start::
closeprocesses:
createrestorepoint:
ShellIconOverlayIdentifiers: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Antoine\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Antoine\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Antoine\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Antoine\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Antoine\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Antoine\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Antoine\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Antoine\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Antoine\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Antoine\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
HKU\S-1-5-21-685743703-625321814-3694635990-1004\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-685743703-625321814-3694635990-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162020235202949\...\StartupApproved\Run: => "Chromium" FirewallRules: [UDP Query User{FCD68397-C37C-40E6-B648-F50994744AE2}C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe] => (Allow) C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe Pas de fichier
FirewallRules: [TCP Query User{B176CB8D-4A42-4EC7-AB60-06FA2B2EEF7D}C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe] => (Allow) C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe Pas de fichier
FirewallRules: [UDP Query User{8037ED3D-2DC6-4985-84D1-3360AE2C9CA9}D:\wwz\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) D:\wwz\worldwarz\en_us\client\bin\pc\wwzretailegs.exe Pas de fichier
FirewallRules: [TCP Query User{13C5CFAB-E6A2-45A2-8B7A-62424BCE6228}D:\wwz\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) D:\wwz\worldwarz\en_us\client\bin\pc\wwzretailegs.exe Pas de fichier
FirewallRules: [UDP Query User{1A316739-8552-44C8-9117-838F665FD70D}C:\users\antoine\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\antoine\appdata\roaming\spotify\spotify.exe Pas de fichier
FirewallRules: [TCP Query User{C04465A6-DACB-4026-9FEC-898BDA6D17BF}C:\users\antoine\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\antoine\appdata\roaming\spotify\spotify.exe Pas de fichier
FirewallRules: [UDP Query User{B716FC42-7C4A-4DD3-B014-27AA98F6D781}C:\users\antoine\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\antoine\appdata\roaming\spotify\spotify.exe Pas de fichier
FirewallRules: [TCP Query User{FFA084A7-799D-458A-9CEB-C543486B8B46}C:\users\antoine\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\antoine\appdata\roaming\spotify\spotify.exe Pas de fichier
FirewallRules: [{4A95DE8C-2F57-4744-933C-798FEA8787E8}] => (Allow) D:\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe Pas de fichier
FirewallRules: [{652F0F66-378E-49B2-B0A8-7916A5D158DF}] => (Allow) D:\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe Pas de fichier
FirewallRules: [TCP Query User{B67EB22E-1349-4FC3-925D-2F3141EB4228}C:7\game\aoe2de.exe] => (Allow) C:7\game\aoe2de.exe Pas de fichier
FirewallRules: [UDP Query User{28E57AEB-4364-4EFA-885A-C351BC425085}C:7\game\aoe2de.exe] => (Allow) C:7\game\aoe2de.exe Pas de fichier
FirewallRules: [TCP Query User{73E00ADC-BB63-47CA-BA57-56AE079551C6}C:7\game\battleserver\battleserver.exe] => (Allow) C:7\game\battleserver\battleserver.exe Pas de fichier
FirewallRules: [UDP Query User{1BF5B348-FD2A-411D-B351-93A991D495DC}C:7\game\battleserver\battleserver.exe] => (Allow) C:7\game\battleserver\battleserver.exe Pas de fichier
FirewallRules: [TCP Query User{7BAC576F-67D6-4CD9-9D4F-A921A60D9116}D:\crack\codghosts\call of duty ghosts\iw6sp64_ship.exe] => (Allow) D:\crack\codghosts\call of duty ghosts\iw6sp64_ship.exe Pas de fichier
FirewallRules: [UDP Query User{4BBE4279-A08A-43CB-941F-A8539A3705EF}D:\crack\codghosts\call of duty ghosts\iw6sp64_ship.exe] => (Allow) D:\crack\codghosts\call of duty ghosts\iw6sp64_ship.exe Pas de fichier
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-685743703-625321814-3694635990-1004\...\Run: [Zack] => C:\Users\Antoine\AppData\Local\Zack\update.exe [1842896 2019-07-02] (Dojo Madness GmbH -> )
HKU\S-1-5-21-685743703-625321814-3694635990-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162020235202949\...\Run: [Zack] => C:\Users\Antoine\AppData\Local\Zack\update.exe [1842896 2019-07-02] (Dojo Madness GmbH -> )
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {FB32DF8C-DC86-495B-A9DF-DFA58A04C6D1} URL =
SearchScopes: HKU\.DEFAULT -> {FB32DF8C-DC86-495B-A9DF-DFA58A04C6D1} URL =
SearchScopes: HKU\S-1-5-21-685743703-625321814-3694635990-1004 -> DefaultScope {FB32DF8C-DC86-495B-A9DF-DFA58A04C6D1} URL =
SearchScopes: HKU\S-1-5-21-685743703-625321814-3694635990-1004 -> {FB32DF8C-DC86-495B-A9DF-DFA58A04C6D1} URL =
SearchScopes: HKU\S-1-5-21-685743703-625321814-3694635990-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162020235202949 -> DefaultScope {FB32DF8C-DC86-495B-A9DF-DFA58A04C6D1} URL =
SearchScopes: HKU\S-1-5-21-685743703-625321814-3694635990-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04162020235202949 -> {FB32DF8C-DC86-495B-A9DF-DFA58A04C6D1} URL =
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [Pas de fichier]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [Pas de fichier]
R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)
C:\Program Files (x86)\Wondershare
S3 TNTClientDaemonMS2; C:\Program Files (x86)\GameforgeLoginMS2\daemon.exe [X]
S3 wampapache; "c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe" -k runservice [X]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe wampmysqld [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [X]
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
cmd: DISM /Online /Cleanup-image /Restorehealth
cmd: sfc /scannow
emptytemp:
end::