CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction <==== ATTENTION CHR DefaultSearchURL: Default -> hxxp://securedsearch.xyz/{searchTerms} [Pays US - 50.19.248.156] CHR Extension: (Secured Search) - C:\Users\malou_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic [2018-01-18] CHR HKLM\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-638809295-1795811834-764547888-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-638809295-1795811834-764547888-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ilnidodcffjfecahcfiihlhiohnaobic] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-638809295-1795811834-764547888-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR DefaultSearchKeyword: Default -> sse CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms} [Pays US - 50.19.248.156] SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-638809295-1795811834-764547888-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Homepage: Mozilla\Firefox\Profiles\hhaoibqg.default-1518519649369 -> hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_52¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0EtBtAtD0CyBzytCtByBtCtDtC0BtN0D0Tzu0StBtCzytCtN1L2XzuyEtFtBtCtFtDtFyDtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtA0CzyyD0FyEyBtGyEzz0CtBtGtA0CyC0DtGtA0EyDyBtG0ByDtAtDtBtB0A0B0C0D0FyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyCtBtCyBtB0AtG0F0F0ByDtGyEtA0AyBtGzytDyC0CtGzyyDyB0CyByByB0E0FyEzztB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtCyEyBtAtBtAtBtB%26cr%3D458315993%26a%3Dwbf_ir_17_52%26os_ver%3D6.3%26os%3DWindows%2B8.1 FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Pas de fichier] FirewallRules: [{344002B2-F870-4F5A-A0C5-85C83584978D}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{297A4776-A6AB-493E-A268-DE0AEC4A31EF}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe C:\Program Files (x86)\Popcorn Time Task: {ADCA7188-BF32-49F4-BE5F-7EBC9900E596} - System32\Tasks\{7186D355-6D1B-4B47-B635-60A182C40E77} => C:\users\MALOU_~1\appdata\roaming\{302F0~1\sync.exe <==== ATTENTION Task: C:\Windows\Tasks\{7186D355-6D1B-4B47-B635-60A182C40E77}.job => C:\users\MALOU_~1\appdata\roaming\{302F0~1\sync.exe <==== ATTENTION Task: {8FB1658B-9F96-432D-9608-495C59E891EB} - System32\Tasks\ESTsoft RunAsStdUser 725095484Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe C:\Program Files (x86)\ESTsoft C:\Windows\Tasks\{7186D355-6D1B-4B47-B635-60A182C40E77}.job Shortcut: C:\Users\malou_000\Desktop\Chromium.lnk -> C:\Users\malou_000\AppData\Local\chromium\Application\chrome.exe (Pas de fichier) Shortcut: C:\Users\malou_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk -> C:\Users\malou_000\AppData\Local\chromium\Application\chrome.exe (Pas de fichier) Shortcut: C:\Users\malou_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk -> C:\Users\malou_000\AppData\Local\chromium\Application\chrome.exe (Pas de fichier) HKU\S-1-5-21-638809295-1795811834-764547888-1001\...\MountPoints2: {331738c8-50db-11e7-829d-40e230c79126} - "D:\HiSuiteDownLoader.exe" HKU\S-1-5-21-638809295-1795811834-764547888-1001\...\MountPoints2: {5a3b5930-ccfd-11e6-8291-086266536167} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-638809295-1795811834-764547888-1001\...\MountPoints2: {5db5f434-a873-11e7-82af-40e230c79126} - "D:\HiSuiteDownLoader.exe" HKU\S-1-5-21-638809295-1795811834-764547888-1001\...\MountPoints2: {96e36f8b-1e00-11e5-8268-40e230c79126} - "D:\SETUP.EXE" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" Reg: reg delete HKU\S-1-5-21-638809295-1795811834-764547888-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run "Chromium" /f S3 BT; \SystemRoot\system32\DRIVERS\btnetdrv.sys [X] S3 BTCOM; \SystemRoot\system32\DRIVERS\btcomport.sys [X] S3 dbx; system32\DRIVERS\dbx.sys [X] S3 IvtComBusSrv; \SystemRoot\System32\Drivers\btcombus.sys [X] U0 msahci; system32\drivers\msahci.sys [X] U4 nxfs; pas de ImagePath U4 nxpcap; pas de ImagePath U4 nxsshd; pas de ImagePath U4 nxusbd; pas de ImagePath U4 nxusbh; pas de ImagePath U4 nxusbs; pas de ImagePath LastRegBack: 2018-02-23 03:46 cmd: ipconfig /flushdns cmd: dism.exe /online /cleanup-image /restorehealth Hosts: EmptyTemp: RemoveProxy: Reboot: