Start:: CloseProcesses: CreateRestorePoint: Removeproxy: hosts: CustomCLSID: HKU\S-1-5-21-2373749050-274931957-2379866148-1001_Classes\CLSID\{408d0f14-0472-bb3e-13c1-6383e9c9ca4f}\localserver32 -> "C:\Users\dagme\AppData\Local\OneLaunch\5.22.2\OneLaunch.exe" -ToastActivated => Pas de fichier ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier HKU\S-1-5-21-2373749050-274931957-2379866148-1001\...\Run: [Mobile Partner] => C:\Program Files (x86)\Parametres SFR 3G\Parametres SFR 3G (Pas de fichier) HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = IE trusted site: HKU\S-1-5-21-2373749050-274931957-2379866148-1001\...\webcompanion.com -> hxxp://webcompanion.com HKU\S-1-5-21-2373749050-274931957-2379866148-1001\...\Run: [Web Companion] => C:\Users\dagme\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe [3515032 2024-11-12] (7270356 Canada Inc. -> Lavasoft) <==== ATTENTION HKU\S-1-5-21-2373749050-274931957-2379866148-1001\...\MountPoints2: {55026209-1a52-11ee-8a16-dc85deec3b6e} - "E:\AutoRun.exe" HKU\S-1-5-21-2373749050-274931957-2379866148-1001\...\MountPoints2: {5502620f-1a52-11ee-8a16-dc85deec3b6e} - "E:\AutoRun.exe" HKU\S-1-5-21-2373749050-274931957-2379866148-1001\...\MountPoints2: {5502622c-1a52-11ee-8a16-dc85deec3b6e} - "E:\AutoRun.exe" HKU\S-1-5-21-2373749050-274931957-2379866148-1001\...\MountPoints2: {55026342-1a52-11ee-8a16-dc85deec3b6e} - "E:\AutoRun.exe" HKU\S-1-5-21-2373749050-274931957-2379866148-1001\...\MountPoints2: {55026882-1a52-11ee-8a16-dc85deec3b6e} - "E:\AutoRun.exe" Edge HomePage: Default -> hxxps:// Edge StartupUrls: Default -> "hxxps://" Edge DefaultSearchURL: Default -> hxxps://find.fnavigate-now.com/results.aspx?d=081523&n=0670&q={searchTerms}&gd=RD1002836&searchsource=69 Edge DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms} CHR HomePage: Default -> hxxps:// CHR StartupUrls: Default -> "hxxps://" CHR HomePage: Profile 1 -> hxxps:// CHR StartupUrls: Profile 1 -> "hxxps://" CHR DefaultSearchURL: Profile 1 -> hxxps://mysearchengine.co/?q={searchTerms}&sp=17&pid=IN220101&chnm2=2023-08-15 12:00:00&chnm3=9998 cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on cmd: netsh winsock reset Emptytemp: End::