start::
closeprocesses:
createrestorepoint:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKU\S-1-5-21-2584390337-3429783289-2381128800-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKU\S-1-5-21-2584390337-3429783289-2381128800-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKU\S-1-5-21-2584390337-3429783289-2381128800-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKU\S-1-5-21-2584390337-3429783289-2381128800-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\S-1-5-21-2584390337-3429783289-2381128800-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://homepage-web.com/?s=acer&m=start
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2584390337-3429783289-2381128800-1001 -> {4CD585A5-2B27-4ACD-92C5-A3EF7CF872DF} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_tele_14_52_other&cd=2XzuyEtN2Y1L1QzuyCtDtDtB0ByE0BtAtC0B0EtB0DtDyCyEtN0D0Tzu0StCtDzytDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StBtBtA0AtB0CyEzztG0AzzzztDtG0B0E0DyDtGtBtCyB0AtGtA0CtAzzzy0AzzyC0DtBtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyC0EzytA0DtDtAtG0B0BtD0CtGyEyEzztCtG0AyCtC0FtG0FyEyD0D0CyB0AyCtBtAyByD2Q&cr=63707452&ir=
SearchScopes: HKU\S-1-5-21-2584390337-3429783289-2381128800-1001 -> {5187913C-12BA-11E5-828E-88F034EC9602} URL = hxxps://secure.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2584390337-3429783289-2381128800-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2584390337-3429783289-2381128800-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-2584390337-3429783289-2381128800-1001 -> {FBA86674-B08A-11E4-8274-8DDFE8FD142F} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
FirewallRules: [TCP Query User{BB15EECE-825F-47C4-BCE6-2C9E902F95BE}C:\users\audrey\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\audrey\appdata\roaming\cacaoweb\cacaoweb.exe (CACAOWEB Ltd -> )
FirewallRules: [UDP Query User{E11B6BE9-C768-4813-A9F7-360FA0275E2F}C:\users\audrey\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\audrey\appdata\roaming\cacaoweb\cacaoweb.exe (CACAOWEB Ltd -> )
C:\Program Files (x86)\Avira
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1796496 2015-07-31] (APN LLC -> APN)
HKU\S-1-5-21-2584390337-3429783289-2381128800-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2584390337-3429783289-2381128800-1001\...\RunOnce: [Application Restart #2] => C:\Users\Audrey\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [9581800 2020-12-04] (Pokki, Inc. -> Pokki)
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
C:\Users\Audrey\AppData\Local\bvxvbyxvaa
Task: {2AC5FABA-5812-4150-BC63-DCEEFDAC4CE8} - System32\Tasks\bvxvbyxvaa => C:\Users\Audrey\AppData\Local\bvxvbyxvaa\bvxvbyxvaa.exe <==== ATTENTION
Task: {2E001412-3AD9-4E2B-9638-5E9B4EAC9BBC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {3371B7C9-5DAC-466F-A9F7-AD8BD1D30EBF} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {6659FF57-3FA4-4B74-9BAB-3745427CD64A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {6FB46CFA-CFFC-4AFE-9BA4-4742AF2A25F6} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {7CC9C151-874B-4E44-91C3-21C46777E08B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
Task: {9D5F3664-5875-4546-AA9F-C8C4FD8A146D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {A0E1FDB0-52E5-4936-8F27-350860CABBFE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {A217A3EF-939C-4AD3-9BE2-6C4FF0C530C6} - System32\Tasks\SweetLabs App Platform => C:\Users\Audrey\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [10650856 2020-12-04] (Pokki, Inc. -> Pokki)
Task: {A228938F-C748-4D0E-B370-92DC1A78C5CD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {AA05B200-3C9D-476B-8BA5-FD1A35D342A2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {CFF856D5-1F5F-479B-944A-D2B272B59E71} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {D022E3DD-B505-439A-8658-11A0D9249BAB} - \WPD\SqmUpload_S-1-5-21-2584390337-3429783289-2381128800-1001 -> Pas de fichier <==== ATTENTION
Task: {D793FA3A-7686-44AC-A0AF-B096F1403A5E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {DA3DC969-BCCF-4988-A38D-C38759E6D7BB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {ECC96EBC-B187-43B7-9D81-D68E6FAA35EF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {EE14A7C2-C205-4480-8BCF-8A6AEA79FBB3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Edge StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"
Edge DefaultSearchURL: Default -> hxxps://secure.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
Edge DefaultSearchKeyword: Default -> secure.homepage-web.com
FF Extension: (Avira Browser Safety) - C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\ooaMShsd.default\Extensions\abs@avira.com [2014-10-23] [] [non signé]
FF Extension: (cacaoweb) - C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\ooaMShsd.default\Extensions\cacaoweb@cacaoweb.org [2016-11-05] [] [non signé]
CHR Notifications: Default -> hxxps://forums.commentcamarche.net; hxxps://tomsguidefr.os.tc; hxxps://worldcontent.space; hxxps://www.facebook.com; hxxps://www.youtube.com
C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 MpKsl92c97d02; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C528B042-9F53-4D08-A733-F57783FDD758}\MpKslDrv.sys [X]
2021-01-20 19:57 - 2017-05-14 13:13 - 000000000 ____D C:\ProgramData\Avg
2021-01-20 19:56 - 2017-05-14 13:22 - 000000000 ____D C:\Users\Audrey\AppData\Roaming\AVG
2021-01-20 19:56 - 2017-05-14 13:14 - 000000000 ____D C:\Program Files (x86)\AVG
2021-01-20 19:56 - 2017-05-14 13:13 - 000000000 ____D C:\Users\Audrey\AppData\Local\Avg
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
cmd: sfc /scannow
emptytemp:
end::