start::
SystemRestore: on
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] ->
Task: {74F785FD-DC14-4A82-BD22-C54217B7E648} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier
Task: {85C8A3C1-A3DB-48D8-B816-F86C9B404D1E} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {921BB7CE-38ED-4BEA-ADB2-A5B674B0B9B5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {560152F9-8D03-41EE-A88D-5CE814E46C6C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {E552A8A2-EC90-4DDA-8DDC-8F85FFF4D9AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates =>
Task: {01757861-C01A-4D1D-9C58-3BB097BF2CDA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization =>
Task: {78B6C3C2-993C-4A7E-9D75-623630280B90} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {66BFC95D-BE2A-4FB6-96DB-382BFBA406C7} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe (Pas de fichier)
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
S3 HWiNFO_193; C:\Users\Jeanne\AppData\Local\Temp\HWiNFO64A_193.SYS
2024-05-09 23:36 - 2018-04-11 18:08 - 000000000 ____D C:\Users\Jeanne\AppData\Local\AVAST Software
2024-05-09 23:36 - 2016-08-31 10:44 - 000000000 ____D C:\Users\Jeanne\AppData\Roaming\AVAST Software
2024-05-09 23:36 - 2016-05-24 19:27 - 000000000 ____D C:\ProgramData\AVAST Software
2024-05-09 23:15 - 2021-03-29 18:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
CustomCLSID: HKU\S-1-5-21-2232069959-3752034489-2485624761-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jeanne\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2232069959-3752034489-2485624761-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jeanne\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2232069959-3752034489-2485624761-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jeanne\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2232069959-3752034489-2485624761-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Jeanne\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\FileCoAuth.exe => Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
CustomCLSID: HKU\S-1-5-21-1280661116-970770358-385692439-1001_Classes\CLSID\{3f5d0051-61b8-0f45-6166-996cfb4f914f}\localserver32 -> "C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe" -ToastActivated => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1280661116-970770358-385692439-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => Pas de fichier
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> Pas de fichier
AlternateDataStreams: C:\Users\salhi1:com.affinity.publisher.2 [151]
AlternateDataStreams: C:\Users\salhi1:com.affinity.publisher.3 [197]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8116]
IE trusted site: HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\sharepoint.com -> hxxps://gslr-files.sharepoint.com
EmptyTemp:
cmd: ipconfig /flushdns
cmd: sfc /scannow
cmd: netsh winsock reset
end::