start::
closeprocesses:
createrestorepoint:
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com 
IE trusted site: HKU\S-1-5-21-324553761-3106424349-3813218798-1001\...\webcompanion.com -> hxxp://webcompanion.com 
FirewallRules: [UDP Query User{7BFA0366-4FB3-4083-82F4-94368477F935}E:\setup\data\codwaw.exe] => (Block) E:\setup\data\codwaw.exe => Pas de fichier
FirewallRules: [TCP Query User{E3F6CD84-C921-431F-B7F6-F2364D399324}E:\setup\data\codwaw.exe] => (Block) E:\setup\data\codwaw.exe => Pas de fichier
FirewallRules: [UDP Query User{FCC1DF65-7EE8-4F23-9BE4-629ABBC6AFDF}D:\jeux\steamapps\common\total war rome ii\rome2.exe] => (Block) D:\jeux\steamapps\common\total war rome ii\rome2.exe => Pas de fichier
FirewallRules: [TCP Query User{D2BF8FD6-4725-4561-977C-77BC9196AEBE}D:\jeux\steamapps\common\total war rome ii\rome2.exe] => (Block) D:\jeux\steamapps\common\total war rome ii\rome2.exe => Pas de fichier
FirewallRules: [{9D1B6875-FA9A-432E-A5F0-C1C14BF6BCD9}] => (Allow) D:\jeux\steamapps\common\Total War Rome II\launcher\launcher.exe => Pas de fichier
FirewallRules: [{6D8D1373-CD10-4DBD-9CFF-BBA9351BC41C}] => (Allow) D:\jeux\steamapps\common\Total War Rome II\launcher\launcher.exe => Pas de fichier
FirewallRules: [UDP Query User{A77144E9-C775-49E1-A782-90C101623ABB}D:\jeux\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) D:\jeux\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe => Pas de fichier
FirewallRules: [TCP Query User{E64662D8-AE6E-49C6-831D-B4449F02073B}D:\jeux\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) D:\jeux\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe => Pas de fichier 
FirewallRules: [{197AC816-8CFB-4119-8052-B24A8C693965}] => (Allow) C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe => Pas de fichier
FirewallRules: [{F6F93FF3-6648-421A-B6E8-ECB946DB9F3C}] => (Allow) C:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe => Pas de fichier 
FirewallRules: [{351F746D-5E7B-45DD-85DE-4416FB846E98}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe => Pas de fichier
FirewallRules: [{D9228F63-B132-4219-96EC-E6D1FD152E2B}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe => Pas de fichier
FirewallRules: [{9F22832B-9A19-4C56-81E0-C0B67161D2F8}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe => Pas de fichier
FirewallRules: [{999AA604-C394-4BB5-BB0F-A36D6553C562}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe => Pas de fichier 
FirewallRules: [{2432374C-50A2-4F03-8EAF-00E0C282871A}] => (Allow) D:\jeux\Assassin's Creed Brotherhood\ACBSP.exe => Pas de fichier
FirewallRules: [{C45FB3A4-3BEC-4807-A1AF-C4F6E3DC1160}] => (Allow) D:\jeux\Assassin's Creed Brotherhood\ACBSP.exe => Pas de fichier
FirewallRules: [{9A058C06-A866-426C-BD48-864538190600}] => (Allow) D:\jeux\Assassin's Creed Brotherhood\ACBMP.exe => Pas de fichier
FirewallRules: [{805764CE-AE90-4B47-B199-E0D98AB576A4}] => (Allow) D:\jeux\Assassin's Creed Brotherhood\ACBMP.exe => Pas de fichier
FirewallRules: [TCP Query User{56EB59EC-3870-4742-9668-AA1379ADB6A8}D:\jeux\medal of honor\mp\mohmpgame.exe] => (Allow) D:\jeux\medal of honor\mp\mohmpgame.exe => Pas de fichier
FirewallRules: [UDP Query User{DAB7DAA7-CF9E-4E75-86CC-D763DA11F0F2}D:\jeux\medal of honor\mp\mohmpgame.exe] => (Allow) D:\jeux\medal of honor\mp\mohmpgame.exe => Pas de fichier
FirewallRules: [{0751ABFD-62BD-4734-99F8-CB0FE3F96035}] => (Allow) D:\jeux\Assassin's Creed Revelations\ACRSP.exe => Pas de fichier
FirewallRules: [{AB84A94A-4C51-47C9-B854-091634BE5EE7}] => (Allow) D:\jeux\Assassin's Creed Revelations\ACRSP.exe => Pas de fichier
FirewallRules: [{15FC8B33-1BB7-4623-A26D-D76E0B377FCD}] => (Allow) D:\jeux\Assassin's Creed Revelations\ACRPR.exe => Pas de fichier
FirewallRules: [{00EB20F8-1928-4A74-8B06-ECAB6999391D}] => (Allow) D:\jeux\Assassin's Creed Revelations\ACRPR.exe => Pas de fichier
FirewallRules: [{F3CEFF03-AA46-414D-9479-16A747DE21AD}] => (Allow) D:\jeux\Assassin's Creed Revelations\ACRMP.exe => Pas de fichier
FirewallRules: [{AC1F7750-5FC1-4F7E-B002-0E34B4462853}] => (Allow) D:\jeux\Assassin's Creed Revelations\ACRMP.exe => Pas de fichier 
FirewallRules: [{D2A8F097-8EF4-41D3-A22F-193028771450}] => (Allow) C:\Program Files (x86)\steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => Pas de fichier
FirewallRules: [{3E178EC8-00FC-4567-BDDE-702EFA5A9CA5}] => (Allow) C:\Program Files (x86)\steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => Pas de fichier
FirewallRules: [{DE2921DF-5E7D-4A9D-BB30-53DEF2FBCBAE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => Pas de fichier
FirewallRules: [{24776BD1-3116-47A3-8DE8-48D47AC19D7B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => Pas de fichier
FirewallRules: [{D7E1729C-BCCC-4291-8D84-A7876D831C5F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => Pas de fichier
FirewallRules: [{D9D4C971-00D2-4271-8DC9-91A3E19EE3AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => Pas de fichier 
HKU\S-1-5-21-324553761-3106424349-3813218798-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-02-18] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft) 
C:\Program Files (x86)\Lavasoft
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {27A3244F-FCC7-42C6-B80E-845217DF886E} - System32\Tasks\App Explorer => C:\Users\adrie\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7241624 2018-12-12] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION 
C:\Users\adrie\AppData\Local\Host App Service
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] 
CHR DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/search?fr=mcafee&type=E210FR91213G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://fr.search.yahoo.com/sugg/gossip/gossip-fr-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms} 
C:\Users\adrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
C:\Users\adrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam]
emptytemp:
end::