start::
CreateRestorePoint:
CloseProcesses:
Hosts:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-4133315212-2110482678-122533120-1124\User: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {567F818C-67BB-4221-9CA3-0E0586F85344} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {5E899BB1-F8F4-4270-9428-E32EBDE92EFB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {65676CB6-E055-4561-ADB7-B9583727EA9E} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {6D722C4F-0596-43DC-AA67-5BFBD8653713} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
C:\Program Files\AVAST Software
C:\Program Files (x86)\Lavasoft
C:\PROGRA~2\AD-AWA~1
C:\Program Files (x86)\Spybot - Search & Destroy 2
Task: {89483E5C-8BB8-408A-B5B0-C59FECE33FA6} - System32\Tasks\{069E07E8-D7BC-4809-B518-3C7EBA0E20A9} => C:\Windows\system32\pcalua.exe -a C:\Users\Caro\AppData\Local\Temp\Temp1_Microsoft.Money.2005.Fr.by.eMule-Paradise.com.zip\install.exe <==== ATTENTION
Task: {BF2AAE49-EB8B-4536-BDDF-E4520C81296F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Caro\Desktop\Maintenance PC\adwcleaner_7.2.2.exe
Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4133315212-2110482678-122533120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A562700C-7E00-47D1-944B-AB22B6F57737} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {A562700C-7E00-47D1-944B-AB22B6F57737} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4133315212-2110482678-122533120-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-01-27] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-01-27] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-01-27] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-01-27] (Bitdefender SRL -> Bitdefender)
oolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Pas de fichier
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-01-27] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-01-27] (Bitdefender SRL -> Bitdefender)
Toolbar: HKU\S-1-5-21-4133315212-2110482678-122533120-1001 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Pas de fichier
FF Extension: (IBM Security Rapport) - C:\Users\Caro\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2020-04-20] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (IBM Security Rapport) - C:\Users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\96dzqp2p.default-1408373369887-1587378343284\Extensions\rapportext@trusteer.com.xpi [2020-04-20] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-02-27] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-03-02] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-03-02] [] [non signé]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => non trouvé(e)
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @agconcept/alinea3ddressing -> C:\Program Files (x86)\Alinéa\Dressing\\NPAlinea3DDressing.dll [Pas de fichier]
C:\Program Files (x86)\Common Files\McAfee
FF Plugin HKU\S-1-5-21-4133315212-2110482678-122533120-1001: @squareclock.com/SQ3DPlayer_Production_Castorama_Dressing_Internet -> C:\Users\Caro\AppData\Local\SquareClock.Production_Castorama_Dressing_Internet\NPSQ3D.dll [Pas de fichier]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKU\S-1-5-21-4133315212-2110482678-122533120-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]
S4 MBAMInstallerService; C:\Users\Caro\AppData\Local\Temp\MBAMInstallerService.exe [6009816 2020-04-20] (Malwarebytes Inc -> Malwarebytes) <==== ATTENTION
S4 0086221420386462mcinstcleanup; C:\Users\Caro\AppData\Local\Temp\008622~1.EXE -cleanup -nolog [X] <==== ATTENTION
S4 adawareantivirusservice; "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.2.889.11556\AdAwareService.exe" [X]
S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\aswidsagent.exe" [X]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc [X]
R3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [48624 2019-12-16] (AnchorFree Inc -> The OpenVPN Project)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37856 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [206120 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [234776 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [178968 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60696 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42984 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175920 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [500960 2020-04-20] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109480 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85056 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851808 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [459408 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [235696 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [317280 2020-04-14] (Avast Software s.r.o. -> AVAST Software)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
2020-04-22 22:54 - 2020-04-22 22:54 - 003299200 _____ (Nicolas Coolman) C:\Users\Caro\ZHPCleaner.exe
2020-04-21 16:02 - 2020-04-21 16:02 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2020-04-21 15:42 - 2020-04-21 15:46 - 022267336 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup565 (1).exe
2020-04-21 12:38 - 2020-04-21 12:38 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
2020-04-21 12:38 - 2020-04-14 19:37 - 000337048 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-04-21 12:00 - 2020-04-21 12:00 - 000230080 _____ (AVAST Software) C:\Users\Caro\Downloads\avast_free_antivirus_setup_online (1).exe
2020-04-21 11:06 - 2020-04-22 22:48 - 000294863 _____ C:\Users\Caro\Desktop\ZHPDiag.txt
2020-04-21 10:41 - 2020-04-21 10:41 - 000000783 _____ C:\Users\Caro\Desktop\ZHPDiag.lnk
2020-04-21 10:40 - 2020-04-21 10:40 - 003276160 _____ (Nicolas Coolman) C:\Users\Caro\Downloads\ZHPDiag3.exe
2020-04-21 10:36 - 2020-04-22 22:12 - 000301908 _____ C:\Users\Caro\Desktop\ZHPCleaner (R).txt
2020-04-21 10:01 - 2020-04-22 22:09 - 000304800 _____ C:\Users\Caro\Desktop\ZHPCleaner (S).txt
2020-04-21 09:41 - 2020-04-23 14:16 - 000000000 ____D C:\Users\Caro\AppData\Roaming\ZHP
2020-04-21 09:41 - 2020-04-22 22:54 - 000000636 _____ C:\Users\Caro\Desktop\ZHPCleaner.lnk
2020-04-21 09:41 - 2020-04-21 10:41 - 000000000 ____D C:\Users\Caro\AppData\Local\ZHP
2020-04-21 09:41 - 2020-04-21 09:41 - 003297152 _____ (Nicolas Coolman) C:\Users\Caro\Downloads\ZHPCleaner.exe
2020-04-20 19:01 - 2020-04-20 19:02 - 022267336 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup565(2).exe
2020-04-20 18:51 - 2020-04-20 18:51 - 000000000 ____D C:\ProgramData\adaware
2020-04-20 18:43 - 2020-04-20 18:43 - 022267336 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup565(1).exe
2020-04-20 15:08 - 2020-04-20 15:08 - 000000312 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2020-04-20 09:24 - 2020-04-20 09:24 - 000001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2020-03-28 19:57 - 2020-03-28 19:58 - 022267336 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup565.exe
2020-04-21 12:49 - 2019-03-19 04:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2020-04-21 12:49 - 2013-03-07 08:20 - 000000000 ____D C:\Program Files\AVAST Software
2020-04-21 12:38 - 2013-03-07 08:20 - 000000000 ____D C:\ProgramData\AVAST Software
2020-04-21 07:32 - 2018-07-27 09:39 - 000000000 ____D C:\Users\Caro\AppData\Local\AVAST Software
2020-04-20 18:53 - 2017-03-10 18:59 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-04-18 10:37 - 2016-02-17 19:48 - 000003128 _____ C:\Windows\system32\Tasks\{0F3FA873-C81A-4EEF-BBA1-5D1C6C3564D8}
2020-04-18 10:37 - 2016-02-17 19:18 - 000003146 _____ C:\Windows\system32\Tasks\{8041A4CC-E2B6-43FA-A1AE-6F34263A5A32}
2020-04-18 10:37 - 2015-12-03 19:31 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-04-18 10:37 - 2015-09-08 06:43 - 000003608 _____ C:\Windows\system32\Tasks\Ad-Aware Update (Weekly)
2020-04-18 10:37 - 2013-07-17 21:00 - 000003072 _____ C:\Windows\system32\Tasks\{E2A815F0-DBFF-4BF8-B6B8-2E3C06EA4F03}
2020-04-18 10:37 - 2013-05-02 07:35 - 000004318 _____ C:\Windows\system32\Tasks\Ad-Aware Antivirus Scheduled Scan
2020-04-18 10:37 - 2011-08-29 15:37 - 000003142 _____ C:\Windows\system32\Tasks\{065EBEBB-9CAF-4A92-8680-7EC24D152192}
2020-04-18 10:37 - 2011-08-27 23:15 - 000003190 _____ C:\Windows\system32\Tasks\{069E07E8-D7BC-4809-B518-3C7EBA0E20A9}
2020-04-16 11:38 - 2013-03-07 08:21 - 000459408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-04-14 19:37 - 2018-10-20 12:40 - 000042984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-04-14 19:37 - 2013-03-14 11:45 - 000317280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-04-14 19:37 - 2013-03-14 11:45 - 000085056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-04-14 19:37 - 2013-03-07 08:21 - 000109480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-04-14 19:36 - 2019-01-14 18:00 - 000234776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-04-14 19:36 - 2019-01-05 21:59 - 000178968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-04-14 19:36 - 2019-01-05 21:59 - 000060696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-04-14 19:36 - 2019-01-05 21:59 - 000037856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-04-14 19:36 - 2017-11-16 20:50 - 000206120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-04-14 19:36 - 2013-03-07 08:21 - 000851808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-04-22 22:54 - 2020-04-22 22:54 - 003299200 _____ (Nicolas Coolman) C:\Users\Caro\ZHPCleaner.exe
2012-10-16 17:21 - 2012-10-16 17:21 - 000003584 _____ () C:\Users\Caro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-01-30 21:36 - 2020-04-23 09:23 - 000007604 _____ () C:\Users\Caro\AppData\Local\resmon.resmoncfg
2016-08-22 11:44 - 2016-08-22 11:44 - 000000000 _____ () C:\Users\Caro\AppData\Local\{EE9F702D-E049-4D03-9A68-717E4826A3AD}
cmd: ipconfig /flushdns
emptytemp:
end::