start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
EmptyTemp:
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3919205246-3786329542-1894607016-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3919205246-3786329542-1894607016-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Toolbar: HKU\S-1-5-21-3919205246-3786329542-1894607016-1000 -> Pas de nom - {A057A204-BACC-4D26-969A-2AB983EE729B} - Pas de fichier
Toolbar: HKU\S-1-5-21-3919205246-3786329542-1894607016-1000 -> Pas de nom - {59994074-C06D-4A75-9768-49E5A8C21264} - Pas de fichier
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
FF HKLM\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: (Smiley Bar for Facebook) - C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-02-10] [Legacy] [non signé]
FF HKLM\...\Firefox\Extensions: [OKitSpace@Vittalia.es] - C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\okitspace\Firefox => non trouvé(e)
FF HKU\S-1-5-21-3919205246-3786329542-1894607016-1000\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF HKU\S-1-5-21-3919205246-3786329542-1894607016-1000\...\Firefox\Extensions: [specialsavings@vshsolutions.com] - C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
FF Extension: (Special Savings) - C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2013-02-10] [Legacy] [non signé]
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\system32\npDeployJava1.dll [2012-05-04] (Oracle America, Inc. -> Oracle Corporation
FF Plugin HKU\S-1-5-21-3919205246-3786329542-1894607016-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-3919205246-3786329542-1894607016-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [Pas de fichier]
CHR HKLM\...\Chrome\Extension: [aidbbndgjnlaclnmhkdimcdjiebjpdel] - C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\SpecialSavings\SpecialSavings_2.0.0.crx <non trouvé(e)>
CHR HKLM\...\Chrome\Extension: [bjeikeheijdjdfjbmknpefojickbkmom] - C:\Program Files\OfferBox\OfferBoxChromeExtension.crx <non trouvé(e)>
CHR HKLM\...\Chrome\Extension: [dbknnmebcajacipdbplichlbfjbjamlf] - c:\Facemoi\facemoi_chrome.crx <non trouvé(e)>
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx <non trouvé(e)>
CHR HKLM\...\Chrome\Extension: [hfdldabepacecakhpnhldhpejjfaaidf] - c:\Facemoi\facemoi_chrome.crx <non trouvé(e)>
CHR HKLM\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\StatusWinks\statuswinks.crx <non trouvé(e)>
CHR HKU\S-1-5-21-3919205246-3786329542-1894607016-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [leahdjjpjmnamomgpojikeapflgbmjab] - C:\Users\¤ ... Pauliine ... ¤\AppData\Roaming\cacaoweb\cacaoweb.crx <non trouvé(e)>
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 SIS163u; system32\DRIVERS\sis163u.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
2019-03-03 07:09 - 2019-03-03 07:09 - 000000000 ____D C:\rsit
2019-03-03 07:09 - 2019-03-03 07:09 - 000000000 ____D C:\Program Files\trend micro
2019-03-03 07:04 - 2019-03-03 07:04 - 000000000 ____D C:\824fef9309e76cd6205b51
2019-03-02 23:31 - 2019-03-02 23:33 - 000000000 ____D C:\AdwCleaner
2019-03-02 21:32 - 2019-03-02 21:32 - 000000000 ____D C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2019-03-03 06:46 - 2009-01-04 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LimeWire
2019-03-02 20:02 - 2013-08-30 15:30 - 000000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2019-03-02 19:27 - 2010-03-06 23:20 - 000000000 ____D C:\Users\¤ ... Pauliine ... ¤\AppData\Local\eMule
2019-03-02 19:27 - 2009-02-16 10:03 - 000000000 ____D C:\ProgramData\eMule
Task: {58112AFD-6A94-4EDB-881F-B52F27B4A21F} - \BoxSoftwareUpdate -> Pas de fichier
Task: {5D9F6E37-C21F-4D5A-8A38-BAB15D1B0643} - System32\Tasks\{2F78EC4F-8615-4A1A-BABF-D41DA6A98770} => C:\Windows\system32\pcalua.exe -a "C:\Users\¤ ... Pauliine ... ¤\Downloads\EnjoySetup.exe
Task: {628BC769-E085-4E99-8C59-D379C68177F0} - System32\Tasks\{150190A7-D771-4587-AB2C-5A7F2918116C} => C:\Windows\system32\pcalua.exe -a "c:\users\¤ ... pauliine ... ¤\appdata\local\akkok.bat"
Task: {94BCF7EC-AFBD-4CF3-865A-F579A80046AD} - \Dealply -> Pas de fichier
Task: {C441BC2B-2D32-47CE-9D8B-17CBFB2425B3} - \EPUpdater -> Pas de fichier
Task: {C505FCBF-0665-465B-88E3-310D401C9B80} - System32\Tasks\Install_NSS => C:\Program Files\DivX\Symantec\scstubinstaller.exe
Task: {E24DE3A3-8D0A-4327-911E-A4BEDA448C90} - System32\Tasks\{25D3A667-D311-4B5F-81B2-CD4D258498AD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\EA GAMES\Les Sims 2 Bon Voyage\eauninstall.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7C443348-6E27-4BF5-8427-870028CBCEA0}.job => C:\Windows\system32\msfeedssync.exe
AlternateDataStreams: C:\ProgramData\TEMP:097FF903 [121]
AlternateDataStreams: C:\ProgramData\TEMP:10D98D98 [112]
AlternateDataStreams: C:\ProgramData\TEMP:131C0EE9 [106]
AlternateDataStreams: C:\ProgramData\TEMP:193426B4 [124]
AlternateDataStreams: C:\ProgramData\TEMP:1A4BF204 [121]
AlternateDataStreams: C:\ProgramData\TEMP:2B99FE60 [115]
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54 [118]
AlternateDataStreams: C:\ProgramData\TEMP:4F636E25 [308]
AlternateDataStreams: C:\ProgramData\TEMP:6677D85A [105]
AlternateDataStreams: C:\ProgramData\TEMP:6BD304B9 [104]
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA [123]
AlternateDataStreams: C:\ProgramData\TEMP:71FA8B7F [128]
AlternateDataStreams: C:\ProgramData\TEMP:793F316E [104]
AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB [0]
AlternateDataStreams: C:\ProgramData\TEMP:8173A019 [103]
AlternateDataStreams: C:\ProgramData\TEMP:861A898F [106]
AlternateDataStreams: C:\ProgramData\TEMP:8AB6C1D7 [131]
AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8 [123]
AlternateDataStreams: C:\ProgramData\TEMP:A688EF17 [94]
AlternateDataStreams: C:\ProgramData\TEMP:B623B5B8 [106]
AlternateDataStreams: C:\ProgramData\TEMP:C95B63DA [119]
AlternateDataStreams: C:\ProgramData\TEMP:D2A5A561 [125]
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31 [127]
AlternateDataStreams: C:\ProgramData\TEMP:D4D38596 [110]
AlternateDataStreams: C:\ProgramData\TEMP:DDEB08FD [115]
AlternateDataStreams: C:\ProgramData\TEMP:E36F5B57 [135]
AlternateDataStreams: C:\ProgramData\TEMP:E41267F2 [122]
AlternateDataStreams: C:\ProgramData\TEMP:FEBEC560 [121]
cmd: ipconfig /flushdns
end::