start::
closeprocesses:
createrestorepoint:
SearchScopes: HKU\S-1-5-21-3083996861-2605643528-1981300126-1001 -> DefaultScope {4B5DBAD9-B7A5-409E-96EA-A000355813CB} URL =
SearchScopes: HKU\S-1-5-21-3083996861-2605643528-1981300126-1001 -> {4B5DBAD9-B7A5-409E-96EA-A000355813CB} URL =
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1188.1 - AVG Technologies) Hidden
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3083996861-2605643528-1981300126-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKLM\...\StartupApproved\Run: => "WebDiscoverBrowser"
FirewallRules: [TCP Query User{53346B07-F692-4D3E-B85C-CD538519ED0B}C:\program files\ldplayerbox\ldvboxheadless.exe] => (Allow) C:\program files\ldplayerbox\ldvboxheadless.exe => Pas de fichier
FirewallRules: [UDP Query User{8B14E5DA-4606-4912-A760-FB049659C30A}C:\program files\ldplayerbox\ldvboxheadless.exe] => (Allow) C:\program files\ldplayerbox\ldvboxheadless.exe => Pas de fichier
FirewallRules: [{c5cd0b96-1f4f-4e13-85f7-8e9e1c471290}] => (Allow) C:\Program Files\ldplayerbox\LdVBoxHeadless.exe => Pas de fichier
FirewallRules: [{5c0ba67f-7494-4e75-96d7-4a3a02098b53}] => (Allow) C:\Program Files\ldplayerbox\LdVBoxHeadless.exe => Pas de fichier
BootExecute: autocheck autochk * Partizan
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {32DFE34C-32B0-4355-98BE-8F1033C738C4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" <==== ATTENTION
Task: {A76A5301-9225-40CA-8C09-DD509C43BD5A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Pas de fichier)
Task: {C080056C-CE50-4A9D-B9B8-F076F257672D} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (Pas de fichier)
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://free-message.services; hxxps://icxfa.special-news.online; hxxps://pu2hy.special-news.online
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
C:\WINDOWS\system32\default_error_stack*.txt
emptytemp:
end::