Start::
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe
HKU\S-1-5-21-339147177-82562386-1559744225-1001\...\Run: [Chromium] => c:\users\bibi\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors) [Fichier non signé]
HKU\S-1-5-21-339147177-82562386-1559744225-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-06-07] (Lavasoft Software Canada -> Lavasoft)
GroupPolicy: Restriction - Chrome
CHR HKLM\SOFTWARE\Policies\Google: Restriction
Task: {D60E49AC-BD33-4AEC-B783-0F4253E9E2D8} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe
Task: {F24747BE-AC49-4333-BAE5-50D954EDF2A4} - System32\Tasks\Driver Booster SkipUAC (BiBi) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
HKU\S-1-5-21-339147177-82562386-1559744225-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_19_32_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEyC0DyDyBtBzyyEtDyByD0C0DyD0BtN0D0Tzu0StByByByEtN1L2XzuyEtFyDyDtFtDtFyCzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDzy0EtC0FtA0A0FtGyB0FyB0FtG0E0FyB0AtGtDtByBtAtGzz0D0CzzyDyB0AyDyCzz0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyDtA0E0AtAyB0AtGtBtDyDzztGyEtC0EzztGzzyD0F0EtG0EtByEtAyDtAyE0E0FtByC0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyCyDtDzztCyDtByE%26cr%3D558080794%26a%3Dwsg_iorusko0_19_32_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-339147177-82562386-1559744225-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_19_32_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEyC0DyDyBtBzyyEtDyByD0C0DyD0BtN0D0Tzu0StByByByEtN1L2XzuyEtFyDyDtFtDtFyCzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDzy0EtC0FtA0A0FtGyB0FyB0FtG0E0FyB0AtGtDtByBtAtGzz0D0CzzyDyB0AyDyCzz0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyDtA0E0AtAyB0AtGtBtDyDzztGyEtC0EzztGzzyD0F0EtG0EtByEtAyDtAyE0E0FtByC0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyCyDtDzztCyDtByE%26cr%3D558080794%26a%3Dwsg_iorusko0_19_32_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-339147177-82562386-1559744225-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_19_32_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEyC0DyDyBtBzyyEtDyByD0C0DyD0BtN0D0Tzu0StByByByEtN1L2XzuyEtFyDyDtFtDtFyCzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDzy0EtC0FtA0A0FtGyB0FyB0FtG0E0FyB0AtGtDtByBtAtGzz0D0CzzyDyB0AyDyCzz0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyDtA0E0AtAyB0AtGtBtDyDzztGyEtC0EzztGzzyD0F0EtG0EtByEtAyDtAyE0E0FtByC0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyCyDtDzztCyDtByE%26cr%3D558080794%26a%3Dwsg_iorusko0_19_32_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-339147177-82562386-1559744225-1001 -> {7A5A5FC6-BB0F-445B-8800-BD6B6CCD6A4F} URL = hxxps://fr.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Pas de fichier
FF Extension: (Search Manager) - C:\Users\BiBi\AppData\Roaming\Mozilla\Firefox\Profiles\186kw8pb.default-1438157710925-1510947793785\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23}.xpi [2019-08-06] [UpdateUrl:hxxps://qupotomu.com/update?x=restype=ffjson]
FF SearchPlugin: C:\Users\BiBi\AppData\Roaming\Mozilla\Firefox\Profiles\186kw8pb.default-1438157710925-1510947793785\searchplugins\bing-lavasoft-ff59.xml [2018-06-07]
CHR HKLM\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-339147177-82562386-1559744225-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd] - hxxps://clients2.google.com/service/update2/crx
S2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4472936 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
S2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [249448 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
S1 SEGURAZOKD; C:\Program Files (x86)\Segurazo\SegurazoKD.sys [84256 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc)
2019-08-06 10:53 - 2019-08-06 10:53 - 000002054 _____ C:\Users\BiBi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Powered by Yahoo!.lnk
2019-08-06 10:53 - 2019-08-06 10:53 - 000000000 ____D C:\Users\BiBi\AppData\Roaming\segurazoclient
2019-08-06 10:52 - 2019-08-07 17:23 - 000000000 ____D C:\Program Files (x86)\Segurazo
2019-08-06 10:52 - 2019-08-06 10:54 - 000000000 ____D C:\Users\BiBi\AppData\Local\{93F1A5AD-B759-C915-DAC1-ECFDFEA91065}
2019-08-06 10:52 - 2019-08-06 10:53 - 000000000 ____D C:\ProgramData\{95D1A9ED-BDF9-D195-E5A1-F9BD0D492165}
2019-08-06 10:52 - 2019-08-06 10:52 - 000001395 _____ C:\Users\BiBi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk
2019-08-06 10:52 - 2019-08-06 10:52 - 000000000 ____D C:\ProgramData\Segurazo
2019-08-06 10:51 - 2019-08-06 10:54 - 000000000 ____D C:\ProgramData\jjadi
C:\Program Files (x86)\DriverToolkit
C:\Program Files (x86)\IObit
C:\Program Files (x86)\Lavasoft
c:\users\bibi\appdata\local\chromium
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
AlternateDataStreams: C:\ProgramData\Temp:77846FFE [140]
EmptyTemp:
End::