData\{58359D56-D277-1790-54B1-89D2CEF3021C}\rite.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b35383335394435362d443237372d313739302d353442312d3839443243454633303231437d5c636f636f6e6f" "433a5c50726f6772616d446174615c7b35383335394435362d443237372d313739302d353442 (l'élément de données a 78 caractères en plus). 
Task: C:\WINDOWS\Tasks\Yahoo! Powered didom.job => Wscript.exe C:\ProgramData\{58359D56-D277-1790-54B1-89D2CEF3021C}\rite.txt
EmptyTemp:
End::