start::
closeprocesses:
createrestorepoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION 
HKU\S-1-5-21-3371586553-771615799-420845039-1001\...\Run: [Chromium] => "c:\users\chloe\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session 
c:\users\chloe\appdata\local\chromium
Task: {119D8CFC-392A-4FD1-A753-F821F37B8CE6} - System32\Tasks\Start WinZip Registry Optimizer with delay for LAPTOP-M5TCSBEU@chloe => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe 
C:\Program Files\WinZip Registry Optimizer
Task: C:\windows\Tasks\Start WinZip Registry Optimizer with delay for LAPTOP-M5TCSBEU@chloe.job => C:\Program Files\WinZip Registry Optimizer\RegistryOptimizer.exe 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_20_06_ssg00鄉1=1鄉2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtBtBtAyEtAzztCyC0F0A0DyD0DyE0CtN0D0Tzu0StBzyyCtCtN1L2XzuyEtFyCtCtFtDtFyCtAtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0DyCtC0A0EtB0BtGyB0A0A0DtG0ByDyEtBtGyE0F0FtDtG0B0D0E0CtD0DtD0EtB0B0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1SyDzy1S1S1S1QtBtG1S1R1SzztGyEzzzzyBtGzyyEzyzytGtCtD1RtCyBtCzytB1O1Q1OtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztCtByDzzyCyEyB%26cr%3D877495953%26a%3Dwsg_dpyqptgki1320egikmoq9ay_20_06_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome 
HKU\S-1-5-21-3371586553-771615799-420845039-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_20_06_ssg00鄉1=1鄉2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtBtBtAyEtAzztCyC0F0A0DyD0DyE0CtN0D0Tzu0StBzyyCtCtN1L2XzuyEtFyCtCtFtDtFyCtAtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0DyCtC0A0EtB0BtGyB0A0A0DtG0ByDyEtBtGyE0F0FtDtG0B0D0E0CtD0DtD0EtB0B0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1SyDzy1S1S1S1QtBtG1S1R1SzztGyEzzzzyBtGzyyEzyzytGtCtD1RtCyBtCzytB1O1Q1OtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztCtByDzzyCyEyB%26cr%3D877495953%26a%3Dwsg_dpyqptgki1320egikmoq9ay_20_06_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_20_06_ssg00鄉1=1鄉2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtBtBtAyEtAzztCyC0F0A0DyD0DyE0CtN0D0Tzu0StBzyyCtCtN1L2XzuyEtFyCtCtFtDtFyCtAtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0DyCtC0A0EtB0BtGyB0A0A0DtG0ByDyEtBtGyE0F0FtDtG0B0D0E0CtD0DtD0EtB0B0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1SyDzy1S1S1S1QtBtG1S1R1SzztGyEzzzzyBtGzyyEzyzytGtCtD1RtCyBtCzytB1O1Q1OtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztCtByDzzyCyEyB%26cr%3D877495953%26a%3Dwsg_dpyqptgki1320egikmoq9ay_20_06_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_20_06_ssg00鄉1=1鄉2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtBtBtAyEtAzztCyC0F0A0DyD0DyE0CtN0D0Tzu0StBzyyCtCtN1L2XzuyEtFyCtCtFtDtFyCtAtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0DyCtC0A0EtB0BtGyB0A0A0DtG0ByDyEtBtGyE0F0FtDtG0B0D0E0CtD0DtD0EtB0B0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1SyDzy1S1S1S1QtBtG1S1R1SzztGyEzzzzyBtGzyyEzyzytGtCtD1RtCyBtCzytB1O1Q1OtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztCtByDzzyCyEyB%26cr%3D877495953%26a%3Dwsg_dpyqptgki1320egikmoq9ay_20_06_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} 
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_20_06_ssg00鄉1=1鄉2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtBtBtAyEtAzztCyC0F0A0DyD0DyE0CtN0D0Tzu0StBzyyCtCtN1L2XzuyEtFyCtCtFtDtFyCtAtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0DyCtC0A0EtB0BtGyB0A0A0DtG0ByDyEtBtGyE0F0FtDtG0B0D0E0CtD0DtD0EtB0B0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1SyDzy1S1S1S1QtBtG1S1R1SzztGyEzzzzyBtGzyyEzyzytGtCtD1RtCyBtCzytB1O1Q1OtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztCtByDzzyCyEyB%26cr%3D877495953%26a%3Dwsg_dpyqptgki1320egikmoq9ay_20_06_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} 
SearchScopes: HKU\S-1-5-21-3371586553-771615799-420845039-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_20_06_ssg00鄉1=1鄉2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtBtBtAyEtAzztCyC0F0A0DyD0DyE0CtN0D0Tzu0StBzyyCtCtN1L2XzuyEtFyCtCtFtDtFyCtAtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0DyCtC0A0EtB0BtGyB0A0A0DtG0ByDyEtBtGyE0F0FtDtG0B0D0E0CtD0DtD0EtB0B0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1SyDzy1S1S1S1QtBtG1S1R1SzztGyEzzzzyBtGzyyEzyzytGtCtD1RtCyBtCzytB1O1Q1OtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztCtByDzzyCyEyB%26cr%3D877495953%26a%3Dwsg_dpyqptgki1320egikmoq9ay_20_06_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3371586553-771615799-420845039-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_20_06_ssg00鄉1=1鄉2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtBtBtAyEtAzztCyC0F0A0DyD0DyE0CtN0D0Tzu0StBzyyCtCtN1L2XzuyEtFyCtCtFtDtFyCtAtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0DyCtC0A0EtB0BtGyB0A0A0DtG0ByDyEtBtGyE0F0FtDtG0B0D0E0CtD0DtD0EtB0B0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1SyDzy1S1S1S1QtBtG1S1R1SzztGyEzzzzyBtGzyyEzyzytGtCtD1RtCyBtCzytB1O1Q1OtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztCtByDzzyCyEyB%26cr%3D877495953%26a%3Dwsg_dpyqptgki1320egikmoq9ay_20_06_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} 
FF Extension: (Search Manager) - C:\Users\chloe\AppData\Roaming\Mozilla\Firefox\Profiles\8pn5v7z8.default-release\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23}.xpi [2020-02-09] [UpdateUrl:hxxps://qupotomu.com/update?x=restype=ffjson] 
CHR HKLM\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKU\S-1-5-21-3371586553-771615799-420845039-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKLM-x32\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd] 
R2 SAntivirusIC; C:\Program Files (x86)\SAntivirus\SAntivirusIC.exe [6997752 2020-01-24] (Digital Communications Inc -> Digital Com. Inc) 
C:\Program Files (x86)\SAntivirus
R2 SAntivirusSvc; C:\Program Files (x86)\SAntivirus\SAntivirusService.exe [155384 2020-02-09] (Digital Communications Inc -> Digital Com. Incorporated) 
R1 SANTIVIRUSKD; C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys [90096 2020-02-09] (Digital Communications Inc. -> Digital Comm. Inc) 
2020-02-10 20:20 - 2020-02-10 20:20 - 000000000 ____D C:\Users\chloe\AppData\Roaming\santivirusclient 
2020-02-09 15:39 - 2020-02-09 16:06 - 000000362 _____ C:\windows\Tasks\Start WinZip Registry Optimizer with delay for LAPTOP-M5TCSBEU@chloe.job
2020-02-09 15:39 - 2020-02-09 15:39 - 000002932 _____ C:\windows\system32\Tasks\Start WinZip Registry Optimizer with delay for LAPTOP-M5TCSBEU@chloe
2020-02-09 15:32 - 2020-02-09 15:41 - 000000000 ____D C:\Users\chloe\AppData\Local\chromium
2020-02-09 15:32 - 2020-02-09 15:32 - 000000000 ____D C:\ProgramData\SAntivirus
2020-02-09 15:32 - 2020-02-09 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2020-02-09 15:31 - 2020-02-14 18:01 - 000000000 ____D C:\Program Files (x86)\SAntivirus 
2020-02-09 15:31 - 2020-02-09 15:31 - 000000000 ____D C:\ProgramData\{05C639FA-2DEE-4182-75B6-69AA9D5EB172}
2020-02-09 15:30 - 2020-02-09 15:34 - 000000000 ____D C:\ProgramData\cddqj 
2020-02-08 20:26 - 2020-02-13 11:28 - 000000000 ____D C:\windows\system32\Tasks\McAfee 
2020-02-08 20:26 - 2020-02-08 20:26 - 000000000 ____D C:\ProgramData\McAfee 
emptytemp:
end::