start::
closeprocesses:
createrestorepoint:
ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\Smadav\SmadExtc64.dll -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier
ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\Smadav\SmadExtc64.dll -> Pas de fichier
CustomCLSID: HKU\S-1-5-21-631432813-799076206-952623451-1001_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\EdgeUpdate\1.3.163.19\psuser_64.dll => Pas de fichier
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-631432813-799076206-952623451-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\...\Run: [RtsCM] => RTSCM64.EXE (Pas de fichier)
HKU\S-1-5-21-631432813-799076206-952623451-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-08-24] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
C:\Program Files (x86)\Lavasoft
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
FF Homepage: Mozilla\Firefox\Profiles\k2oly4n8.default-1650591829244 -> hxxps://poshukach.com?fr=ps&gp=496724&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\k2oly4n8.default-1650591829244 -> hxxps://poshukach.com?fr=ps&gp=496724&altserp=1
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\k2oly4n8.default-1650591829244\searchplugins\Poshukach Engin Search.xml [2022-06-18]
CHR DefaultSearchURL: Profile 4 -> hxxps://poshukach.com/search?q={searchTerms}&fr=ps&gp=496723&altserp=1
CHR DefaultSearchKeyword: Profile 4 -> poshukach engin search
CHR DefaultSuggestURL: Profile 4 -> hxxps://suggest.finditnowonline.com/suggestionfeed/suggestion?format=json&gd=496721&q={searchTerms}
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
S2 AvgWscReporter; "C:\Program Files\AVG\Antivirus\wsc_proxy.exe" /runassvc /rpcserver [X]
2022-08-13 19:48 - 2020-05-22 11:36 - 000000000 ____D C:\Users\HP\AppData\Local\AVAST Software
2022-08-10 18:17 - 2022-07-23 14:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
C:\Program Files\AVAST Software
C:\Users\HP\Downloads\*.crdownload
cmd: netsh advfirewall reset
cmd: sfc /scannow
emptytemp:
end::