start:: CreateRestorePoint: CloseProcesses: Hosts: ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => -> Pas de fichier SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1973530735-1661702653-2252766653-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1973530735-1661702653-2252766653-1001 -> {B609653D-1851-43C8-8B7A-6357C25C98AF} URL = FirewallRules: [{1F397D76-7B59-4D77-BF14-BE1500EB9EE0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe => Pas de fichier FirewallRules: [{FDEB0F56-7BDE-4EDD-A134-B05227B205C4}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe => Pas de fichier FirewallRules: [{45D45B8D-1A93-4695-AD01-D1F404CA6995}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe => Pas de fichier FirewallRules: [{48ABE1E1-1823-4C0E-B16A-3594D00F6272}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe => Pas de fichier FirewallRules: [{649F5878-45B9-4259-907B-4FE0AC80DA60}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe => Pas de fichier FirewallRules: [{07374DE7-CAB7-451F-9CB1-A08B29649D90}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe => Pas de fichier FirewallRules: [{01ECAF79-D705-4BEB-AA1E-10C8E7FD109B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe => Pas de fichier FirewallRules: [{867D92C8-6384-499A-904A-BD344F3755EC}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe => Pas de fichier FirewallRules: [{0BF35009-F463-4519-93F8-8E531226565E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe => Pas de fichier FirewallRules: [{C1FC8EF0-9E7E-4623-A9BE-E746FCD0F9A5}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe => Pas de fichier FirewallRules: [{92596006-DA20-4CCF-A6D7-08A240217416}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe => Pas de fichier FirewallRules: [{1A64CA68-DFED-4373-B68C-594526237771}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe => Pas de fichier FirewallRules: [{9D84DB26-7305-47BD-A5FE-8BF059D9C6E2}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe => Pas de fichier FirewallRules: [{F4B3131C-AFF7-458E-9887-5FCF317FCC93}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe => Pas de fichier FirewallRules: [{4DB5F978-6CD8-4134-96DB-A07340F2E849}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe => Pas de fichier FirewallRules: [{2623F13D-CC43-4D24-9633-3300B6709714}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe => Pas de fichier FirewallRules: [{3BF918A7-FEDA-4AAC-B79A-2DF80621CF0C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe => Pas de fichier FirewallRules: [{EF46EC23-9705-477D-9975-D8D0F123AC48}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe => Pas de fichier FirewallRules: [{DD334488-478E-496B-A3DF-DD69AF070BE9}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe => Pas de fichier FirewallRules: [{BE1CA623-4E4A-402F-9377-58A0901CB43F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe => Pas de fichier FirewallRules: [{197808E9-687B-4D6C-B439-4B48353779C0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe => Pas de fichier FirewallRules: [{00C2D3DF-7310-49EA-8BF9-BC9572096EC6}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe => Pas de fichier FirewallRules: [{058893C3-1FE1-4CAA-8DBF-A464A2E51740}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe => Pas de fichier FirewallRules: [{7D368ABF-CFD5-4AF5-B742-D056266AC5D0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe => Pas de fichier FirewallRules: [{353F2393-B088-456C-9787-2DE1C0BA8A7C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => Pas de fichier FirewallRules: [{9B379E99-7609-4379-BD3B-E07881B4E413}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => Pas de fichier FirewallRules: [{B0D2A8FD-0DDB-4C3D-B74B-A15DF926C8E1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => Pas de fichier FirewallRules: [{E509D1E5-6EFA-402F-8307-9B32D256E68E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => Pas de fichier FirewallRules: [{035838C6-17F1-43C1-8247-E93E7E2A8693}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => Pas de fichier FirewallRules: [{15970797-2AA1-41A6-91CF-068D91319926}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => Pas de fichier FirewallRules: [{95C43298-A708-45CA-8D5F-D1AE6CE7077A}] => (Allow) C:\Users\guyto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => Pas de fichier FirewallRules: [TCP Query User{867A9315-AC10-4B4A-9705-A560C8AE7D91}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => Pas de fichier FirewallRules: [UDP Query User{C5AB95FD-007F-4728-AE51-3305B3D62002}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => Pas de fichier FirewallRules: [TCP Query User{B9B5BA01-335A-4659-B358-DCDB8BC60323}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => Pas de fichier HKU\S-1-5-21-1973530735-1661702653-2252766653-1001\...\RunOnce: [Application Restart #4] => C:\Users\guyto\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (l'élément de données a 583 caractères en plus). HKU\S-1-5-21-1973530735-1661702653-2252766653-1001\...\RunOnce: [Application Restart #2] => C:\Windows\SysWOW64\mshta.exe [12800 2014-10-31] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1973530735-1661702653-2252766653-1001\...\RunOnce: [Application Restart #3] => C:\Users\guyto\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (l'élément de données a 583 caractères en plus). HKU\S-1-5-21-1973530735-1661702653-2252766653-1001\...\RunOnce: [Application Restart #1] => C:\Users\guyto\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (l'élément de données a 583 caractères en plus). HKU\S-1-5-21-1973530735-1661702653-2252766653-1001\...\RunOnce: [Application Restart #0] => C:\Users\guyto\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resour (l'élément de données a 583 caractères en plus). C:\Users\guyto\AppData\Local\SweetLabs App Platform FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) CHR DefaultSearchURL: Default -> hxxps://secure.web-start-page.com/?partner=acer&src=omnibox&brw=ch&q={searchTerms} CHR DefaultSearchKeyword: Default -> web-start-page.com CHR DefaultSuggestURL: Default -> hxxps://secure-suggest.web-start-page.com/suggest?format=json&brw=ch&locale={language}&q={searchTerms} CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] CHR HKU\S-1-5-21-1973530735-1661702653-2252766653-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] 2021-04-26 18:08 - 2021-04-26 18:17 - 000000000 ____D C:\AdwCleaner 2021-04-26 18:08 - 2021-04-26 16:16 - 008534696 _____ (Malwarebytes) C:\Users\guyto\Desktop\adwcleaner_8.2.exe 2021-04-26 17:27 - 2021-04-26 17:27 - 000000850 _____ C:\Users\guyto\Desktop\ZHPCleaner.lnk 2021-04-26 17:27 - 2021-04-26 16:15 - 003326616 _____ (Nicolas Coolman) C:\Users\guyto\Desktop\ZHPCleaner.exe 2021-04-26 17:14 - 2021-04-26 17:14 - 000000840 _____ C:\Users\guyto\Desktop\ZHPSuite.lnk 2021-04-26 17:14 - 2021-04-26 16:14 - 003468440 _____ (Nicolas Coolman) C:\Users\guyto\Desktop\ZHPSuite.exe 2021-04-26 16:14 - 2021-04-26 16:25 - 000000000 ____D C:\Users\guyto\Desktop\zhp 2021-04-26 17:27 - 2018-03-26 09:48 - 000000000 ____D C:\Users\guyto\AppData\Local\ZHP EmptyTemp: cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh winsock reset cmd: sfc /scannow end::