start:: CreateRestorePoint: CloseProcesses: Hosts: RemoveProxy: HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (Pas de fichier) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-3222960040-781075315-1683110131-1000\...\Run: [EPSDNMON] => "" (Pas de fichier) GroupPolicy: Restriction ? <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {0AC649C1-3FC8-42F1-BA51-6A29317BDBB9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (Pas de fichier) Task: {0EA3A840-70CE-45F3-B5BB-E864C73767A1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (Pas de fichier) Task: {15C3E5AB-A17C-439A-9420-A1F89C6D8C64} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Pas de fichier <==== ATTENTION Task: {1A35AD1A-E7EF-48C2-8E04-1104BE377E20} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (Pas de fichier) Task: {1ACA1897-A1ED-4EB7-8145-916982AE0EF6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (Pas de fichier) Task: {1CFA449A-8C99-4537-B944-3704A05E42F9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (Pas de fichier) Task: {2779EC09-9018-40D9-8AC8-2B76E467B671} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (Pas de fichier) Task: {2E055866-FC03-4906-8868-2B4901B89DE5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION Task: {403B1810-7168-4608-A682-91BB20E90A57} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (Pas de fichier) Task: {476D06D4-13DA-4126-B657-2C1E503DE7D7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION Task: {4870BB37-588A-4602-9959-859627DCC4F0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION Task: {4A7D56D9-57AD-45E5-A8DB-2EBACDA2DC5A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION Task: {56F61B26-5AD7-4BDF-9D0A-A469BDF6F24D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (Pas de fichier) Task: {6567C70C-0FCB-434C-A21D-5EE386F8A4F6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (Pas de fichier) Task: {67DB04CA-04C8-49E7-9B29-AF8D7300241B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (Pas de fichier) Task: {6C9181CB-0F4D-47F0-B906-3FD3FDA0F025} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (Pas de fichier) Task: {7B51E586-04EA-46C0-9919-5990EFA20F80} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (Pas de fichier) Task: {7E3F3F0F-93FA-4E39-BB28-1F992FD44964} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION Task: {7FBE2BCF-2163-46DD-A2D2-76740EB07ABE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Pas de fichier <==== ATTENTION Task: {8D545278-368E-4CCF-988E-8F72D4A1BBCF} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (Pas de fichier) Task: {8E876A3D-87B6-4FFB-B39A-698552948543} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe /launch (Pas de fichier) Task: {947155F4-4D51-41A0-82FC-9AFCEE6021C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (Pas de fichier) Task: {951E8D9C-95DF-4507-9CAC-C781C2D86953} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION Task: {9835281A-B4B9-4501-B22F-804AD7C9CF72} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (Pas de fichier) Task: {9A0BFDFD-B735-4AD7-ABA8-57ED61B27889} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (Pas de fichier) Task: {9BCCCC3B-6085-4C47-9AA7-4117F5E6B4F4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION Task: {AAECD726-C9B4-441A-9515-92CFE3B257D0} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (Pas de fichier) Task: {AB857CB5-F8A1-47AB-A231-1795518609DC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (Pas de fichier) Task: {B4FA964E-BDC4-460B-B8B9-9A15670C38D7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION Task: {BCBB39F9-228E-4CEE-B27F-FF3BD5F71217} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Pas de fichier <==== ATTENTION Task: {BE301378-806B-4CD0-9D1F-C4C1141926B6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (Pas de fichier) Task: {C3AAF372-1063-471F-97C1-82DBE84EC400} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (Pas de fichier) Task: {CD92D02F-C914-4A35-BC4E-5417EA152E80} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (Pas de fichier) Task: {D1FFAF51-5D57-4320-B738-73010EB399D8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION Task: {D747B68B-BF48-4436-8736-47E36D312CBB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (Pas de fichier) Task: {E3E95D1C-F25A-4AC0-8A44-0DBCAEB85D58} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION Task: {EE8912F9-6C13-48CC-8321-63968C596B7E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION Task: {F74D4257-56D9-4439-9B59-773942F7B2A6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (Pas de fichier) S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [X] S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [X] U3 idsvc; pas de ImagePath HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1 HKU\S-1-5-21-3222960040-781075315-1683110131-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-15] (Google Inc -> Google Inc.) HKU\S-1-5-21-3222960040-781075315-1683110131-1000\...\Run: [MicrosoftEdgeAutoLaunch_03A622083486ADBBA3C377B6FB273127] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKU\S-1-5-21-3222960040-781075315-1683110131-1000\...\MountPoints2: {1520e6cf-bb79-11ea-87f7-90fba6e0039a} - "J:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3222960040-781075315-1683110131-1000\...\MountPoints2: {1ba48a84-6d9f-11df-b1b6-806e6f6e6963} - "E:\Setup.exe" HKU\S-1-5-21-3222960040-781075315-1683110131-1000\...\MountPoints2: {6f012a5f-eedf-11eb-881e-90fba6e0039a} - "J:\HiSuiteDownLoader.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\91.1.10672.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-17] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\83.0.4529.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level Task: {E89BE40D-AC5C-4E47-9C22-144E6A3A29D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.) Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Pas de fichier ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à jour de Windows 10.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support\Packard Bell Updater.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BF2 Ultimate-Coop\Désinstaller ultimatecoop.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BF2 Ultimate-Coop\mod_15bots.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BF2 Ultimate-Coop\mod_31bots.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BF2 Ultimate-Coop\mod_47bots.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BF2 Ultimate-Coop\Ultimate-Coop.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\01-PROXI_SPECIAL_PAQUES_SEM14[1].lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\0E41SBUQ.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\12-LE PRINTEMPS SEM13 proxi.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\13 Formulaire litige.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\2012_S12_FC_OC_PCC[1].lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\3IRJ4V5D.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\8NQKHNJ5.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\ACHAT ATMP.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\Ch_Dumont_Th_E1.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\COLLEGE PLATEAU.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\COMMANDE EPAILLY.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\commande métro du 30.06.2014.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\DECES_DE_BONSENSDL1.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\DYNA_SEM07[1].lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\HWNE09CQ.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\KFN0XFFT.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\LEGUMES EPAILLY.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\LISTE EPAILLY.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\PRIX RENDU PERPIGNAN.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\SEM05_COUP_SEMAINE[1].lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\SEM07_COUP_SEMAINE[1].lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\SEM12_BQT_FRIM-S[1].lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\SKUWTPOC.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\Temp1_FacturesAXX02813300001.zip.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\Temp1_lachutedufeumagnifique.zip.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\Temp1_offreoc201207090257.zip.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\Temp1_offreoc201207090304.zip.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\Temp2_offreoc201207090304.zip.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\WCEMQ51Q.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\YBQTIKSA.lnk C:\Users\Benoit\AppData\Roaming\Microsoft\Office\Récent\__Trousse_de_secours___.lnk StartRegEdit: Windows Registry Editor Version 5.00 [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{497a5a6a-6075-443d-89a4-2649ffc5e4e7}:] "NameServer"="" EndRegEdit: DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WindowsDefender DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|EPSDNMON DeleteValue: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\\Software\Microsoft\Windows\CurrentVersion\Run|EPSDNMON] DeleteKey: HKLM\Software\Classes\Installer\Products\CDD52F24FEA1B8244A97DE22104BD36A DeleteKey: HKLM\Software\Classes\Installer\Features\CDD52F24FEA1B8244A97DE22104BD36A DeleteKey: HKCU\Software\Microsoft\Installer\Products\CDD52F24FEA1B8244A97DE22104BD36A DeleteKey: HKCU\Software\Microsoft\Installer\Features\CDD52F24FEA1B8244A97DE22104BD36A C:\WINDOWS\Installer\{42F25DDC-1AEF-428B-A479-ED2201B43DA6}\Icon.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|DriverUpdate.exe DeleteKey: HKLM\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA} DeleteKey: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Installer\Products\CDD52F24FEA1B8244A97DE22104BD36A DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Installer\Features\CDD52F24FEA1B8244A97DE22104BD36A C:\WINDOWS\Installer\8b9fa.msi DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\AVAST Software\Avast\AvastUI.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\AVAST Software\Avast\AvastUI.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\SouzouGest\Exe\SouzouGest.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\SouzouGest\Exe\SouzouGest.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Packard Bell\Registration\GREG.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Packard Bell\Registration\GREG.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Benoit\Downloads\adwcleaner_8.3.1.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Benoit\Downloads\adwcleaner_8.3.1.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\AVAST Software\Avast\AvastUI.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\AVAST Software\Avast\AvastUI.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\SouzouGest\Exe\SouzouGest.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\SouzouGest\Exe\SouzouGest.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Packard Bell\Registration\GREG.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Packard Bell\Registration\GREG.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Benoit\Downloads\adwcleaner_8.3.1.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Benoit\Downloads\adwcleaner_8.3.1.exe.ApplicationCompany DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AvastUI.exe DeleteKey: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA} DeleteKey: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA} DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA} DeleteKey: HKCR\CLSID\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA} DeleteKey: HKLM\SOFTWARE\AVAST Software DeleteKey: HKLM\SOFTWARE\WOW6432Node\Avast Software DeleteKey: HKCU\SOFTWARE\AVAST Software DeleteKey: HKCU\SOFTWARE\Browser Cleanup DeleteKey: HKU\.DEFAULT\SOFTWARE\Avast Software DeleteKey: HKU\.DEFAULT\SOFTWARE\Browser Cleanup DeleteKey: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\SOFTWARE\AVAST Software DeleteKey: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\SOFTWARE\Browser Cleanup C:\ProgramData\AVAST Software C:\Program Files (x86)\Common Files\AV C:\Users\Benoit\AppData\Local\AVAST Software unlock: C:\WINDOWS\System32\drivers\aswRdr.sys C:\WINDOWS\System32\drivers\aswRdr.sys unlock: C:\WINDOWS\System32\drivers\staport.sys C:\WINDOWS\System32\drivers\staport.sys C:\WINDOWS\Installer\cd278764.msi [ C:\Users\Benoit]\Desktop\TeamViewerQS_fr - Raccourci.lnk DeleteKey: HKLM\SOFTWARE\WOW6432Node\TeamViewer DeleteKey: HKCU\SOFTWARE\TeamViewer DeleteKey: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\SOFTWARE\TeamViewer C:\Users\Benoit\AppData\Roaming\TeamViewer DeleteKey: HKLM\SOFTWARE\Symantec DeleteKey: HKCU\SOFTWARE\Norton DeleteKey: HKU\S-1-5-21-3222960040-781075315-1683110131-1000\SOFTWARE\Norton C:\ProgramData\Norton C:\ProgramData\NortonInstaller StartBatch: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*" del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*" Endbatch: cmd: ipconfig /flushdns cmd: netsh winsock reset cmd: netsh advfirewall reset cmd: Netsh advfirewall set allprofiles state on C:\Windows\Temp\ *.* C:\Users\CurrentUserName\Appdata\Local\Temp\ *.* EmptyTemp: C:\Windows\SoftwareDistribution\Download\ * cmd: dism.exe /online /cleanup-image /restorehealth cmd: sfc /scannow Reboot: end::