start:: CreateRestorePoint: CloseProcesses: Hosts: ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier SearchScopes: HKU\S-1-5-21-1785135278-2820057349-1625525082-1001 -> DefaultScope {3415D4F4-EA0D-4C0B-B912-BB5CAAE4CA76} URL = SearchScopes: HKU\S-1-5-21-1785135278-2820057349-1625525082-1001 -> {3415D4F4-EA0D-4C0B-B912-BB5CAAE4CA76} URL = Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Pas de fichier IE trusted site: HKU\S-1-5-21-1785135278-2820057349-1625525082-1001\...\amazon.fr -> hxxps://amazon.fr HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "SMART Board Service" HKLM\...\StartupApproved\Run32: => "SMART Board Tools" HKLM\...\StartupApproved\Run32: => "SMART Ink" HKU\S-1-5-21-1785135278-2820057349-1625525082-1001\...\StartupApproved\StartupFolder: => "Alertes de surveillance de l'encre - HP Photosmart 6520 series (réseau).lnk" HKU\S-1-5-21-1785135278-2820057349-1625525082-1001\...\StartupApproved\Run: => "HP ENVY 5530 series (NET)" HKU\S-1-5-21-1785135278-2820057349-1625525082-1001\...\StartupApproved\Run: => "HP Photosmart 6520 series (NET)" HKU\S-1-5-21-1785135278-2820057349-1625525082-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" FirewallRules: [{3C2C53B6-E8E1-4E28-9417-E9EC2D793987}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => Pas de fichier FirewallRules: [{90F8E26B-FFAC-41AA-9EB1-FED13BC6A443}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => Pas de fichier HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui C:\Program Files\AVAST Software HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-06-25] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6782.183\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {21F25AAC-6BB8-422F-AB94-75666FDAFE49} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe C:\Program Files\Common Files\Avast Software Task: {22D9240C-07AC-4AD2-9158-92CE22A30201} - System32\Tasks\ShouldIRemoveIt => C:\Users\marin\AppData\Roaming\Reason\Should I Remove It\ShouldIRemoveIt.exe [445760 2013-02-08] (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Users\marin\AppData\Roaming\Reason\Should I Remove It Task: {2E5FB71F-65AD-4D61-85DE-D07EFCD3E33C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: {6FE5A916-E9A8-4E76-977B-7DC809D97EE6} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION Task: {B8AFD2C6-57C1-4D88-A2B6-B68B22D0A8A0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\marin\AppData\Roaming\Mozilla\Firefox\Profiles\duewl98r.default\Extensions\sp@avast.com.xpi [2019-02-14] FF Extension: (Avast Online Security) - C:\Users\marin\AppData\Roaming\Mozilla\Firefox\Profiles\duewl98r.default\Extensions\wrc@avast.com.xpi [2018-07-20] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] 2021-07-03 20:14 - 2021-07-03 20:14 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-07-03 20:09 - 2021-07-03 20:09 - 012210760 _____ (AVAST Software) C:\Users\marin\Downloads\avastclear.exe 2021-07-03 19:51 - 2021-07-03 19:51 - 000363370 _____ C:\Users\Public\Desktop\ZHPDiag.txt 2021-07-03 19:40 - 2021-07-03 19:41 - 000000869 _____ C:\Users\marin\Desktop\ZHPDiag.lnk 2021-07-03 19:40 - 2021-07-03 19:40 - 003277976 _____ (Nicolas Coolman) C:\Users\marin\Downloads\ZHPDiag3.exe 2021-07-03 19:00 - 2021-07-03 19:00 - 000012092 _____ C:\Users\marin\Desktop\ZHPCleaner (R).html 2021-07-03 18:55 - 2021-07-03 18:55 - 000011666 _____ C:\Users\marin\Desktop\ZHPCleaner (S).html 2021-07-03 18:55 - 2021-07-03 18:55 - 000004905 _____ C:\Users\Public\Desktop\ZHPCleaner (S).txt 2021-07-03 18:39 - 2021-07-03 19:51 - 000000000 ____D C:\Users\marin\AppData\Roaming\ZHP 2021-07-03 18:39 - 2021-07-03 19:40 - 000000000 ____D C:\Users\marin\AppData\Local\ZHP 2021-07-03 18:39 - 2021-07-03 18:42 - 000000879 _____ C:\Users\marin\Desktop\ZHPCleaner.lnk 2021-07-03 18:39 - 2021-07-03 18:39 - 003258008 _____ (Nicolas Coolman) C:\Users\marin\Downloads\ZHPCleaner.exe 2021-07-03 17:55 - 2021-07-03 17:55 - 008553680 _____ (Malwarebytes) C:\Users\marin\Downloads\adwcleaner_8.3.0.exe 2021-07-03 17:47 - 2021-07-03 17:47 - 000004504 _____ C:\WINDOWS\system32\Tasks\ShouldIRemoveIt 2021-07-03 17:47 - 2021-07-03 17:47 - 000000000 ____D C:\Users\marin\AppData\Roaming\Reason 2021-07-03 17:47 - 2021-07-03 17:47 - 000000000 ____D C:\Users\marin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It 2021-07-03 17:45 - 2021-07-03 17:45 - 001222464 _____ (Reason Software Company Inc.) C:\Users\marin\Downloads\should-i-remove-it-1-0-4-en-win.exe 2021-07-03 16:04 - 2021-07-03 20:55 - 000000000 ____D C:\Program Files\CCleaner 2021-07-03 16:04 - 2021-07-03 16:04 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-07-03 16:04 - 2021-07-03 16:04 - 000002888 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-07-03 16:04 - 2021-07-03 16:04 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk 2021-07-03 16:04 - 2021-07-03 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2021-07-03 16:02 - 2021-07-03 16:02 - 035958288 _____ (Piriform Software Ltd) C:\Users\marin\Downloads\ccsetup582.exe 2021-07-03 20:19 - 2018-04-11 19:11 - 000000000 ____D C:\Users\marin\AppData\Local\AVAST Software 2021-07-03 20:11 - 2016-11-27 17:01 - 000000000 ____D C:\ProgramData\AVAST Software 2021-07-03 18:14 - 2021-01-16 21:42 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2021-07-02 16:49 - 2021-01-16 21:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software EmptyTemp: cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh winsock reset cmd: sfc /scannow end::