start::
CreateRestorePoint:
CloseProcesses:
Hosts:
HKU\S-1-5-21-2329939366-1119321428-1415691552-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2329939366-1119321428-1415691552-1001\...\MountPoints2: {66ef067e-99d7-11ea-95f3-e86f38578c82} - "E:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-14] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1ebcf593-1352-4bd3-9f68-3978ee916f93} - pas de chemin du fichier
Task: {1F26709D-932F-424E-9957-E65185F95C42} - System32\Tasks\Driver Booster SkipUAC (Tony) => C:\Program Files (x86)\IObit\Driver Booster\7.2.0\DriverBooster.exe /skipuac (Pas de fichier)
Task: {3774D673-9661-4759-A240-BA70EF45415E} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\7.2.0\AutoUpdate.exe /auto (Pas de fichier)
C:\Program Files (x86)\IObit
Task: {4255c047-9b4c-49d9-a20c-3a67c2e218f5} - pas de chemin du fichier
Task: {47002BAA-EC48-4267-8C4B-B7894E0ACAA7} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\7.2.0\Scheduler.exe /scheduler (Pas de fichier)
Task: {524DF0C2-7DB4-41FF-9657-855223381CDC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {62D30B81-F6B9-44AE-AC56-0A5122030E34} - System32\Tasks\Software Updater SkipUAC(Tony) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe /SkipUac (Pas de fichier) <==== ATTENTION
Task: {71c8c784-233e-4f8e-afbd-c33872a6e26a} - pas de chemin du fichier
Task: {7DD47099-95C2-4B0C-BEEB-7B99A8F03FB0} - System32\Tasks\RTSS => C:\Program Files (x86)\Logiciels\RivaTuner Statistics Server\RTSS.exe /s (Pas de fichier)
Task: {c0b7d60d-ed5a-4e77-acd7-428607b94398} - pas de chemin du fichier
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://www.yandex.ru/?win=471&clid=2341035-18
FF SearchPlugin: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20212707.xml [2021-01-07]
CHR HKU\S-1-5-21-2329939366-1119321428-1415691552-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]
CHR HKU\S-1-5-21-2329939366-1119321428-1415691552-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjmpfdkmpojoeemjmfiddlhkkndcdpno]
S3 mracsvc; C:\Windows\System32\mracsvc.exe [20536992 2020-11-03] (Mail.Ru LLC -> LLC Mail.Ru)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [19767024 2020-11-03] (Mail.Ru LLC -> LLC Mail.Ru)
2021-12-29 15:23 - 2021-12-29 18:46 - 000000000 ____D C:\Users\Tony\AppData\Roaming\ZHP
2021-12-29 15:23 - 2021-12-29 15:23 - 003478168 _____ (Nicolas Coolman) C:\Users\Tony\Downloads\ZHPSuite.exe
2021-12-29 15:23 - 2021-12-29 15:23 - 000000000 ____D C:\Users\Tony\AppData\Local\ZHP
2021-12-24 10:41 - 2020-05-24 12:37 - 000000000 ____D C:\Users\Tony\AppData\Local\BitTorrentHelper
2021-12-24 10:41 - 2020-05-24 12:36 - 000000000 ____D C:\Users\Tony\AppData\Roaming\uTorrent
2021-12-24 00:20 - 2021-11-15 22:11 - 000000000 ____D C:\Users\Tony\AppData\LocalLow\uTorrent
ShellIconOverlayIdentifiers: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Tony\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Tony\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Tony\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_a41f71ab3b5175b6\OptaneShellExt.dll [2020-06-18] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Tony\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Tony\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Tony\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Tony\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => -> Pas de fichier
ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Pas de fichier
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Tony\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Tony\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3506]
BHO: Pas de nom -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Pas de fichier
BHO: Pas de nom -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Pas de fichier
BHO-x32: DIALux Browser Helper Object -> {F586CB96-7091-42ec-9829-F5D5CE65AFC1} -> C:\Program Files (x86)\DIALux\Dialux.BHO_x86.dll => Pas de fichier
FirewallRules: [UDP Query User{DA5902BE-3F7F-4562-B3ED-C17601DC1380}C:\users\tony\appdata\local\championify\app-2.0.7\championify.exe] => (Allow) C:\users\tony\appdata\local\championify\app-2.0.7\championify.exe => Pas de fichier
FirewallRules: [TCP Query User{0DDF2223-87A2-41C3-95CF-03D8E1F829D0}C:\users\tony\appdata\local\championify\app-2.0.7\championify.exe] => (Allow) C:\users\tony\appdata\local\championify\app-2.0.7\championify.exe => Pas de fichier
FirewallRules: [UDP Query User{6910A4DF-BF66-4150-AB05-B56588A46A76}D:\tony\games\planet centuari\planetcentauri.exe] => (Allow) D:\tony\games\planet centuari\planetcentauri.exe => Pas de fichier
FirewallRules: [TCP Query User{0731D502-EE2B-418B-9F81-A5675C95158C}D:\tony\games\planet centuari\planetcentauri.exe] => (Allow) D:\tony\games\planet centuari\planetcentauri.exe => Pas de fichier
FirewallRules: [UDP Query User{229C222D-D5B4-44B9-B71A-E944F0307EB5}D:\tony\games\kena bridge of spirits\kena\binaries\win64\kena-win64-shipping.exe] => (Allow) D:\tony\games\kena bridge of spirits\kena\binaries\win64\kena-win64-shipping.exe => Pas de fichier
FirewallRules: [TCP Query User{804D7C19-1F3D-487A-8F7B-9A1E058D47C8}D:\tony\games\kena bridge of spirits\kena\binaries\win64\kena-win64-shipping.exe] => (Allow) D:\tony\games\kena bridge of spirits\kena\binaries\win64\kena-win64-shipping.exe => Pas de fichier
FirewallRules: [UDP Query User{039BF63E-358A-4810-BFBE-C4A1E7653C34}D:\tony\games\mha beyond - alpha v-0.053-1\mhabeyond\binaries\win64\mhabeyond.exe] => (Allow) D:\tony\games\mha beyond - alpha v-0.053-1\mhabeyond\binaries\win64\mhabeyond.exe => Pas de fichier
FirewallRules: [TCP Query User{188A8A35-A875-4D4A-9E54-8892E233866F}D:\tony\games\mha beyond - alpha v-0.053-1\mhabeyond\binaries\win64\mhabeyond.exe] => (Allow) D:\tony\games\mha beyond - alpha v-0.053-1\mhabeyond\binaries\win64\mhabeyond.exe => Pas de fichier
FirewallRules: [UDP Query User{98502819-9A17-4127-A142-4D7CBA743B3A}D:\tony\games\icarus.beta\icarus\icarus\binaries\win64\icarus-win64-shipping.exe] => (Allow) D:\tony\games\icarus.beta\icarus\icarus\binaries\win64\icarus-win64-shipping.exe => Pas de fichier
FirewallRules: [TCP Query User{7BCDF388-7B19-430F-9524-321820CC55E1}D:\tony\games\icarus.beta\icarus\icarus\binaries\win64\icarus-win64-shipping.exe] => (Allow) D:\tony\games\icarus.beta\icarus\icarus\binaries\win64\icarus-win64-shipping.exe => Pas de fichier
FirewallRules: [UDP Query User{01BBD9B6-296B-4ADC-A321-1ACBC42F600F}D:\tony\games\house party\houseparty.exe] => (Allow) D:\tony\games\house party\houseparty.exe => Pas de fichier
FirewallRules: [TCP Query User{4B475143-5407-4C17-B0BF-156C67E7079D}D:\tony\games\house party\houseparty.exe] => (Allow) D:\tony\games\house party\houseparty.exe => Pas de fichier
FirewallRules: [UDP Query User{A98FF4EE-7739-4F6C-943E-E60A40CB30D4}D:\tony\games\aot_v0.09_release\swammysaot\binaries\win64\aot_v02-win64-shipping.exe] => (Allow) D:\tony\games\aot_v0.09_release\swammysaot\binaries\win64\aot_v02-win64-shipping.exe => Pas de fichier
FirewallRules: [TCP Query User{20C6CF27-4242-42ED-ABAA-32E4D48336D1}D:\tony\games\aot_v0.09_release\swammysaot\binaries\win64\aot_v02-win64-shipping.exe] => (Allow) D:\tony\games\aot_v0.09_release\swammysaot\binaries\win64\aot_v02-win64-shipping.exe => Pas de fichier
FirewallRules: [{DF1FC8B3-3EDC-4C9C-A7BF-BF6DF9A3772D}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => Pas de fichier
FirewallRules: [UDP Query User{E7CAAA44-6736-4EDC-BADB-33EFDF3DC24A}C:\users\tony\appdata\local\programs\opera gx\77.0.4054.275\opera.exe] => (Allow) C:\users\tony\appdata\local\programs\opera gx\77.0.4054.275\opera.exe => Pas de fichier
FirewallRules: [TCP Query User{319235D3-8C94-4C50-ADC9-9F848A5DF56C}C:\users\tony\appdata\local\programs\opera gx\77.0.4054.275\opera.exe] => (Allow) C:\users\tony\appdata\local\programs\opera gx\77.0.4054.275\opera.exe => Pas de fichier
FirewallRules: [UDP Query User{19751E85-64A9-46CB-8166-810FDE432DE6}D:\tony\games\breakwaters.beta\breakwatersbeta\breakwaters.exe] => (Allow) D:\tony\games\breakwaters.beta\breakwatersbeta\breakwaters.exe => Pas de fichier
FirewallRules: [TCP Query User{63975201-3DF4-49D6-A038-B6496BE0083F}D:\tony\games\breakwaters.beta\breakwatersbeta\breakwaters.exe] => (Allow) D:\tony\games\breakwaters.beta\breakwatersbeta\breakwaters.exe => Pas de fichier
FirewallRules: [UDP Query User{EC18AC44-B2D4-4214-967C-AB7A4D8941B4}D:\logiciels\charles crack v4.6.1\charles.exe] => (Allow) D:\logiciels\charles crack v4.6.1\charles.exe => Pas de fichier
FirewallRules: [TCP Query User{26E897F4-6A80-4B26-B886-D7D891B8E15F}D:\logiciels\charles crack v4.6.1\charles.exe] => (Allow) D:\logiciels\charles crack v4.6.1\charles.exe => Pas de fichier
FirewallRules: [UDP Query User{5A55E49E-4426-4FAE-BCD2-0DAFA3878CE4}C:\jeux\beamng.drive.v0.23.early.access\beamng.drive.v0.23.early.access\bin64\beamng.drive.x64.exe] => (Allow) C:\jeux\beamng.drive.v0.23.early.access\beamng.drive.v0.23.early.access\bin64\beamng.drive.x64.exe => Pas de fichier
FirewallRules: [TCP Query User{DCBDCEF8-1F55-415F-935D-32A6C658C64E}C:\jeux\beamng.drive.v0.23.early.access\beamng.drive.v0.23.early.access\bin64\beamng.drive.x64.exe] => (Allow) C:\jeux\beamng.drive.v0.23.early.access\beamng.drive.v0.23.early.access\bin64\beamng.drive.x64.exe => Pas de fichier
FirewallRules: [UDP Query User{5CB1398F-DE2E-4278-BC4A-D8348F004F07}C:\jeux\beamng.drive.v0.23.early.access\beamng.drive.v0.23.early.access\bin64\beamng.drive.x64.exe] => (Allow) C:\jeux\beamng.drive.v0.23.early.access\beamng.drive.v0.23.early.access\bin64\beamng.drive.x64.exe => Pas de fichier
FirewallRules: [TCP Query User{B041019B-9D83-4AAA-9EB2-C3919F382BFC}C:\jeux\beamng.drive.v0.23.early.access\beamng.drive.v0.23.early.access\bin64\beamng.drive.x64.exe] => (Allow) C:\jeux\beamng.drive.v0.23.early.access\beamng.drive.v0.23.early.access\bin64\beamng.drive.x64.exe => Pas de fichier
FirewallRules: [UDP Query User{886EFDE7-BD07-4205-9410-6E5673C82315}D:\tony\games\teardown.v0.7.2\teardown.v0.7.2\teardown.exe] => (Allow) D:\tony\games\teardown.v0.7.2\teardown.v0.7.2\teardown.exe => Pas de fichier
FirewallRules: [TCP Query User{FC370F1E-F262-4682-B377-7DE8F1190DC9}D:\tony\games\teardown.v0.7.2\teardown.v0.7.2\teardown.exe] => (Allow) D:\tony\games\teardown.v0.7.2\teardown.v0.7.2\teardown.exe => Pas de fichier
FirewallRules: [UDP Query User{8DFAC383-7F17-4463-A7B5-D55007833AC0}D:\tony\games\people.playground.v1.18.1\people playground.exe] => (Allow) D:\tony\games\people.playground.v1.18.1\people playground.exe => Pas de fichier
FirewallRules: [TCP Query User{F9ADBC17-BCE2-4A8D-87A9-66485D1E8A18}D:\tony\games\people.playground.v1.18.1\people playground.exe] => (Allow) D:\tony\games\people.playground.v1.18.1\people playground.exe => Pas de fichier
FirewallRules: [UDP Query User{F23F21F4-96AC-444D-99E8-8AC6748B7E99}D:\tony\games\forza.horizon.4.ultimate.edition.steam.rip-insaneramzes\forzahorizon4\forzahorizon4.exe] => (Allow) D:\tony\games\forza.horizon.4.ultimate.edition.steam.rip-insaneramzes\forzahorizon4\forzahorizon4.exe => Pas de fichier
FirewallRules: [TCP Query User{4CAA1514-38ED-426E-A1E9-135C2AD8CD01}D:\tony\games\forza.horizon.4.ultimate.edition.steam.rip-insaneramzes\forzahorizon4\forzahorizon4.exe] => (Allow) D:\tony\games\forza.horizon.4.ultimate.edition.steam.rip-insaneramzes\forzahorizon4\forzahorizon4.exe => Pas de fichier
FirewallRules: [UDP Query User{775CEDF9-8F7D-4D95-8DE4-4733F2E2B87B}C:\jeux\noita\noita.exe] => (Allow) C:\jeux\noita\noita.exe => Pas de fichier
FirewallRules: [TCP Query User{65F347B6-6044-4B51-92FB-172224B532CF}C:\jeux\noita\noita.exe] => (Allow) C:\jeux\noita\noita.exe => Pas de fichier
FirewallRules: [{39B61A59-81DD-430E-8047-34BB0711E329}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{53CACA61-06E0-4BCD-8FBB-1858E4D3D129}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{EA419310-1E2F-4AC0-996D-06465D3665C0}D:\tony\games\the forest v1.12\theforest.exe] => (Allow) D:\tony\games\the forest v1.12\theforest.exe => Pas de fichier
FirewallRules: [UDP Query User{9B7BA01A-1AED-4584-8EF6-5C504C5D464A}D:\tony\games\the forest v1.12\theforest.exe] => (Allow) D:\tony\games\the forest v1.12\theforest.exe => Pas de fichier
FirewallRules: [TCP Query User{4DCE301E-6DCC-4D05-B16F-502E8949DD40}C:\jeux\bcml zelda botw\pythonw.exe] => (Allow) C:\jeux\bcml zelda botw\pythonw.exe => Pas de fichier
FirewallRules: [UDP Query User{6F7A7700-3D8F-4FEE-B917-E8B380F28721}C:\jeux\bcml zelda botw\pythonw.exe] => (Allow) C:\jeux\bcml zelda botw\pythonw.exe => Pas de fichier
FirewallRules: [TCP Query User{5C26CA0B-D4D4-444E-AB98-837FACF6D240}C:\jeux\starcitizen\live\bin64\starcitizen.exe] => (Allow) C:\jeux\starcitizen\live\bin64\starcitizen.exe => Pas de fichier
FirewallRules: [UDP Query User{D28F97C9-3FA4-4867-AC91-3D54389542D2}C:\jeux\starcitizen\live\bin64\starcitizen.exe] => (Allow) C:\jeux\starcitizen\live\bin64\starcitizen.exe => Pas de fichier
EmptyTemp:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh winsock reset
cmd: sfc /scannow
end::