start 
CloseProcesses:
CreateRestorePoint:
(WeatherMan) C:\Users\William\AppData\Roaming\Interstat\interstat.exe
C:\Users\William\AppData\Roaming\Interstat\interstat.exe
HKU\S-1-5-21-4285790971-1908394238-1679096368-1002\...\Run: [cacaoweb] => C:\Users\William\AppData\Roaming\cacaoweb\cacaoweb.exe [535856 2015-08-24] ()
HKU\S-1-5-21-4285790971-1908394238-1679096368-1002\...\Run: [Interstat] => C:\Users\William\AppData\Roaming\Interstat\interstat.exe [3708416 2016-04-02] (WeatherMan)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4285790971-1908394238-1679096368-1002 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=39d97a1bbc5dfefb8598946ffc06ed9d&c=p1&src=hp&inst=1459773312"
Task: {1541D0AE-5594-48B7-8516-88A0B3471A74} - System32\Tasks\Upload Service Job => C:\Program Files (x86)\Upload Service\UploadService.exe [2016-04-02] () <==== ATTENTION
Task: {56B554F5-CD42-4359-9D03-6CAAE4C13A43} - System32\Tasks\Better Updater => C:\Users\William\AppData\Roaming\Better Updater\Better Updater.exe [2016-03-28] () <==== ATTENTION
Task: {684C203B-BEB7-45D6-8983-D0E791FB3341} - \AutoKMS -> Pas de fichier <==== ATTENTION
HKU\S-1-5-21-4285790971-1908394238-1679096368-1002\...\StartupApproved\Run: => "cacaoweb"
FirewallRules: [TCP Query User{26A43271-701E-477B-B0B7-0C88BB99BA34}C:\users\william\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\william\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [UDP Query User{9FB232D0-1895-4E50-9D95-3A78B6B729B7}C:\users\william\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\william\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [{F2BDE219-8B77-4228-AF52-C72B055C32CD}] => (Block) C:\users\william\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [{E84C2CCD-95D7-4F79-BED0-DD97C26EC8E8}] => (Block) C:\users\william\appdata\roaming\cacaoweb\cacaoweb.exe


EmptyTemp:
end