start:: CreateRestorePoint: CloseProcesses: Removeproxy: Hosts: HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2017-09-21] (McAfee, Inc. -> McAfee, Inc.) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ask: {65447EEB-7853-4A28-B531-C0D741257E5C} - System32\Tasks\App Explorer => C:\Users\Administrateur01\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [9893432 2015-06-26] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION Task: {E3882517-81BB-47DF-B586-FCD19B010A52} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe SearchScopes: HKU\S-1-5-21-386162286-2599120166-544399246-1002 -> DefaultScope {1E83FB70-E357-41E6-ADD3-2F8D056BA2E6} URL = SearchScopes: HKU\S-1-5-21-386162286-2599120166-544399246-1002 -> {1E83FB70-E357-41E6-ADD3-2F8D056BA2E6} URL = BHO: Pas de nom -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> Pas de fichier BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (McAfee, Inc. -> Intel Security) BHO-x32: Pas de nom -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> Pas de fichier BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (McAfee, Inc. -> Intel Security) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (McAfee, Inc. -> Intel Security) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (McAfee, Inc. -> Intel Security) FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Administrateur01\AppData\Roaming\Mozilla\Firefox\Profiles\zsfn9tqq.default\Extensions\sp@avast.com.xpi [2020-05-01] FF Extension: (Avast Online Security) - C:\Users\Administrateur01\AppData\Roaming\Mozilla\Firefox\Profiles\zsfn9tqq.default\Extensions\wrc@avast.com.xpi [2020-04-22] S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-09-21] (McAfee, Inc. -> McAfee, Inc.) S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-09-21] (McAfee, Inc. -> McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-09-21] (McAfee, Inc. -> McAfee, Inc.) S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X] 2020-05-08 13:16 - 2020-05-08 13:16 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2020-05-08 13:09 - 2020-05-08 13:09 - 010936952 _____ (AVAST Software) C:\Users\Administrateur01\Desktop\avastclear.exe 2020-05-08 13:16 - 2017-01-21 11:55 - 000000000 ____D C:\ProgramData\AVAST Software 2020-05-08 07:50 - 2016-11-27 12:22 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2020-04-22 07:10 - 2018-07-15 22:37 - 000000000 ____D C:\Users\Administrateur01\AppData\Local\AVAST Software 2020-04-22 07:08 - 2019-09-29 12:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier IE trusted site: HKU\S-1-5-21-386162286-2599120166-544399246-1002\...\amazon.fr -> hxxps://amazon.fr FirewallRules: [{FBEB47C4-F7B1-4E49-8796-7513AC76C4C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe Pas de fichier FirewallRules: [{8B9DDE9F-7FCD-4A9F-AF07-00C549F8A1C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe Pas de fichier FirewallRules: [{9F3E857C-F369-4AE0-9470-CC08A16290FF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe Pas de fichier FirewallRules: [{811925EC-2BDD-46F0-9C57-997727A8A7C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe Pas de fichier FirewallRules: [{9932BD23-94DB-4D22-8CEC-ED1CCBA039AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe Pas de fichier emptytemp: end::