CreateRestorePoint:
CloseProcesses:
Hosts:
CustomCLSID: HKU\S-1-5-21-3647544393-2573535065-451841956-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-66F39E676CAA}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Pas de fichier
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Pas de fichier
Task: {02D609E9-8D4B-43E0-9538-61774DEF87BC} - System32\Tasks\Skype => C:\Users\Laure\AppData\Roaming\Colis-1.vbs
C:\Users\Laure\AppData\Roaming\Colis-1.vbs
Task: {566F819B-9980-4E5C-AE63-5E5CA15DD697} - \McAfee\McAfee Idle Detection Task -> Pas de fichier <==== ATTENTION
HKU\S-1-5-21-3647544393-2573535065-451841956-1000\...\Run: [5CUM8EYGB3] => "C:\Users\Laure\AppData\Roaming\Colis-1.vbs"
HKU\S-1-5-21-3647544393-2573535065-451841956-1000\...\Run: [gRleVDcATy] => wscript.exe //B "C:\Users\Laure\AppData\Roaming\gRleVDcATy.vbs"
HKU\S-1-5-21-3647544393-2573535065-451841956-1000\...\Run: [DLKF8IRFHO] => "C:\Users\Laure\AppData\Roaming\Colis-2 FR.vbs"
HKU\S-1-5-21-3647544393-2573535065-451841956-1000\...\Run: [vosJiYAhMO] => wscript.exe //B "C:\Users\Laure\AppData\Roaming\vosJiYAhMO.vbs"
C:\Users\Laure\AppData\Roaming\gRleVDcATy.vbs
C:\Users\Laure\AppData\Roaming\Colis-2 FR.vbs
C:\Users\Laure\AppData\Roaming\vosJiYAhMO.vbs
Startup: C:\Users\Laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\47CE80BB545B959E.lnk [2018-08-13]
HKU\S-1-5-21-3647544393-2573535065-451841956-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://dub120.mail.live.com/default.aspx?id=64855&owa=1&owasuffix=owa%2f
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Pas de fichier
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Pas de fichier
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Pas de fichier
CHR HomePage: Default -> hxxp://hxxp://www.golsearch.com//?babsrc=HP_ss_Btisdt6&mntrId=545B3859F9B34AC9&affID=119982&tsp=4995
CHR StartupUrls: Default -> "hxxp://hxxp://www.golsearch.com//?babsrc=HP_ss_Btisdt6&mntrId=545B3859F9B34AC9&affID=119982&tsp=4995","hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=545B3859F9B34AC9&affID=119982&tsp=4995"
S2 0210571534521089mcinstcleanup; C:\WINDOWS\TEMP\021057~1.EXE -cleanup -nolog [X]
U3 idsvc; pas de ImagePath
2018-09-06 17:59 - 2018-09-06 17:59 - 000044290 ____R C:\Users\Laure\AppData\Roaming\Colis-1 FR.vbs
2018-08-31 16:10 - 2018-08-31 16:10 - 000044064 ____R C:\Users\Laure\AppData\Roaming\Mondial Relay Suivi - Colis.vbs
2018-08-31 16:10 - 2018-08-31 16:10 - 000044064 ____R () C:\Users\Laure\AppData\Roaming\Mondial Relay Suivi - Colis.vbs
2017-06-24 17:09 - 2017-06-24 17:09 - 000000000 _____ () C:\Users\Laure\AppData\Local\{29FAEDF7-B256-4EEA-9BD5-B0CF108FB1D2}
EmptyTemp:
cmd: ipconfig /flushdns