start::
closeprocesses:
createrestorepoint:
AlternateDataStreams: C:\Users\Ben admin:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Ben admin\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Ben admin\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Ben admin\AppData\Local\Temp:$DATA&#8203; [34]
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1720856411-2809595470-3261546865-1001\...\ma-config.com -> hxxp://ma-config.com
IE trusted site: HKU\S-1-5-21-1720856411-2809595470-3261546865-1001\...\ma-config.com -> hxxps://ma-config.com
IE trusted site: HKU\S-1-5-21-1720856411-2809595470-3261546865-1001\...\touslesdrivers.com -> hxxp://touslesdrivers.com
IE trusted site: HKU\S-1-5-21-1720856411-2809595470-3261546865-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-1720856411-2809595470-3261546865-1001\...\StartupApproved\Run: => "Web Companion"
cmd: netsh advfirewall reset
HKU\S-1-5-21-1720856411-2809595470-3261546865-1001\...\Run: [Power2GoExpress10] => NA
HKU\S-1-5-21-1720856411-2809595470-3261546865-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7410464 2019-01-26] (Lavasoft Limited -> Lavasoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.)
C:\Program Files (x86)\Lavasoft
C:\Program Files\McAfee Security Scan
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> Pas de fichier <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> Pas de fichier <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> Pas de fichier <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> Pas de fichier <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> Pas de fichier <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> Pas de fichier <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1433588394&z=806d2160d6047b62a315c63gdz7cdcbw6bbb2cdt5q&from=smt&uid=WDCXWD10EZEX-60M2NA0_WD-WCC3FPECKRCZCKRCZ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1433588394&z=806d2160d6047b62a315c63gdz7cdcbw6bbb2cdt5q&from=smt&uid=WDCXWD10EZEX-60M2NA0_WD-WCC3FPECKRCZCKRCZ&q={searchTerms}
SearchScopes: HKLM-x32 -> {E3C004F8-F481-4465-98CF-36D35C21372A} URL = hxxp://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1720856411-2809595470-3261546865-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1720856411-2809595470-3261546865-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D041818-A3BE04076F5&form=CONBDF&conlogo=CT3335795&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1720856411-2809595470-3261546865-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD10EZEX-60M2NA0_WD-WCC3FPECKRCZCKRCZ&ts=1433588434&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1720856411-2809595470-3261546865-1001 -> {E3C004F8-F481-4465-98CF-36D35C21372A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD10EZEX-60M2NA0_WD-WCC3FPECKRCZCKRCZ&ts=1433588434&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1720856411-2809595470-3261546865-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD10EZEX-60M2NA0_WD-WCC3FPECKRCZCKRCZ&ts=1433588434&type=default&q={searchTerms}
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: Pas de nom -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Pas de fichier
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1433588394&z=806d2160d6047b62a315c63gdz7cdcbw6bbb2cdt5q&from=smt&uid=WDCXWD10EZEX-60M2NA0_WD-WCC3FPECKRCZCKRCZ
FF HKU\S-1-5-21-1720856411-2809595470-3261546865-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => non trouvé(e)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25888 2019-01-26] (Lavasoft Limited -> )
cmd: netsh advfirewall reset
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U3 McAPExe; pas de ImagePath
U3 McMPFSvc; pas de ImagePath
U3 McNaiAnn; pas de ImagePath
U3 mcpltsvc; pas de ImagePath
U3 mfecore; pas de ImagePath
U3 MSK80Service; pas de ImagePath
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
emptytemp:
end::