CreateRestorePoint: CloseProcesses: HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) [Fichier non signé] HKLM\...\Run: [fst_fr_94] => [X] C:\Program Files\QuickTime HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-85662379-2031076083-3301479797-1000\...\Winlogon: [Shell] - <==== ATTENTION HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] -> GroupPolicy: Restriction - Chrome <==== ATTENTION Task: {33C1E661-22E4-4AE4-A97D-F0C6F315D9C1} - \free ven-updater -> Pas de fichier <==== ATTENTION Task: {3A42A05D-40D6-4EC3-AA71-E6537A9388B1} - System32\Tasks\Start WinZip Registry Optimizer Schedule => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [27698984 2020-01-13] (Corel Corporation -> Corel Corporation) Task: {3CEFA937-8D7D-4DC2-878E-BA879D34CC93} - \free ven-codedownloader -> Pas de fichier <==== ATTENTION Task: {80BF888E-8E27-4F71-96C5-7AED3103B7A9} - System32\Tasks\Start WinZip Registry Optimizer Update => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [27698984 2020-01-13] (Corel Corporation -> Corel Corporation) Task: {B40D3405-B148-4A4C-BCF5-B10F491FC0EF} - Accès refusé. Task: {DD903688-839F-4E29-B9B3-17B30682C345} - \PCHelpers_period -> Pas de fichier <==== ATTENTION Task: {EF779A45-FD6F-46F1-9CBD-A4B10AD5D3F9} - System32\Tasks\Start WinZip Registry Optimizer for PCHEZOUG@Yann(logon) => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe [27698984 2020-01-13] (Corel Corporation -> Corel Corporation) Task: C:\Windows\Tasks\bench-Updater removing.job => /verysilentSYSTEMThis will uninstall Updater 00 <==== ATTENTION Task: C:\Windows\Tasks\Start WinZip Registry Optimizer for PCHEZOUG@Yann(logon).job => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1208&m=aspire_7730zg SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=FR&userid=4bf35ff6-62f0-4d8b-79db-3cc2c1256ea9&searchtype=ds&q={searchTerms}&installDate=19/02/2014 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1395592020&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908R5M3205M320&q={searchTerms} SearchScopes: HKU\S-1-5-21-85662379-2031076083-3301479797-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=FR&userid=4bf35ff6-62f0-4d8b-79db-3cc2c1256ea9&searchtype=ds&q={searchTerms}&installDate=19/02/2014 BHO: Pas de nom -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> Pas de fichier BHO: Pas de nom -> {4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} -> Pas de fichier BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> BHO: Pas de nom -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> Pas de fichier BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll [2010-05-25] (Yahoo! Inc. -> Yahoo! Inc) [Fichier non signé] Toolbar: HKLM - Pas de nom - {0BF43445-2F28-4351-9252-17FE6E806AA0} - Pas de fichier Toolbar: HKLM - Pas de nom - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Pas de fichier Toolbar: HKLM - Pas de nom - {ae07101b-46d4-4a98-af68-0333ea26e113} - Pas de fichier Toolbar: HKU\S-1-5-21-85662379-2031076083-3301479797-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=sc&from=adks&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908R5M3205M320&ts=1379426278 FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Yann\AppData\Roaming\Mozilla\Firefox\Profiles\ftpu4xm4.default-1541440038372\Extensions\sp@avast.com.xpi [2019-11-19] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json] CHR HKLM\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Yann\AppData\Roaming\SpeedanAlysis\speedanalysis.crx CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Yann\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx CHR HKLM\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\Yann\AppData\Roaming\PlusWinks\pluswinks.crx [2013-03-20] CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Yann\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx S3 cpuz134; \??\C:\Users\Yann\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] <==== ATTENTION S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] 2020-04-10 12:10 - 2020-04-10 12:11 - 000000000 ____D C:\Users\Yann\AppData\Local\Discord 2020-04-10 12:09 - 2020-04-10 12:09 - 050899640 _____ (Hammer & Chisel, Inc.) C:\Users\Yann\Downloads\DiscordSetup_322903.exe 2020-04-08 11:28 - 2020-04-08 11:29 - 062620472 _____ (Discord Inc.) C:\Users\Yann\Downloads\DiscordSetup (1).exe 2020-04-08 11:25 - 2020-04-08 11:25 - 062620472 _____ (Discord Inc.) C:\Users\Yann\Downloads\DiscordSetup.exe 2020-03-31 11:05 - 2020-03-31 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2020-03-31 11:04 - 2020-03-31 11:04 - 000003448 _____ C:\Windows\system32\Tasks\Start WinZip Registry Optimizer Schedule 2020-03-31 11:04 - 2020-03-31 11:04 - 000003380 _____ C:\Windows\system32\Tasks\Start WinZip Registry Optimizer Update C:\Program Files\WinZip Registry Optimizer 2020-03-31 18:30 - 2019-10-14 10:41 - 000000352 _____ C:\Windows\Tasks\Start WinZip Registry Optimizer for PCHEZOUG@Yann(logon).job 2020-03-31 11:05 - 2019-10-14 10:41 - 000002642 _____ C:\Windows\system32\Tasks\Start WinZip Registry Optimizer for PCHEZOUG@Yann(logon) 2020-03-31 11:03 - 2019-10-14 10:41 - 000000000 ____D C:\Program Files\WinZip Registry Optimizer FCheck: C:\Windows\TLCUninstall.exe [2002-06-13] <==== ATTENTION (zéro octet Fichier/Dossier) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118] AlternateDataStreams: C:\Users\Yann\Downloads\09012da680040981_16x9_bb.asx:TOC.WMV [130] AlternateDataStreams: C:\Users\Yann\Downloads\an-tri-forban.mp4:TOC.WMV [130] AlternateDataStreams: C:\Users\Yann\Downloads\ar_groufalo.mp4:TOC.WMV [130] AlternateDataStreams: C:\Users\Yann\Downloads\IMG_1040.MOV:TOC.WMV [130] AlternateDataStreams: C:\Users\Yann\Downloads\pron_sounds.mp4:TOC.WMV [130] MSCONFIG\startupreg: RegistryBooster => "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 Shortcut: C:\ProgramData\Microsoft\Windows Defender\Software Explorers\Disabled Startup Folder Items\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Pas de fichier) C:\Program Files\McAfee Security Scan StartRegedit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" "USERINIT"="C:\\Windows\\System32\\userinit.exe," [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" "Userinit"="C:\\Windows\\system32\\userinit.exe," [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command] ""=""%1" %*" EndRegedit: CMD: cscript %windir%\System32\slmgr.vbs /dli Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\{57752979-A1C9-4C02-856B-FBB27AC4E02C}" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57752979-A1C9-4C02-856B-FBB27AC4E02C}" /f Reg: reg delete "HKEY_USERS\S-1-5-21-85662379-2031076083-3301479797-1000\Software\Discord" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo! Software Update" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo! Toolbar" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discord" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Software Update" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar" /f Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V Enable /T REG_SZ /D n /f Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V OptimizeComplete /T REG_SZ /D no /f Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V PowerdownAfterShutdown /T REG_SZ /D 1 /f Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V ClearPageFileAtShutdown /T REG_DWORD /D 0 /f Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 400 /f Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V WaitToKillAppTimeout /T REG_SZ /D 1200 /f Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V HungAppTimeout /T REG_SZ /D 1200 /f Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V AutoEndTasks /T REG_SZ /D 1 /f Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillServiceTimeout /T REG_SZ /D 1200 /f CMD: netsh winsock reset c:\windows\temp\*.* C:\Users\CurrentUserName\AppData\Local\Temp\*.* C:\Windows\SoftwareDistribution\Download\ * EmptyTemp: