start::
CreateRestorePoint:
cmd: Net stop wuauserv
CloseProcesses:
StartRegedit: 
Windows Registry Editor Version 5.00
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
EndRegedit:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {3F790096-181E-44F5-8008-80F06D051C38} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART (Pas de fichier)
Task: {6C0250CA-E00E-464C-BF30-07FC78FFBC47} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Pas de fichier)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe ReadyToReboot (Pas de fichier)
Task: {8A0B1D92-49F3-4D65-B240-6E3D3C0F214A} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe HandleServiceControlManagerEvent 7000 (Pas de fichier)
Task: {C1EF45A1-44D2-48F3-862D-DCB5FA3AA96A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => C:\WINDOWS\system32\MusNotification.exe Display (Pas de fichier)
Task: {C80FE49B-C459-447A-B1FC-69D1D749526B} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe (Pas de fichier)
Task: {CCD58F6E-F37A-4DAE-AA18-F4A1DE30930E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (Pas de fichier)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Pas de fichier)
Task: {CEB35FDE-A3CF-44F1-96BE-79D8940B70D3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Pas de fichier)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Pas de fichier)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [Pas de fichier]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [Pas de fichier]
S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]
S2 AviraFallbackUpdater; "C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe" FallbackUpdater=true [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
HKU\S-1-5-21-557128043-3211486600-3372128446-1001\...\Run: [MicrosoftEdgeAutoLaunch_EBD1D1153615F1DAFE42826E251A298D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-09] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-27] (Google LLC -> Google LLC)
Task: {10348BA8-92E9-46D8-A53A-8C9D6659BAB4} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [661408 2023-02-04] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1335FA61-F467-46A8-94BE-1312F20E9F6D} - System32\Tasks\Avira_FallbackUpdater => C:\WINDOWS\system32\sc.exe start AviraFallbackUpdater Delayed=false
Task: {34786084-CC52-419B-A396-D1D124603AE4} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {34786084-CC52-419B-A396-D1D124603AE4} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {34786084-CC52-419B-A396-D1D124603AE4} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {34C7DDEF-4167-4E7C-AEDE-93111FD9D790} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155648 2023-01-30] () [Fichier non signé]
Task: {3A224BCE-7932-4312-8FF0-4D38E8CC2CB8} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4714496 2023-01-30] () [Fichier non signé] -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "3fa8339d-e8b8-4c34-88aa-5edec11e67dc" --version "6.08.10255" --silent
Task: {3F790096-181E-44F5-8008-80F06D051C38} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART (Pas de fichier)
Task: {4595EA8E-2E34-413E-A7A3-ECC373B26290} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155648 2023-01-30] () [Fichier non signé]
Task: {8C00C739-7169-492E-AB5B-0F71409EB780} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [710560 2023-02-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {99CCAAC4-0EE1-4DFF-8F63-10E198F3F864} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [688128 2023-01-30] () [Fichier non signé]
Task: {EEB68431-EF8A-45A0-98A1-9C46BD350038} - System32\Tasks\CCleanerSkipUAC - moniq => C:\Program Files\CCleaner\CCleaner.exe [32620544 2023-01-30] () [Fichier non signé]
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON WF-2810 Series Update {6364078F-BE0C-4E0E-AB81-C13E8F4F57D6}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWCE.EXE:/EXE:{6364078F-BE0C-4E0E-AB81-C13E8F4F57D6} /F:UpdateWORKGROUP\LAPTOP-USPQJ8VS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2810 Series Update {C872BC5D-C972-4D2E-91D7-01A8DF5003B9}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWCE.EXE:/EXE:{C872BC5D-C972-4D2E-91D7-01A8DF5003B9} /F:UpdateWORKGROUP\LAPTOP-USPQJ8VS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
Tcpip\..\Interfaces\{5ac97fd2-05c8-4878-8a7e-9bc956531e60}: [DhcpNameServer] 40.53.1.12
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CustomCLSID: HKU\S-1-5-21-557128043-3211486600-3372128446-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => Pas de fichier
CustomCLSID: HKU\S-1-5-21-557128043-3211486600-3372128446-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => Pas de fichier
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Pas de fichier
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Pas de fichier
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143]
SearchScopes: HKU\S-1-5-21-557128043-3211486600-3372128446-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-557128043-3211486600-3372128446-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
AV: Avira Security (Enabled - Up to date) {76C0BF9F-9FD3-D249-DE2F-7A33A59B9258}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
HKU\S-1-5-21-557128043-3211486600-3372128446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-557128043-3211486600-3372128446-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HFSExplorer\Tools\Resource Viewer.lnk
C:\Users\moniq\recup_Mac\Documents\meditation pour se détacher guidée de ses pensées - Raccourci (2).lnk
C:\Users\moniq\recup_Mac\Documents\meditation pour se détacher guidée de ses pensées - Raccourci.lnk
C:\Users\moniq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk
C:\Users\moniq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord
DeleteValue: HKEY_USERS\S-1-5-21-557128043-3211486600-3372128446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\AviraFallbackUpdater)
C:\Users\moniq\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll
C:\Users\moniq\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater (Hidden)
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Avira
DeleteKey: HKLM\SOFTWARE\WOW6432Node\X-AVCSD
DeleteKey: HKCU\SOFTWARE\Avira
DeleteKey: HKU\.DEFAULT\SOFTWARE\Avira
DeleteKey: HKU\S-1-5-21-557128043-3211486600-3372128446-1001\SOFTWARE\Avira
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
C:\ProgramData\Avira
C:\Users\moniq\AppData\Local\Avira
C:\Users\moniq\AppData\Local\AviraWebView2Cache
DeleteKey: HKU\.DEFAULT\SOFTWARE\McAfee
DeleteKey: HKCU\SOFTWARE\Adlice Software
DeleteKey: HKU\S-1-5-21-557128043-3211486600-3372128446-1001\SOFTWARE\Adlice Software
C:\ProgramData\RogueKiller
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-557128043-3211486600-3372128446-1001\SOFTWARE\AvastAdSDK
DeleteKey: HKLM\SOFTWARE\Setup
cmd: Net start wuauserv
Reboot:
end::