start::
systemrestore: on
closeprocesses:
createrestorepoint:
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
CustomCLSID: HKU\S-1-5-21-3860187252-2003244183-554850189-1001_Classes\CLSID\{500C8957-D051-4057-8C54-CBB13E45C719}\localserver32 -> "C:\Users\Skal\AppData\Local\StarLeaf\StarLeaf\2\StarLeaf.UWP.exe" --toasty => Pas de fichier
IE trusted site: HKU\S-1-5-21-3860187252-2003244183-554850189-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-3860187252-2003244183-554850189-1001\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {E5414B36-7E0D-4173-B280-BBE2EF6A7D37} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {30D43D30-AC07-42BC-8BE7-98426E350958} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-08] (Adobe Inc. -> Adobe)
Task: {3BC06BBE-5BA9-45BF-B54F-F3DB41AF6EBD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {6048B76B-09A4-4C49-970B-E42F73CC9C55} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (Pas de fichier)
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas&p={searchTerms}
Edge DefaultSearchKeyword: Default -> fr.yahoo.com
Edge DefaultSuggestURL: Default -> hxxps://fr.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
2023-10-21 12:33 - 2023-10-21 12:33 - 000003892 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2023-10-21 12:33 - 2023-10-21 12:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2023-10-21 13:19 - 2017-03-21 17:42 - 000000000 ____D C:\WINDOWS\system32\32db763807a935c5e6eed..bin
2023-10-21 13:19 - 2017-03-19 11:53 - 000000000 ____D C:\WINDOWS\system32\f7413a12ea79bc2e1bf91..bin
2023-10-21 13:19 - 2017-03-13 23:45 - 000000000 ____D C:\WINDOWS\system32\132db763807a935c5e6eed..bin
2023-10-21 13:19 - 2016-11-06 17:20 - 000000000 ____D C:\WINDOWS\SHELLNEW
2023-10-21 13:19 - 2016-11-04 00:26 - 000000000 ____D C:\WINDOWS\system32\€‡ár»
2023-10-21 13:19 - 2016-11-03 23:55 - 000000000 ____D C:\WINDOWS\system32\€‡”£y
2023-10-21 13:19 - 2016-11-03 20:30 - 000000000 ____D C:\WINDOWS\system32\€‡ÂÑ^
2023-10-21 13:19 - 2016-11-03 18:36 - 000000000 ____D C:\WINDOWS\system32\€‡ƒƒ+
2023-10-21 13:19 - 2016-11-03 14:20 - 000000000 ____D C:\WINDOWS\system32\€‡åù&
2023-10-21 13:19 - 2016-11-03 14:19 - 000000000 ____D C:\WINDOWS\system32\€‡aw‚
2023-10-21 13:19 - 2016-11-03 14:17 - 000000000 ____D C:\WINDOWS\system32\€‡Þƒ„
2023-10-21 13:19 - 2016-11-03 14:16 - 000000000 ____D C:\WINDOWS\system32\€‡Z«
2023-10-21 13:19 - 2016-11-03 14:14 - 000000000 ____D C:\WINDOWS\system32\€‡rÈé
2023-10-21 13:19 - 2016-10-31 20:29 - 000000000 ____D C:\WINDOWS\system32\€‡ð±â
2023-10-21 13:19 - 2016-10-31 00:19 - 000000000 ____D C:\WINDOWS\system32\€‡�ÎC
2023-10-21 13:19 - 2016-10-30 19:04 - 000000000 ____D C:\WINDOWS\system32\€‡a±ô
2023-10-21 13:19 - 2016-10-30 14:43 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ
2023-10-21 13:19 - 2016-10-30 14:43 - 000000000 ____D C:\WINDOWS\system32\e51b3a12ea79bc2e1bf91..bin
2023-10-21 13:19 - 2016-10-30 14:43 - 000000000 ____D C:\WINDOWS\system32\€‡ÉÚ„
2023-10-21 13:19 - 2016-10-30 11:18 - 000000000 ____D C:\WINDOWS\system32\€‡
2023-10-21 13:19 - 2016-10-30 00:57 - 000000000 ____D C:\WINDOWS\system32\€‡ÜàC
2023-10-21 13:19 - 2016-10-29 22:44 - 000000000 ____D C:\WINDOWS\system32\€‡PNi
2023-10-21 13:19 - 2016-10-29 22:35 - 000000000 ____D C:\WINDOWS\system32\€‡lä`
2023-10-21 13:19 - 2016-11-10 03:26 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8
2023-10-21 13:19 - 2016-10-29 20:40 - 000000000 ____D C:\WINDOWS\system32\€‡¢m
cmd: netsh advfirewall reset
cmd: sfc /scannow
emptytemp:
end::