start::
closeprocesses:
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-4070781867-1001254659-3968162427-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\theob\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-4070781867-1001254659-3968162427-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\theob\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\Microsoft.Nucleus.exe" => Pas de fichier
CustomCLSID: HKU\S-1-5-21-4070781867-1001254659-3968162427-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\theob\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-4070781867-1001254659-3968162427-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\theob\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-4070781867-1001254659-3968162427-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\theob\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\Microsoft.Nucleus.exe" => Pas de fichier 
IE trusted site: HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\webcompanion.com -> hxxp://webcompanion.com 
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="warm"
EndRegedit:
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\StartupApproved\Run: => "Web Companion" 
FirewallRules: [{A9E12973-1CCB-40BD-857F-0D3EF1CBC89A}] => (Allow) E:\STEAMM\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe => Pas de fichier
FirewallRules: [{CB2339C1-E80A-4311-809B-EC3BA9A18AF8}] => (Allow) E:\STEAMM\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe => Pas de fichier
FirewallRules: [{17426B54-A053-436A-8150-96DFAF58D239}] => (Allow) E:\STEAMM\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe => Pas de fichier
FirewallRules: [{1D0F3206-38F2-4BB8-B2F0-10C0C441122F}] => (Allow) E:\STEAMM\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe => Pas de fichier
FirewallRules: [{4289A6D9-8F50-43FF-AB97-8B4F5F242D92}] => (Allow) E:\STEAMM\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe => Pas de fichier
FirewallRules: [{92AC1E39-3EBC-4B89-B2C5-27EA3DBFC66A}] => (Allow) E:\STEAMM\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe => Pas de fichier
FirewallRules: [TCP Query User{73DE9A1A-681D-41E3-809D-1038A8A38928}E:\games\warzone\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\games\warzone\call of duty modern warfare\modernwarfare.exe => Pas de fichier
FirewallRules: [UDP Query User{12665AA4-39CD-4A25-9DF6-B8B55B2B287E}E:\games\warzone\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\games\warzone\call of duty modern warfare\modernwarfare.exe => Pas de fichier 
FirewallRules: [{70AE3D99-8900-480D-84D7-794AFAAC8030}] => (Allow) E:\STEAMM\steamapps\common\Dead by Daylight\DeadByDaylight.exe => Pas de fichier
FirewallRules: [{77D26488-B9E4-401D-B6F4-4C8CDD4AD915}] => (Allow) E:\STEAMM\steamapps\common\Dead by Daylight\DeadByDaylight.exe => Pas de fichier
FirewallRules: [TCP Query User{447FEEE2-2890-4060-837D-54E3BF85DC2A}E:\games\alienisolation\ai.exe] => (Allow) E:\games\alienisolation\ai.exe => Pas de fichier
FirewallRules: [UDP Query User{AD11E85E-B4DF-44CF-BF93-0362801794D0}E:\games\alienisolation\ai.exe] => (Allow) E:\games\alienisolation\ai.exe => Pas de fichier 
FirewallRules: [{E1E75A0B-7CF5-4A94-B5AE-D4ACEFB41C1E}] => (Allow) C:\Program Files\AMD\CNext\CNext\amddvr.exe => Pas de fichier 
cmd: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
cmd: NET HELPMSG 4201
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Policies\Explorer: [AllowOnlineTips] 0
HKLM\...\Policies\Explorer: [NoThumbnailCache] 1
HKLM\...\Policies\Explorer: [DisableThumbnailCache] 1
HKLM\...\Policies\Explorer: [NoInstrumentation] 1 
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION 
cmd: sfc /scannow
emptytemp:
end::