start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-20] (Google LLC -> Google LLC)
GroupPolicy: Restriction ?
Policies: C:\ProgramData\NTUSER.pol: Restriction
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
HKLM\SOFTWARE\Policies\Google: Restriction
C:\Users\Leo]\Desktop\Discord.lnk
C:\Users\Leo]\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Discord.lnk
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord
DeleteValue: HKEY_USERS\S-1-5-21-1514458854-2828205822-2713061195-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord
DeleteKey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discord
DeleteKey: HKCU\Software\undefined
DeleteKey: HKLM\SOFTWARE\POLICIES\Mozilla\Firefox
DeleteKey: HKCU\SOFTWARE\Discord
DeleteKey: HKU\S-1-5-21-1514458854-2828205822-2713061195-1000\SOFTWARE\Discord
DeleteKey: HKU\S-1-5-21-1514458854-2828205822-2713061195-1000\SOFTWARE\undefined
C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{42C64AD0-43C2-48D8-9610-A4129E42D540}"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F3FA030A-9954-47DD-91E3-492C18ED5103}"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2E1395DE-8FC2-4E89-BDD6-6C321AB9296E}"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6698C647-BF92-414A-9268-B812F1A0AA69}"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CF14DF7A-BBDA-4D27-9065-714EB4F32BA9}C:\program files (x86)\openshot video editor\launch.exe"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{BAED9E4B-E8A7-4672-A068-96ACC13F818E}C:\program files (x86)\openshot video editor\launch.exe"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{721DD46C-E32B-47C2-902D-F1367C8630A9}"
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\001
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\002
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\003
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\004
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\005
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\007
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\008
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\009
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\010
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\011
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\012
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\014
C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Leo\AppData\Local\Ankama\Dofus\Dofus.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Norton Security\Engine\22.21.11.46\NortonSecurity.exe
DeleteValue: HKU\S-1-5-21-1514458854-2828205822-2713061195-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Leo\AppData\Local\Ankama\Dofus\Dofus.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1514458854-2828205822-2713061195-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Norton Security\Engine\22.21.11.46\NortonSecurity.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_83887E9997FF8CC3D7607A790F970D6B
DeleteValue: HKEY_USERS\S-1-5-21-1514458854-2828205822-2713061195-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_83887E9997FF8CC3D7607A790F970D6B
C:\Users\Leo\AppData\Roaming\IObit\Advanced SystemCare
Task: {0C7AAC82-C0E3-43A0-B2CA-BDF7235A8BD6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (Pas de fichier)
Task: {0DC9558D-7D8D-40C0-9918-6DE2E20B8BED} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (Pas de fichier)
Task: {163F247A-9946-43B5-9A69-022B4AA75AE6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (Pas de fichier)
Task: {292A40F9-9D57-4881-B4C0-9E53EE259F3E} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe -LogonOrUnlock (Pas de fichier)
Task: {33EE4F2F-E94D-41FD-999B-1DA66F5FD916} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Pas de fichier)
Task: {8AD2A389-0504-4CC1-A0E2-1330C5B4AA2C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (Pas de fichier)
Task: {8F736FEA-B64C-4257-A552-669757CC8F3E} - System32\Tasks\Opera scheduled Autoupdate 1632084015 => C:\Users\Leo\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {9193080B-C02E-467F-B504-DC6D922452A1} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (Pas de fichier)
Task: {93781EC0-F440-4F70-8818-E42F4D564AF7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (Pas de fichier)
Task: {93A77EEF-AA55-4D2F-8B81-DEF4C5D216B9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (Pas de fichier)
Task: {97606548-1400-4F18-9FA8-1AB1F93FF515} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (Pas de fichier)
Task: {97F14D07-E186-4E57-AF87-A2BA75A8F8E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (Pas de fichier)
Task: {A1C5CFD0-0088-4595-A130-8C5F9ED0C925} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe -Daily (Pas de fichier)
Task: {A524D62D-0E08-46E6-B8D2-989B697659C2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (Pas de fichier)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B502C6C5-ED14-41E3-AF55-A1F168B66346} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (Pas de fichier)
Task: {C2D34480-704D-4AC7-9F92-FA0DC93D74D9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (Pas de fichier)
Task: {CA4EBF1F-8A55-4649-BF49-80AEC9B4FD56} - \Microsoft\Windows\Setup\EOSNotify2 -> Pas de fichier
Task: {D99B9028-96E9-405D-893C-8CC6F60EF3A6} - \Microsoft\Windows\Setup\EOSNotify -> Pas de fichier
Task: {F0006335-F604-4A90-98DA-6AF5AF3F38E8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (Pas de fichier)
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
CHR Notifications: Default -> hxxps://animedigitalnetwork.fr; hxxps://drive.google.com; hxxps://mail.google.com; hxxps://www.facebook.com; hxxps://www.fnac.com; hxxps://www.liste-serveurs-minecraft.org; hxxps://www.minecraft-france.fr; hxxps://www15a.myrnamooney.pro; hxxps://www48a.tabathaherman.pro
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT","","hxxp://wisersearch.com/?channel=frg","hxxps://www.google.com/?trackid=sp-006","hxxps://www.google.com/" CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
U1 aswbdisk; pas de ImagePath
U3 idsvc; pas de ImagePath
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier
2022-05-03 13:28 - 2022-05-03 13:28 - 000159744 _____ () [Fichier non signé] \\?\C:\Users\Leo\AppData\Local\Temp\1c8db5c4-5a6c-4408-9991-b08a073af778.tmp.node
2022-05-03 13:28 - 2022-05-03 13:28 - 003125248 _____ () [Fichier non signé] \\?\C:\Users\Leo\AppData\Local\Temp\1e8350e6-3865-49c3-8ef3-df980402da2c.tmp.node
2022-05-03 13:28 - 2022-05-03 13:28 - 001234944 _____ () [Fichier non signé] \\?\C:\Users\Leo\AppData\Local\Temp\23d54d13-8a2f-4075-b34a-6e790f97b6bb.tmp.node
2022-05-03 13:28 - 2022-05-03 13:28 - 000506368 _____ () [Fichier non signé] \\?\C:\Users\Leo\AppData\Local\Temp\95c1a374-974a-4931-9637-39c6d8977eeb.tmp.node
EmptyTemp:
end::