Start::
CloseProcesses:
CreateRestorePoint:
Removeproxy:
Hosts:
Edge Extension: (CosmicFractel) - C:\Users\alain\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pgpiefhbkihbadllfgjfdejpagedapkl [2024-07-15] [UpdateUrl:hxxps://worldnotificationupdate2.com/crx/updates.php] <==== ATTENTION
CHR Extension: (CosmicFractel) - C:\Users\alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpiefhbkihbadllfgjfdejpagedapkl [2024-07-15] [UpdateUrl:hxxps://worldnotificationupdate2.com/crx/updates.php] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [pgpiefhbkihbadllfgjfdejpagedapkl]
C:\\Users\\alain\\AppData\\Local\\apps.crx [2024-06-13]
C:\Users\alain\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pgpiefhbkihbadllfgjfdejpagedapkl [2024-07-15]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Pas de fichier]
2024-06-21 16:14 - 2024-06-21 16:14 - 000000000 ____D C:\Users\alain\AppData\Local\UT008
CustomCLSID: HKU\S-1-5-21-1818419070-2130940305-3515377871-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\alain\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\FileCoAuth.exe => Pas de fichier
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1818419070-2130940305-3515377871-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-1818419070-2130940305-3515377871-1001\...\StartupApproved\Run: => "Web Companion"
2024-06-21 16:19 - 2024-06-30 10:01 - 000000000 ____D C:\Users\alain\AppData\Local\Lavasoft
2024-06-21 16:16 - 2024-06-30 10:01 - 000000000 ____D C:\ProgramData\Lavasoft
HKU\S-1-5-21-1818419070-2130940305-3515377871-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (Pas de fichier) <==== ATTENTION
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
cmd: netsh winsock reset
Emptytemp:
End::