start 
CloseProcesses:
Hosts:
CreateRestorePoint:
HKU\S-1-5-21-1020228189-1379521322-3074993827-1000\...\Run: [Google Update*??<*>] => "C:\Users\henri\AppData\Local\Google\Desktop\Install\{5636d237-b662-2241-e02c-a4a29e9e640b}\???\???\???\{5636d237-b662-2241-e02c-a4a29e9e640b}\GoogleUpdate.exe" > <===== ATTENTION (Nom de valeur avec caractères invalides)
HKU\S-1-5-21-1020228189-1379521322-3074993827-1000\...\Run: [] => [X]
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1020228189-1379521322-3074993827-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1020228189-1379521322-3074993827-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\S-1-5-21-1020228189-1379521322-3074993827-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1020228189-1379521322-3074993827-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKU\S-1-5-21-1020228189-1379521322-3074993827-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
Toolbar: HKU\S-1-5-21-1020228189-1379521322-3074993827-1000 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Pas de fichier
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [Äÿ] - <pas de Path/update_url>
CHR HKU\S-1-5-21-1020228189-1379521322-3074993827-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\henri\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-12-10]
CHR HKU\S-1-5-21-1020228189-1379521322-3074993827-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1020228189-1379521322-3074993827-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - <pas de Path/update_url>
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [Fichier non signé]
S2 UpdaterSvcDealKeeper; "C:\Program Files\Deal Keeper\updater.exe" [X]
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{5636d237-b662-2241-e02c-a4a29e9e640b}\   \...\???\{5636d237-b662-2241-e02c-a4a29e9e640b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [38016 2011-02-18] (ZOOM) [Fichier non signé]
S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
2014-12-02 01:01 - 2014-12-17 02:01 - 0000002 _____ () C:\Users\henri\AppData\Local\DSI.DAT
C:\Users\henri\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
ATTENTION: ====> ZeroAccess. Utiliser DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Utiliser DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
AlternateDataStreams: C:\Program Files\Common Files\System:8twBXkSugEwvwT80XaglLs [2434]
AlternateDataStreams: C:\Program Files\Common Files\System:PWLAoO350L4aEi0s0MVtXzkKT [2508]
AlternateDataStreams: C:\ProgramData\Microsoft:8yuWrhJPWzC9iAcXY1d57JLo [2356]
AlternateDataStreams: C:\ProgramData\Microsoft:m5BcHL8Ir9ybfzgBvlZySJ [2638]
AlternateDataStreams: C:\ProgramData\Microsoft:waIyvzF82R4GlMk8Y [2404]
AlternateDataStreams: C:\ProgramData\Microsoft:WaNr7nA2Z9hgAzL4ctfu [2534]
AlternateDataStreams: C:\ProgramData\Microsoft:y3PKHqdEg1bgi0EFbXj3 [2458]
AlternateDataStreams: C:\ProgramData\PACE:BABA919832B34E95 [217]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [137]
AlternateDataStreams: C:\Users\henri\Cookies:VDFpjjI3mUlXUXXFRaQMh1tg8ZkK [2332]
AlternateDataStreams: C:\Users\henri\AppData\Local\Temp:ItRxSatJo1BXbYehs [2370]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

cmd: netsh reset catalog
EmptyTemp:
end