start::
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction 
HKLM\SOFTWARE\Policies\Google: Restriction
HKU\S-1-5-21-4276131047-3652935209-4255100950-1001\...\MountPoints2: {04c5c220-45af-11ea-817a-c0e43412fcd8} - "D:\SETUP.EXE" /AUTORUN
HKU\S-1-5-21-4276131047-3652935209-4255100950-1001\...\MountPoints2: {7cd62777-d320-11ea-8189-c0e43412fcd8} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4276131047-3652935209-4255100950-1001\...\MountPoints2: {da44b552-9a36-11eb-8197-c0e43412fcd8} - "D:\HiSuiteDownLoader.exe"
Task: {19034172-3827-402B-A0FF-4A839898E5C0} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
2022-04-27 22:13 - 2021-07-15 11:55 - 000000000 ____D C:\Users\nana-\AppData\Local\Avast Software
2022-04-27 22:13 - 2020-02-02 16:07 - 000000000 ____D C:\ProgramData\AVAST Software
2022-04-27 20:11 - 2020-03-19 11:36 - 000000000 ____D C:\Users\nana-\AppData\Roaming\kingsoft
2022-04-27 20:06 - 2020-03-19 11:36 - 000000000 ____D C:\Users\nana-\AppData\Local\Kingsoft
2021-11-17 22:47 - 2021-11-17 22:47 - 000000000 _____ () C:\Users\nana-\AppData\Local\{77B13E52-5CD3-4E5A-9D90-C29F9B922530}
CustomCLSID: HKU\S-1-5-21-4276131047-3652935209-4255100950-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\nana-\AppData\Local\Kingsoft\WPS Office\11.2.0.10463\office6\kwpsmenushellext64.dll => Pas de fichier
ContextMenuHandlers1_S-1-5-21-4276131047-3652935209-4255100950-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\nana-\AppData\Local\Kingsoft\WPS Office\11.2.0.10463\office6\kwpsmenushellext64.dll -> Pas de fichier
ContextMenuHandlers4_S-1-5-21-4276131047-3652935209-4255100950-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\nana-\AppData\Local\Kingsoft\WPS Office\11.2.0.10463\office6\kwpsmenushellext64.dll -> Pas de fichier
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] 
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] 
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] 
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] 
EmptyTemp:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-image /Restorehealth
end::