start:: CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-266307271-186719744-3698087808-1001\...\Run: [Chromium] => "c:\users\compte intermédiaire\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session Task: {3022D2AB-37F1-4397-BF25-BD8528633048} - System32\Tasks\ChromiumUpdateTaskMachineUA => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe <==== ATTENTION Task: {47D99F18-0B4F-4800-A311-C06471AD87AB} - System32\Tasks\ChromiumUpdateTaskMachineCore => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe <==== ATTENTION Task: {AA91AF4A-FC36-4752-8446-0EF600CF4648} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ch.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dch%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtB0EtAyB0A0C0C0EtBtD0FtAzz0B0EtN0D0Tzu0StBzytBzztN1L2XzuyEtFyDzytFtDtFzyyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StByCyD0C0EyC0CyCtGyDtAzz0EtGtD0A0C0AtGtD0DyDtCtGyCzztCyDtBzz0E0EtC0EyC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1OtCtCtA1Ozy1OtGyC1RtB1OtGyE1TzzyCtGzztB1P1PtGzytBtByDzz1QtCzz1TtBzy1O2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBzzyEtBtCyEtDtC%26cr%3D1857542290%26a%3Dwbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKU\S-1-5-21-266307271-186719744-3698087808-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ch.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dch%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtB0EtAyB0A0C0C0EtBtD0FtAzz0B0EtN0D0Tzu0StBzytBzztN1L2XzuyEtFyDzytFtDtFzyyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StByCyD0C0EyC0CyCtGyDtAzz0EtGtD0A0C0AtGtD0DyDtCtGyCzztCyDtBzz0E0EtC0EyC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1OtCtCtA1Ozy1OtGyC1RtB1OtGyE1TzzyCtGzztB1P1PtGzytBtByDzz1QtCzz1TtBzy1O2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBzzyEtBtCyEtDtC%26cr%3D1857542290%26a%3Dwbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ch.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dch%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtB0EtAyB0A0C0C0EtBtD0FtAzz0B0EtN0D0Tzu0StBzytBzztN1L2XzuyEtFyDzytFtDtFzyyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StByCyD0C0EyC0CyCtGyDtAzz0EtGtD0A0C0AtGtD0DyDtCtGyCzztCyDtBzz0E0EtC0EyC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1OtCtCtA1Ozy1OtGyC1RtB1OtGyE1TzzyCtGzztB1P1PtGzytBtByDzz1QtCzz1TtBzy1O2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBzzyEtBtCyEtDtC%26cr%3D1857542290%26a%3Dwbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ch.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dch%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtB0EtAyB0A0C0C0EtBtD0FtAzz0B0EtN0D0Tzu0StBzytBzztN1L2XzuyEtFyDzytFtDtFzyyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StByCyD0C0EyC0CyCtGyDtAzz0EtGtD0A0C0AtGtD0DyDtCtGyCzztCyDtBzz0E0EtC0EyC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1OtCtCtA1Ozy1OtGyC1RtB1OtGyE1TzzyCtGzztB1P1PtGzytBtByDzz1QtCzz1TtBzy1O2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBzzyEtBtCyEtDtC%26cr%3D1857542290%26a%3Dwbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ch.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dch%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtB0EtAyB0A0C0C0EtBtD0FtAzz0B0EtN0D0Tzu0StBzytBzztN1L2XzuyEtFyDzytFtDtFzyyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StByCyD0C0EyC0CyCtGyDtAzz0EtGtD0A0C0AtGtD0DyDtCtGyCzztCyDtBzz0E0EtC0EyC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1OtCtCtA1Ozy1OtGyC1RtB1OtGyE1TzzyCtGzztB1P1PtGzytBtByDzz1QtCzz1TtBzy1O2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBzzyEtBtCyEtDtC%26cr%3D1857542290%26a%3Dwbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ch.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dch%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtB0EtAyB0A0C0C0EtBtD0FtAzz0B0EtN0D0Tzu0StBzytBzztN1L2XzuyEtFyDzytFtDtFzyyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StByCyD0C0EyC0CyCtGyDtAzz0EtGtD0A0C0AtGtD0DyDtCtGyCzztCyDtBzz0E0EtC0EyC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1OtCtCtA1Ozy1OtGyC1RtB1OtGyE1TzzyCtGzztB1P1PtGzytBtByDzz1QtCzz1TtBzy1O2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBzzyEtBtCyEtDtC%26cr%3D1857542290%26a%3Dwbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-266307271-186719744-3698087808-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ch.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dch%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtB0EtAyB0A0C0C0EtBtD0FtAzz0B0EtN0D0Tzu0StBzytBzztN1L2XzuyEtFyDzytFtDtFzyyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StByCyD0C0EyC0CyCtGyDtAzz0EtGtD0A0C0AtGtD0DyDtCtGyCzztCyDtBzz0E0EtC0EyC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1OtCtCtA1Ozy1OtGyC1RtB1OtGyE1TzzyCtGzztB1P1PtGzytBtByDzz1QtCzz1TtBzy1O2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBzzyEtBtCyEtDtC%26cr%3D1857542290%26a%3Dwbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-266307271-186719744-3698087808-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ch.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dch%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtB0EtAyB0A0C0C0EtBtD0FtAzz0B0EtN0D0Tzu0StBzytBzztN1L2XzuyEtFyDzytFtDtFzyyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StByCyD0C0EyC0CyCtGyDtAzz0EtGtD0A0C0AtGtD0DyDtCtGyCzztCyDtBzz0E0EtC0EyC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1OtCtCtA1Ozy1OtGyC1RtB1OtGyE1TzzyCtGzztB1P1PtGzytBtByDzz1QtCzz1TtBzy1O2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBzzyEtBtCyEtDtC%26cr%3D1857542290%26a%3Dwbf_bjiqs279bdfhjvqgikmoqs1f_20_02_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [Pas de fichier] FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [Pas de fichier] CHR Extension: (Search Manager) - C:\Users\Compte intermédiaire\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoagceacaklimpcejjofabngcjkebfg [2020-01-07] CHR HKU\S-1-5-21-266307271-186719744-3698087808-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg] CHR HKU\S-1-5-21-266307271-186719744-3698087808-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael] CHR HKLM-x32\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg] CHR HKLM-x32\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael] S2 ByteFenceService; "C:\Program Files\ByteFence\ByteFenceService.exe" [X] <==== ATTENTION S2 chromium; "C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe" /svc [X] <==== ATTENTION S3 chromiumm; "C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe" /medsvc [X] <==== ATTENTION S2 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X] <==== ATTENTION U3 aspnet_state; pas de ImagePath S3 mfeavfk01; \Device\mfeavfk01.sys [X] AV: Protection antivirus et antispyware McAfee (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} FW: Pare-feu McAfee (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} HKU\S-1-5-21-266307271-186719744-3698087808-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_41DA23B371EF76DC2A17A39FCE899CE0" HKU\S-1-5-21-266307271-186719744-3698087808-1001\...\StartupApproved\Run: => "Chromium" Hosts: EmptyTemp: end::