start:: closeprocesses: createrestorepoint: HKU\S-1-5-21-2823344003-3360912074-269661184-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.yahoo.com/?fr=fes_yfp_chr_nt_yfp3&type=wsg_infr0srvimo2_20_25_ssg97 SearchScopes: HKU\S-1-5-21-2823344003-3360912074-269661184-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_infr0srvimo2_20_25_ssg97¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAyB0B0C0EzyyB0CyD0CtN0D0Tzu0StAtDzytDtN1L2XzuyEtFyCtCtFtDtFtBtCyCtN1L1Czu1ByE1VtBtN1L1G1B1V1N2Y1L1Qzu2SyEyEtC0CtCyB0BtDtGyEyDzytBtGtCtBzz0EtGtAyDtB0FtGyD0EyD0AyEtCyC0B0CtA0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1PtByCyD1R1QtAtBtGtD1RtC1QtGyEzz1QyCtGzzyCtD1QtG1TyD1RtC1PtA1OyB1OyC1Qzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByCyEyDzztN1Q2Z1B1P1RzutCyDzytBtAzyyEzyyEtC%26cr%3D1758064950%26a%3Dwsg_infr0srvimo2_20_25_ssg97%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-2823344003-3360912074-269661184-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101418-A5AF4E3D53C&form=CONBDF&conlogo=CT3335878&q={searchTerms} SearchScopes: HKU\S-1-5-21-2823344003-3360912074-269661184-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_infr0srvimo2_20_25_ssg97¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAyB0B0C0EzyyB0CyD0CtN0D0Tzu0StAtDzytDtN1L2XzuyEtFyCtCtFtDtFtBtCyCtN1L1Czu1ByE1VtBtN1L1G1B1V1N2Y1L1Qzu2SyEyEtC0CtCyB0BtDtGyEyDzytBtGtCtBzz0EtGtAyDtB0FtGyD0EyD0AyEtCyC0B0CtA0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1PtByCyD1R1QtAtBtGtD1RtC1QtGyEzz1QyCtGzzyCtD1QtG1TyD1RtC1PtA1OyB1OyC1Qzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByCyEyDzztN1Q2Z1B1P1RzutCyDzytBtAzyyEzyyEtC%26cr%3D1758064950%26a%3Dwsg_infr0srvimo2_20_25_ssg97%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} IE trusted site: HKU\S-1-5-21-2823344003-3360912074-269661184-1001\...\webcompanion.com -> hxxp://webcompanion.com HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {10684CCE-9A00-404A-888E-EDB7CC3493FA} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION Task: {27A51122-38D2-4090-A98C-D77405035B26} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION Task: {6E967BC3-5436-4518-8E4A-B68B5A0EA01D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION Task: {7F3D66AF-3766-4CFC-8C4C-FB25C6D12AFC} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION ProxyEnable: [S-1-5-21-2823344003-3360912074-269661184-1001] => Proxy est activé. Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] Edge StartupUrls: Default -> "hxxps://fr.search.yahoo.com/yhs/web?hspart=ner&hsimp=yhs-001&type=aee_84d015defd161c9282¶m1=ArFaIWxoNqArQGMVADwgQGR7B7NoN9InxrFbMmYsQGMVw7ofB6poNqAqAXFaIWQBvmE4ICILNopcGWUIvmE3vCIVwVRdJmIYvFE9JCoXNVRdJaYUvmo4JqYWvFJdJ6ILNVJdESk8NUM9JCIVvmo9ISILNFdbDSk8vFE9ImoWwVM9ImIVwVA9JmIWvFM9GqUNNFM3wGUXvFFcEmIXwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUvFE9JaYWwVM4JqYXwVI9I6oUvFI3vCIXwVw9J6IXvmldICISwVU4ISIXNVA9I6oVNVE4IWYYvFE9J6oWNVRdJ6IYNVM4JaQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGNEY9JmoWvFJcFqUIwVU9JmISwVJcFmIWNEU9I6oUvmlcFCoWwVw3vmoWwVJcFCISNEI4IWUHwVNcFSIYNF04JqUKvFNcFCk3NoU9GqYYNVc3wCoUwV5cJqQzNEBcEWUGNF43wCIXvFM4ICoVvmk9GqUINolcJqUJNEQ3wCIWvFI3vCIXwVU3vCoUvmo4ICIWQGR7B6RoN9JcMaF5NWB9LGFdQGR7BHFaISopzU0aCaV4CaN5C6EdAU0oA78dxmYuNWYuNWZoNqAex807ACRoN9JcNX5dQGR7y6NoN9ICzD4py6waQGQXNGZoNpQRy78o¶m2=LWt5MWB5NqJa" CHR HKLM\...\Chrome\Extension: [bnlfgalbnliphjafcnhjnnnfijekbnod] CHR HKLM\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng] CHR HKU\S-1-5-21-2823344003-3360912074-269661184-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnlfgalbnliphjafcnhjnnnfijekbnod] CHR HKU\S-1-5-21-2823344003-3360912074-269661184-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng] CHR HKLM-x32\...\Chrome\Extension: [bnlfgalbnliphjafcnhjnnnfijekbnod] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] CHR HKLM-x32\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng] CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] C:\WINDOWS\system32\winrmsrv.exe C:\WINDOWS\system32\winlogui.exe emptytemp: end::