start::
CreateRestorePoint:
CloseProcesses:
Hosts:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKU\S-1-5-21-660192444-2652047586-1493063670-1001\...\StartupApproved\Run: => "HPSEU_Host_Launcher"
HKU\S-1-5-21-660192444-2652047586-1493063670-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-660192444-2652047586-1493063670-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-660192444-2652047586-1493063670-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-660192444-2652047586-1493063670-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_C33057595A7B48DF107C51B3DDA00D9F"
FirewallRules: [{9EC198FF-E9B8-45DF-B85A-2E279F473E90}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => Pas de fichier
C:\Program Files\Common Files\McAfee
KU\S-1-5-21-660192444-2652047586-1493063670-1001\...\MountPoints2: {b6a00434-60c8-11eb-81ad-b068e6944c42} - "E:\DTLplus_Launcher.exe" 
2022-04-15 12:43 - 2022-04-15 12:43 - 000002405 _____ C:\Users\hsimp\AppData\Roaming\Microsoft\Windows\Start Menu\WickrMe.lnk
2022-04-15 12:43 - 2022-04-15 12:43 - 000002403 _____ C:\Users\hsimp\Desktop\WickrMe.lnk
2022-04-15 12:40 - 2022-04-15 12:43 - 000000000 ____D C:\Users\hsimp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WickrMe
2022-04-15 12:40 - 2022-04-15 12:40 - 000000000 ____D C:\Users\hsimp\AppData\Roaming\Wickr, LLC
2022-04-10 19:04 - 2022-04-12 01:08 - 000000000 ____D C:\Users\hsimp\Desktop\Kavinsky - Reborn (2022)
2022-04-08 01:18 - 2022-04-21 23:36 - 000000000 ____D C:\Users\hsimp\Desktop\kav
2022-04-08 00:57 - 2022-04-19 00:47 - 000000000 ____D C:\Users\hsimp\Downloads\Kavinsky - Reborn (2022)
2022-04-06 00:15 - 2022-04-06 00:15 - 060520922 _____ C:\Users\hsimp\Downloads\Jessica.zip
2022-04-21 23:18 - 2020-01-06 19:21 - 000000000 ____D C:\Users\hsimp\AppData\Roaming\tox
2022-04-11 22:50 - 2021-09-02 21:08 - 000000000 ____D C:\Program Files\Common Files\AV
(cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Dism.exe
(Dism.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\Temp\E2ABEDF0-2129-4844-8F0C-E30FEBD40BAA\DismHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
Task: {26014D21-A64C-43E6-9EED-5A79A8CD0A65} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {59881B28-24C2-4FA8-95A7-6FECAF24B173} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh winsock reset
cmd: sfc /scannow
end::