start CreateRestorePoint: CloseProcesses: Removeproxy: HKU\S-1-5-21-3223543034-1350042610-2698493291-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2016-10-13] () <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ProxyEnable: [.DEFAULT] => Proxy est activé. ProxyServer: [.DEFAULT] => http=127.0.0.1:57408;https=127.0.0.1:57408 SearchScopes: HKU\S-1-5-21-3223543034-1350042610-2698493291-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxps://fr.search.yahoo.com/search?fr=mcafee&type=B011FR642D20131119&p={SearchTerms} DPF: HKLM-x32 {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab FF user.js: detected! => C:\Users\Baud\AppData\Roaming\Mozilla\Firefox\Profiles\xc22j4hn.default\user.js [2017-01-16] S0 nfvjl; System32\drivers\xhmyfxq.sys [X] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> Pas de fichier Task: {0B8B504B-E5B1-4E4B-AEA1-62632276BBD2} - System32\Tasks\{B7289038-B4FC-4576-B49B-99FF3714D4B5} => C:\Windows\system32\pcalua.exe -a C:\Users\Baud\AppData\Local\Temp\jre-8u91-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION Task: {DEAA232D-6871-4E89-BA9F-D3B42D29566E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe IE trusted site: HKU\S-1-5-21-3223543034-1350042610-2698493291-1000\...\microsoft.com -> hxxps://support2.microsoft.com C:\Windows\Installer\b5679dc.msi C:\Users\Baud\AppData\Local\Tempzxpsign0afce01ca7e572f8 C:\Users\Baud\AppData\Local\Tempzxpsign0beca12fd451786c C:\Users\Baud\AppData\Local\Tempzxpsign2f3f42421faaed32 C:\Users\Baud\AppData\Local\Tempzxpsign337d939fb8250d4d C:\Users\Baud\AppData\Local\Tempzxpsign8c44f4e9e14491f2 C:\Users\Baud\AppData\Local\Tempzxpsign91034a63f69121b5 C:\Users\Baud\AppData\Local\Tempzxpsign925a9ac6b9dcee4e C:\Users\Baud\AppData\Local\Tempzxpsignd0f1d87b8ef0bf06 C:\Users\Baud\AppData\Local\Tempzxpsignd365907293662cfd C:\Users\Baud\AppData\Local\Tempzxpsignd9a608cad2b9e0d0 C:\Users\Baud\AppData\Local\Tempzxpsigneaa607181117a7f8 C:\Users\Baud\AppData\Local\Tempzxpsigneb01c004e97fb7d8 C:\Users\Baud\AppData\Local\Tempzxpsignffe4e8a5b9f9d4a6 EmptyTemp: end