start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
ShellIconOverlayIdentifiers-x32: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\simon\Documents\facture cartes khanhi.png:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\simon\Documents\facture cartes khanhi.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
IE trusted site: HKU\S-1-5-21-812964863-1615309878-1572459624-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-812964863-1615309878-1572459624-1001\...\sharepoint.com -> hxxps://hevinci-files.sharepoint.com
FirewallRules: [{E8173391-14ED-4659-91AD-397AF0408E97}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe Pas de fichier
FirewallRules: [{7AA6335E-D371-4E9C-8725-9C81AAE83DB7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe Pas de fichier
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {53C59757-2537-4028-A04F-911E0D4FCEA9} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {86742E77-1FC0-4E43-906E-0DE95B75B095} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Tcpip\..\Interfaces\{bc9cd13f-38a2-4c60-87b3-46aa665288b3}: [NameServer] 1.1.1.1,1.0.0.1
SearchScopes: HKU\S-1-5-21-812964863-1615309878-1572459624-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-812964863-1615309878-1572459624-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR Notifications: Default -> hxxps://badoo.com; hxxps://fr.lichess.org; hxxps://lichess.org; hxxps://mail.google.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://app.mystudylife.com/dashboard
CHR NewTab: Default -> Active:"chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=chrome&addonversion=2.1.0
CHR DefaultSearchKeyword: Default -> ecosia
CHR DefaultSuggestURL: Default -> hxxps://ac.ecosia.org/?q={searchTerms}&type=list&mkt=fr
CHR Session Restore: Default -> est activé.
CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
R2 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [116736 2020-01-21] (Stas'M Corp.) [Fichier non signé] <==== ATTENTION (pas de ServiceDLL)
Task: {4FBC9E4C-69CD-4DEB-86F2-8E342CAE09B5} - System32\Tasks\Xapt => C:\Users\simon\AppData\Local\Temp\qtgHt.vbs [Argument = FvURbUACAJ fsyAOxFfwU "{F944A21F-E320-49BB-B09B-F3D6D5EBC38B}"] <==== ATTENTION
Task: {5A6EDED6-8F86-4FF5-B2AA-F8ED300C8FC4} - System32\Tasks\dAJt => C:\Users\simon\AppData\Local\Temp\lmaY.vbs [Argument = FvURbUACAJ fsyAOxFfwU "C:\Users\simon\AppData\Local\Temp\hAaObWTR.bat"] <==== ATTENTION
EmptyTemp:
cmd: ipconfig /flushdns
end::