start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3415481725-3568230493-1299134434-1001\...\Run: [3ZAaa] => rundll32.exe C:\Users\darkman\AppData\Roaming\C2E7.tmp pYT0Znv7fn1ddI
CHR HKLM\SOFTWARE\Policies\Google: Restriction de Stratégie
CHR HKU\S-1-5-21-3415481725-3568230493-1299134434-1001\SOFTWARE\Policies\Google: Restriction de Stratégie
HKU\S-1-5-21-3415481725-3568230493-1299134434-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction de Stratégie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.qone8.com/web/?type=ds&ts=139722935 ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://
www.qone8.com/web/?type=ds&ts=139722935 ... earchTerms}
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://
www.qone8.com/web/?type=ds&ts=139722935 ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://
www.qone8.com/web/?type=ds&ts=139722935 ... earchTerms}
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_tele_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0DyE0EyBtDzyzy0C0CyByEtN0D0Tzu0StCtDtByBtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StD0FyCtDzy0E0FtAtGyCyE0EzztG0FtB0ByDtG0DtD0AtCtGyCtA0E0BzyyE0Czz0BtD0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyByDyC0A0E0D0DtG0D0A0DyDtGyEyC0CtDtG0B0AyBtAtGyEtC0ByBzy0FtA0A0BtD0E0F2Q&cr=229741645&ir=
2015-08-31 17:09 - 2014-10-12 16:57 - 00000000 ____D C:\Windows\AutoKMS
2015-08-30 22:38 - 2014-09-28 13:58 - 00000000 ____D C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\MyPC Backup
C:\Users\darkman\AppData\Roaming\qone8
C:\Users\darkman\AppData\Roaming\C2E7.tmp
Task: {1CD487D3-A738-47D0-8A87-4CDF289BE448} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe
Task: {46181A71-7391-4139-9EB7-A53A8F9B5050} - System32\Tasks\{768F7905-07E2-45E6-9D25-0665494FAAC3} => pcalua.exe -a "C:\Users\darkman\Desktop\Microsoft Office 2007 Pro. Plus FR {+ serial - Windows 2003, XP & Vista}\Microsoft Office 2007 Pro. Plus FR {Windows 2003, XP & Vista}\SETUP.EXE" -d "C:\Users\darkman\Desktop\Microsoft Office 2007 Pro. Plus FR {+ serial - Windows 2003, XP & Vista}\Microsoft Office 2007 Pro. Plus FR {Windows 2003, XP & Vista}"
Task: {6F3B30CC-6130-4D2E-A9AC-1E2FBCC8AE04} - System32\Tasks\{3E12AD24-15C3-46D0-9498-830038C6A37C} => pcalua.exe -a "C:\Users\darkman\AppData\Local\Temp\Rar$EXa0.783\Office 2010 Starter\OStarter\fr-fr\SetupConsumerC2R.exe" -d "C:\Users\darkman\AppData\Local\Temp\Rar$EXa0.783\Office 2010 Starter\OStarter\fr-fr" -c /admin: {991BD187-F35D-4783-AD7C-E2941C130BB1} "C:\Users\darkman\AppData\Roaming\TP\{991BD187-F35D-4783-AD7C-E2941C130BB1}"
Task: {E9DCE619-ACAF-421C-9C70-4ECA6F3F473E} - System32\Tasks\{9044E7AD-3879-42AD-9D8E-5C7CC6EF9B31} => pcalua.exe -a C:\Users\darkman\AppData\Roaming\qone8\UninstallManager.exe -c -ptid=smt
RemoveProxy:
EmptyTemp:
end