CreateRestorepoint: CloseProcesses: ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> Pas de fichier ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier Task: {58E511A1-F3F8-4204-9F11-4837F483BDFB} - System32\Tasks\Opera scheduled Autoupdate 1502986234 => C:\Users\Jacques\AppData\Local\Programs\Opera\launcher.exe FirewallRules: [{A17BB950-0682-48F2-BA83-8CCE60282D2F}] => (Allow) C:\Users\Jacques\AppData\Local\Programs\Opera\47.0.2631.39\opera.exe FirewallRules: [{346EF857-4AFE-4AF7-AC51-D002E43FF449}] => (Allow) C:\Users\Jacques\AppData\Local\Programs\Opera\47.0.2631.55\opera.exe HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-508352234-1840242419-2900643071-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_33¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzz0B0C0DyDtAzzyCtB0EyCtC0CtCtN0D0Tzu0StBtDyDyDtN1L2XzutAtFtBzytFtCtDyEtFyCyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyDzyyCzyzy0DzytGtA0EyC0EtG0DyD0D0DtGyByBtBtDtGzz0A0FyCtB0FtDyCyDyE0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtAyE0DtBtDtAtAtGtC0DtBzytGyE0FyEtBtGzztB0EtDtG0DzytA0AyE0Azyzy0ByEzz0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzztAtB%26cr%3D841725513%26a%3Dwbf_fs_17_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_33¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzz0B0C0DyDtAzzyCtB0EyCtC0CtCtN0D0Tzu0StBtDyDyDtN1L2XzutAtFtBzytFtCtDyEtFyCyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyDzyyCzyzy0DzytGtA0EyC0EtG0DyD0D0DtGyByBtBtDtGzz0A0FyCtB0FtDyCyDyE0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtAyE0DtBtDtAtAtGtC0DtBzytGyE0FyEtBtGzztB0EtDtG0DzytA0AyE0Azyzy0ByEzz0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzztAtB%26cr%3D841725513%26a%3Dwbf_fs_17_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKU\S-1-5-21-508352234-1840242419-2900643071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_33¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDzz0B0C0DyDtAzzyCtB0EyCtC0CtCtN0D0Tzu0StBtDyDyDtN1L2XzutAtFtBzytFtCtDyEtFyCyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyDzyyCzyzy0DzytGtA0EyC0EtG0DyD0D0DtGyByBtBtDtGzz0A0FyCtB0FtDyCyDyE0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtAyE0DtBtDtAtAtGtC0DtBzytGyE0FyEtBtGzztB0EtDtG0DzytA0AyE0Azyzy0ByEzz0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAzztAtB%26cr%3D841725513%26a%3Dwbf_fs_17_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-508352234-1840242419-2900643071-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 SearchScopes: HKU\S-1-5-21-508352234-1840242419-2900643071-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 SearchScopes: HKU\S-1-5-21-508352234-1840242419-2900643071-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=&src=crm&q={searchTerms}&locale= FF Extension: (Avira Browser Safety) - C:\Users\Jacques\AppData\Roaming\Mozilla\Firefox\Profiles\fpI5cgqm.default\Extensions\abs@avira.com [2016-12-22] FF Extension: (Avira SafeSearch Plus) - C:\Users\Jacques\AppData\Roaming\Mozilla\Firefox\Profiles\fpI5cgqm.default\Extensions\safesearchplus2@avira.com [2016-12-22] 2017-08-19 08:08 - 2017-08-19 08:08 - 000000000 ____D C:\Users\Jacques\Downloads\FRST-OlderVersion 2017-08-19 06:59 - 2017-08-19 06:59 - 002854784 _____ C:\Users\Jacques\Downloads\ZHPCleaner.exe 2017-08-19 06:59 - 2017-08-19 06:59 - 000000914 _____ C:\Users\Jacques\Desktop\ZHPCleaner.lnk 2017-08-18 17:02 - 2017-08-18 17:02 - 000000000 ____D C:\ProgramData\kazette 2017-08-18 16:53 - 2017-08-18 16:53 - 000000000 ____D C:\Users\Jacques\Downloads\kazette 2017-08-18 16:48 - 2017-08-18 16:51 - 007047618 _____ C:\Users\Jacques\Downloads\kazette.zip 2017-08-18 16:04 - 2017-08-18 17:14 - 000000000 ____D C:\Users\Jacques\Desktop\Languages 2017-08-18 16:02 - 2017-08-18 16:02 - 000032146 _____ C:\Users\Jacques\Downloads\french.zip 2017-08-18 15:57 - 2017-08-18 15:57 - 003132603 _____ (Igor Pavlov) C:\Users\Jacques\Downloads\Portable_ImgBurn_2.5.8.0.exe 2017-08-17 18:10 - 2017-08-17 18:11 - 000004204 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1502986234 2017-08-17 18:10 - 2017-08-17 18:10 - 000000000 ____D C:\Users\Jacques\AppData\Roaming\Opera Software 2017-08-17 18:10 - 2017-08-17 18:10 - 000000000 ____D C:\Users\Jacques\AppData\Local\Opera Software 2017-08-16 00:31 - 2016-12-22 10:31 - 000000000 ____D C:\ProgramData\Avira Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /V SmartScreenEnabled /T REG_SZ /D RequireAdmin /f cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on emptytemp: