start::
closeprocesses:
createrestorepoint:
ContextMenuHandlers1: [iTop Desktop Manager] -> {3673BE34-2362-439B-BBE4-FC6297742677} => -> Pas de fichier
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Pas de fichier
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Pas de fichier
IE trusted site: HKU\S-1-5-21-2237275449-2487376758-1513769350-1002\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-2237275449-2487376758-1513769350-1002\...\StartupApproved\Run: => "Web Companion"
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-2237275449-2487376758-1513769350-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-05-04] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft) <==== ATTENTION
C:\Program Files (x86)\Lavasoft
HKU\S-1-5-21-2237275449-2487376758-1513769350-1002\...\Run: [Advanced SystemCare] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [5385280 2023-05-08] (IObit CO., LTD -> IObit)
HKU\S-1-5-21-2237275449-2487376758-1513769350-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
GroupPolicy-Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {09E4AB9F-E2D5-4A66-911A-46349DE78D80} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [5444104 2023-05-08] (IObit CO., LTD -> IObit)
Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {44753A7E-3FA2-4C7F-BE70-364F7A7335A9} - System32\Tasks\ASC_SkipUac_HP => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [10938376 2023-05-10] (IObit CO., LTD -> IObit)
Task: {7B857988-3067-4E13-8891-998F430972F7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
FF user.js: detected! => C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\nuy5b4qk.default\user.js [2023-03-16]
FF Homepage: Mozilla\Firefox\Profiles\nuy5b4qk.default -> hxxps://poshukach.com?fr=ps&gp=496724&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\nuy5b4qk.default -> hxxps://poshukach.com?fr=ps&gp=496724&altserp=1
FF user.js: detected! => C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\caqbhg3b.default-release-1651332363335\user.js [2023-03-16]
CHR Notifications: Default -> hxxps://erfsoft.ru; hxxps://holtoakie.com; hxxps://sulseerg.com; hxxps://www.youtube.com; hxxps://www27.lowrihouston.pro; hxxps://www43.davisonbarker.pro; hxxps://www46.lowrihouston.pro; hxxps://www72.lowrihouston.pro; hxxps://www80.davisonbarker.pro
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglfjaeojcakllgbfalclepdncgidelo
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [iglfjaeojcakllgbfalclepdncgidelo] - C:\Users\HP\AppData\Local\ServiceApp\apps-helper\apps.crx [2023-04-26]
C:\Users\HP\AppData\Local\ServiceApp
S3 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-05-04] (LAVASOFT SOFTWARE CANADA INC -> ) <==== ATTENTION
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
emptytemp:
end::