start::
CreateRestorePoint:
CloseProcesses:
Hosts:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
AlternateDataStreams: C:\Users\rolob\Desktop\FRST64.exe:SmartScreen [7]
FirewallRules: [{875F011E-B5AA-450A-8D5A-7D28CBA57AA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe => Pas de fichier
FirewallRules: [{29F6E98E-AC8C-473D-918D-697231C732DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe => Pas de fichier
FirewallRules: [{FB0C14CC-EB51-4547-9F2F-A4540EB44DBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PC Building Simulator\PCBS.exe => Pas de fichier
FirewallRules: [{D2F56866-D185-4E41-B140-3C672CB0FADC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PC Building Simulator\PCBS.exe => Pas de fichier
FirewallRules: [UDP Query User{5FC73257-78C4-454C-A094-E5BDE3FEB6E5}D:\mygames\warface my.com\bin64release\game.exe] => (Allow) D:\mygames\warface my.com\bin64release\game.exe => Pas de fichier
FirewallRules: [TCP Query User{149301B9-E280-427A-AE2D-02E7F359B0AC}D:\mygames\warface my.com\bin64release\game.exe] => (Allow) D:\mygames\warface my.com\bin64release\game.exe => Pas de fichier
FirewallRules: [UDP Query User{374A130E-D9D9-4A13-816B-30BEE5D52372}C:\program files\windowsapps\spotifyab.spotifymusic_1.114.475.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.114.475.0_x86__zpdnekdrzrea0\spotify.exe => Pas de fichier
FirewallRules: [TCP Query User{9659728D-295F-47C5-91A3-2EE6495C4977}C:\program files\windowsapps\spotifyab.spotifymusic_1.114.475.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.114.475.0_x86__zpdnekdrzrea0\spotify.exe => Pas de fichier
FirewallRules: [TCP Query User{8FF2CE72-DB81-44EF-99D8-0AEE48110A39}C:\program files\windowsapps\spotifyab.spotifymusic_1.134.694.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.134.694.0_x86__zpdnekdrzrea0\spotify.exe => Pas de fichier
FirewallRules: [UDP Query User{163E677B-C931-498C-A9DA-DF821F400705}C:\program files\windowsapps\spotifyab.spotifymusic_1.134.694.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.134.694.0_x86__zpdnekdrzrea0\spotify.exe => Pas de fichier
C:\Program Files\McAfee
HKU\S-1-5-18\...\Run: [] => [X]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {14E96689-D699-4F45-96BD-1D8553BE0D34} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
HKU\S-1-5-21-2763367709-1061894651-2706440302-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87mjphgwgm1y1zvrq88001320¶m1=y6bdVFVIsvuYsgEClQfz8CTO1Dj3vOna55wzAUXf1mKr6WDUMCiRE9gesQts4H%2FhJIcPxCsIBHR5KvutggSOHnuw8hJMpjza7OYTcx%2B1btUmNtFUnVyhoSYJbfcCfLzpjIkMDaLFD7ZDcK%2Fu%2FXHI9aDsdkRa46pE7lYwZyQvl9UgNobF6evPNVb0iS14yFncIxJLUHzTWHbgq9Xjcwp99ZQqvfACf1F06N1UZSopFfDITYdtWtEZd4Jf4Fjr8Qd6PMhBlk4ELpvt5aBZhrZtCjmVuryHc1xXti7UU4k6%2BWPNQ5yeCgeDwZvDQ2GqkAyv6wyfhwria8A%2Bwrl5xu45nCZC7zBGphX0CCANsO7jdieze%2FXVqPjL9azicznyJT33DXa%2BOGkCoYwarSusGG1Fhw%3D%3D
SearchScopes: HKU\S-1-5-21-2763367709-1061894651-2706440302-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87mjphgwgm1y1zvrq88001320¶m1=y6bdVFVIsvuYsgEClQfz8CTO1Dj3vOna55wzAUXf1mKr6WDUMCiRE9gesQts4H%2FhJIcPxCsIBHR5KvutggSOHhNPrs4oOHk9Uldy1ePlLiJe5k05xqdkZrPD6pzOnJhdE6uzLc2ftLpaL7yqaXYjsWboGLl67Gf0605T%2Bahm%2FU37mCFwWMbRi77RKwBe7QkmThkqUe3s8jfOgWgWT1JZOMAQtfKW2oJthZS2cqzf5CUwjF4fD%2BNRY6eSkJ3CyluEQnQrrC0jI%2FwhRhY4AUQNdGaGC%2FlVQxb4MFv7oqP1O9%2F0uKfsKuBAhvH%2BquJSv8QYmPumKiG3m0O8MpPQZ%2F9leN%2BMg4mKrJykYQOvdyrI0DBRABuUmnTX9Gfi24cuypu%2FqeFhX0g%2FNyUro%2FAahMdtuQ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2763367709-1061894651-2706440302-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-13a3084cd3224556&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2763367709-1061894651-2706440302-1001 -> {2A23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2763367709-1061894651-2706440302-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87mjphgwgm1y1zvrq88001320¶m1=y6bdVFVIsvuYsgEClQfz8CTO1Dj3vOna55wzAUXf1mKr6WDUMCiRE9gesQts4H%2FhJIcPxCsIBHR5KvutggSOHhNPrs4oOHk9Uldy1ePlLiJe5k05xqdkZrPD6pzOnJhdE6uzLc2ftLpaL7yqaXYjsWboGLl67Gf0605T%2Bahm%2FU37mCFwWMbRi77RKwBe7QkmThkqUe3s8jfOgWgWT1JZOMAQtfKW2oJthZS2cqzf5CUwjF4fD%2BNRY6eSkJ3CyluEQnQrrC0jI%2FwhRhY4AUQNdGaGC%2FlVQxb4MFv7oqP1O9%2F0uKfsKuBAhvH%2BquJSv8QYmPumKiG3m0O8MpPQZ%2F9leN%2BMg4mKrJykYQOvdyrI0DBRABuUmnTX9Gfi24cuypu%2FqeFhX0g%2FNyUro%2FAahMdtuQ%3D%3D&p={searchTerms}
Edge HomeButtonPage: HKU\S-1-5-21-2763367709-1061894651-2706440302-1001 -> hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87mjphgwgm1y1zvrq88001320¶m1=y6bdVFVIsvuYsgEClQfz8CTO1Dj3vOna55wzAUXf1mKr6WDUMCiRE9gesQts4H%2FhJIcPxCsIBHR5KvutggSOHhT1MUntDbos3k5jMof9yB%2FxI9n7CFmtO8%2F%2FOPeVmABPODifw8XHDfWDurv9OzSPtlMhCTwSeMmg55ZteCkEPgmkPDRwxeuFd%2Bo9x9YtO%2F7sIiNXaWA0jhIFKRq7RSF5EFXszpFvkVhvEyQ200oMZCl7Yyxwpd1ch2VG30ieXO3Yi%2BuuNKXlyo9tB0vr8Bju%2BFn9qjgOHieAnaNu7IklDgtdyJMRQXnCq%2FarHau6%2BgG9Ulm1PsrmCqKsvH9W0yJCxbSZFbR8QecsPdXoJPha7K9Zt907U%2FljzndtCBnkdJdcDmU3en2s6YoTPmJhmQO%2BbA%3D%3D
Edge Profile: C:\Users\rolob\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-03]
Edge HomePage: Default -> hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87mjphgwgm1y1zvrq88001320¶m1=y6bdVFVIsvuYsgEClQfz8CTO1Dj3vOna55wzAUXf1mKr6WDUMCiRE9gesQts4H%2FhJIcPxCsIBHR5KvutggSOHpyHSHagPWwHEFVjiDQSGEr45kpmPPAK%2FKX%2BiCIyBh1zxZ%2Bth%2BD3ILqk7ktmF6Q%2BI%2BjUhqQRjLbQXuOUU7j5ClG6%2Bt6GTc3o5yTOYc%2FF8ehNRylCrVM5SxCx9ck%2Fe%2B265joTDl7CnXgib0ghPs%2FpKRDuioOZAruZlZjVjLguYqwSKM%2F1Vryv17xUk4k7pVzCyEXo8LPv6vtc6Z1Td8T1yz7Xb127%2BXbBOFKFnfgnbRqO%2Fb2%2BZODYTZFRzDUbwhev08ZxQYIAgKcjLPrppU4xUqMq9iXTKuGgZhqw3Gdo7CrE0f2wO7cODXprZ5LwiSDN%2Bw%3D%3D
Edge StartupUrls: Default -> "hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87mjphgwgm1y1zvrq88001320¶m1=y6bdVFVIsvuYsgEClQfz8CTO1Dj3vOna55wzAUXf1mKr6WDUMCiRE9gesQts4H%2FhJIcPxCsIBHR5KvutggSOHrPusHLxlUcJBqP6%2B8SHqv0xGuW%2B9Ev%2Bfl3NWOSqGY4UZjyHWx45jnl4L9IJq%2FyJH5fPj4KGFFGuC7QNDp48XzzMfv5TIcg8Aoc%2BpX0E%2FYw3jKc0d%2FwvSOqxGUzOn1HTiQor14KgDZmDqtRarFcx4IgLYjJSHICDz1wQPNHdaUNEVcLAS1TdMdBQ3tyNNj3%2BSJVnvtVAsbhr58GKaZrMv%2BYx%2Bcss45raz%2BI7A0t74wYW10Oxs20gi1oNgCVql8s3BeFMz3BNoiYse75oH8WH0hyY34%2Bx7S68Gqvp3IxBSlo1o8YWBtCMvVtK%2F9IkSZpOcg%3D%3D"
FF Homepage: Mozilla\Firefox\Profiles\tl3y1xri.default-release -> hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87mjphgwgm1y1zvrq88001320¶m1=y6bdVFVIsvuYsgEClQfz8CTO1Dj3vOna55wzAUXf1mKr6WDUMCiRE9gesQts4H%2FhJIcPxCsIBHR5KvutggSOHkUElqTEQ4U2RjNfA4EQFPU8ZzlB51JjXOGuqNfQL6RnO5lOuBLdzrNmLrWzao5wjGhPKEqNrMePReEiGX%2BdZ7CiUT7uEoyMdNonHzOKhzWi7MBGn%2FNoPBJWTix0ERxjZY4Lz%2BgDgDMAODeRoWOpTnOW8sT%2BxFG4XHfCUfNtSQhF%2Bij77Tg2U9%2F9iX%2BZ9UuzH5HL17d%2Bj%2F4kGHMy%2F8jkRtW2OWKO8yxcssAwdZ9O%2BZm3mhvDQGu2N%2F2snICAiw4S7mW7sqzmlBWKnzO%2FY8kBqu%2FvSYHVF5qxlI7Ksll3re1Zkb7VxWA5LFZXKx9%2Fwx4BSQ%3D%3D
FF SearchPlugin: C:\Users\rolob\AppData\Roaming\Mozilla\Firefox\Profiles\tl3y1xri.default-release\searchplugins\Yahoo powered search.xml [2020-04-15]
CHR Notifications: Default -> hxxps://aternos.org; hxxps://insider.razer.com; hxxps://mail.google.com; hxxps://twitter.com; hxxps://www.cnetfrance.fr; hxxps://www.facebook.com; hxxps://www.jeux-geographiques.com; hxxps://www.minecraft-france.fr
CHR HomePage: Default -> hxxps://search-startpage.com/?s=acer&m=home&brw=ch
CHR StartupUrls: Default -> "hxxps://search-startpage.com/?s=acer&m=start&brw=ch","hxxps://web-start-page.com/?s=acer&m=start&brw=ch","hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87mjphgwgm1y1zvrq88042719¶m1=y6bdVFVIsvuYsgEClQfz8CTO1Dj3vOna55wzAUXf1mKjwqje6r452G68lGPuJQgnaEcMuVJL2HE4mdp8iuc7hjQfEer01rCUd%2F5Fyr1vWetHHqmeYhVwsfpS5TlqwAbRzoVBucFPba%2FXN0Zdi3Siv4qp5u6Ir8G7R%2BB1gSz2m%2FoXpAB8QXLhHm8ZH2Zod6pI9heWngfKiAQLhjGESRHXSiOFOT%2Brm88X09voenyGFogsph7AKU3NjSa9Vis51b55hlQG6uLiQT1%2Fkg31ly1GE6qMI4HJqL23Ch8FN0DoSiuwR4upgX7XDLibh1tk8p%2FgEYdq8Uk%2BfC7EY%2FZsgZc%2Ffpwbk5w8dyFYvMKMkoWVzw8MDJvj3bDbDnl3ZVrIuyTQSM703MHycu1cr2rHvjk6Ew%3D%3D","hxxps://fr.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87mjphgwgm1y1zvrq88001320¶m1=y6bdVFVIsvuYsgEClQfz8CTO1Dj3vOna55wzAUXf1mKr6WDUMCiRE9gesQts4H%2FhJIcPxCsIBHR5KvutggSOHqaYaJXhrPaHyXxlfrpv%2F6X1g0XCLkQybVlfZd%2Bf5GW%2Flzzu9RsIUIk9U9r%2B%2FUWcappi531QZPuOP%2B4CyW1DAP%2FudZv3onbDzwSCMdcUJyj5ZZiQ8UWGof4UkR4lkm41HUJsUSS9964syOIsS5GlAVnCQTFJsh%2B5X1wPZmq2lZ5kl6Sx%2BWRew0OCN0qTt7zlMNXjIhU8fEoK4DwUol4iZRK8KC%2BY9KLfOHnr3GHkClXPgi8NbOgmj1b76jOStFzc%2BJmdF1rjo%2FtMQKnqkgZS%2B62Q%2BT3RTSDWPJFfuofFhHX%2FZb%2BK8jBUHAJfzi1ol2n5mw%3D%3D"
CHR DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/search?fr=mcafee&type=E210FR91212G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://fr.search.yahoo.com/sugg/gossip/gossip-fr-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR HKLM\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb]
CHR HKU\S-1-5-21-2763367709-1061894651-2706440302-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]
CHR HKU\S-1-5-21-2763367709-1061894651-2706440302-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKU\S-1-5-21-2763367709-1061894651-2706440302-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKU\S-1-5-21-2763367709-1061894651-2706440302-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb]
CHR HKLM-x32\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM-x32\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb]
C:\Windows\Temp\*.*
C:\Users\CurrentUserName\AppData\Local\Temp\*.*
cmd: ipconfig /flushdns
end::