Start:: CloseProcesses: CreateRestorePoint: Removeproxy: Hosts: Edge Extension: (CosmicFractel) - C:\Users\alain\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pgpiefhbkihbadllfgjfdejpagedapkl [2024-07-15] [UpdateUrl:hxxps://worldnotificationupdate2.com/crx/updates.php] <==== ATTENTION CHR Extension: (CosmicFractel) - C:\Users\alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpiefhbkihbadllfgjfdejpagedapkl [2024-07-15] [UpdateUrl:hxxps://worldnotificationupdate2.com/crx/updates.php] <==== ATTENTION CHR HKLM-x32\...\Chrome\Extension: [pgpiefhbkihbadllfgjfdejpagedapkl] C:\\Users\\alain\\AppData\\Local\\apps.crx [2024-06-13] C:\Users\alain\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pgpiefhbkihbadllfgjfdejpagedapkl [2024-07-15] HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Pas de fichier] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Pas de fichier] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Pas de fichier] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Pas de fichier] 2024-06-21 16:14 - 2024-06-21 16:14 - 000000000 ____D C:\Users\alain\AppData\Local\UT008 CustomCLSID: HKU\S-1-5-21-1818419070-2130940305-3515377871-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\alain\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\FileCoAuth.exe => Pas de fichier IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-1818419070-2130940305-3515377871-1001\...\webcompanion.com -> hxxp://webcompanion.com HKU\S-1-5-21-1818419070-2130940305-3515377871-1001\...\StartupApproved\Run: => "Web Companion" 2024-06-21 16:19 - 2024-06-30 10:01 - 000000000 ____D C:\Users\alain\AppData\Local\Lavasoft 2024-06-21 16:16 - 2024-06-30 10:01 - 000000000 ____D C:\ProgramData\Lavasoft HKU\S-1-5-21-1818419070-2130940305-3515377871-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (Pas de fichier) <==== ATTENTION cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on cmd: netsh winsock reset Emptytemp: End::