start::
closeprocesses:
createrestorepoint:
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
CustomCLSID: HKU\S-1-5-21-1093625419-156746002-613597915-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\theod\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1093625419-156746002-613597915-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\theod\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1093625419-156746002-613597915-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\theod\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1093625419-156746002-613597915-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\theod\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\theod\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\theod\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\theod\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\theod\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\theod\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\theod\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\theod\Desktop\fl\Omnisphere\7-Zip\7-zip.dll -> Pas de fichier
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\theod\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\theod\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\theod\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\theod\Desktop\fl\Omnisphere\7-Zip\7-zip.dll -> Pas de fichier
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\theod\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\theod\Desktop\fl\Omnisphere\7-Zip\7-zip.dll -> Pas de fichier
AlternateDataStreams: C:\ProgramData:07BFB5D45896CE6E [1]
AlternateDataStreams: C:\Users\All Users:07BFB5D45896CE6E [1]
AlternateDataStreams: C:\ProgramData\Application Data:07BFB5D45896CE6E [1]
AlternateDataStreams: C:\ProgramData\PACE:4973BA4F4A09534E [217]
AlternateDataStreams: C:\ProgramData\PACE:BC5D371BB65A2EE0 [217]
AlternateDataStreams: C:\Users\Public\AppData:CSM [480]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
SearchScopes: HKU\S-1-5-21-1093625419-156746002-613597915-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1093625419-156746002-613597915-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
HKU\S-1-5-21-1093625419-156746002-613597915-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1093625419-156746002-613597915-1001\...\StartupApproved\Run: => "ut"
C:\Program Files (x86)\TotalAV
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1093625419-156746002-613597915-1001\...\Run: [ut] => "C:\Users\theod\AppData\Local\Temp\utt12B2.tmp.exe" /MINIMIZED (Pas de fichier) <==== ATTENTION
HKU\S-1-5-21-1093625419-156746002-613597915-1001\...\Run: [com.blitz.app] => C:\Users\theod\AppData\Local\Programs\Blitz\Blitz.exe --autostart (Pas de fichier)
HKU\S-1-5-21-1093625419-156746002-613597915-1001\...\Run: [Bloom] => C:\Users\theod\AppData\Roaming\Bloom\Bloom.exe --Ii7SIeN (Pas de fichier)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {272A9323-B8EC-4798-BA4E-26E9208875FF} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c (Pas de fichier)
Task: {4990B267-116A-4004-B76C-6D1B4106E8A9} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe (Pas de fichier)
Task: {6695D739-B45D-4928-994A-26B49508FFD8} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler (Pas de fichier)
Task: {66CB7B53-F7F5-459B-AE99-7DF47155D216} - System32\Tasks\OMEN Command Center BackGround Process => C:\Program Files\HP\OMEN Ally\HPOMENBG.exe (Pas de fichier)
Task: {79226EE4-3ED4-4C5F-BE74-2ED06A27F7BA} - System32\Tasks\GoogleUpdateTaskMachineQC => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Chrome\updater.exe (Pas de fichier) <==== ATTENTION
Task: {B9B3D1BB-B478-4B1D-8B05-816AA99CBB5E} - System32\Tasks\sternnesssternness => C:\Program Files (x86)\vinyls\vinyls.exe lsan (Pas de fichier)
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d6db052a65516d" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\RTKCPL" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\Scheduled scanning task" /ENABLE
Task: {E5A38A9A-E422-496C-B6ED-92731BD43BCA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {FB201457-71AA-4C5B-B396-7ABCC1A2D71E} - System32\Tasks\chrome tools => cmd /c powershell -WindowStyle Hidden -E "JAB2ACAAPQAgACIAMAAiADsACgAkAGwAdgAgAD0AIAAiADQAIgA7AAoAJABkACAAPQAgACIAcgBvAG8AYgBsAGkAbQB5AG8AbwBrAGkALgBjAG8AbQAiADsACgAkAGUAcAAgAD0AIAAiAFcAeQBJADEATgBqAFkANABNAHoAWQAwAE0ARABrADEATQB6AGcAMgBPAFQAUQAxAE0AegBrAGkATABEAEUAMgBOAFQAQQB6AE8ARABjAHoATgBUAFoAZAAiAD (l'élément de données a 4515 caractères en plus). <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
S2 AverageAceforceFG; C:\Program Files (x86)\AverageAceforceFG\AverageAceforceFG.exe -service [X]
S2 IBuddyService; C:\Program Files (x86)\IBuddy\IBuddyService.exe -service [X]
2022-07-15 00:31 - 2022-07-15 00:31 - 000000000 ____D C:\ProgramData\TotalAV
2022-07-15 00:30 - 2022-07-15 00:30 - 057816512 _____ C:\Users\theod\Downloads\TotalAV_Setup.exe
cmd: netsh advfirewall reset
emptytemp:
end::