start::
closeprocesses:
createrestorepoint:
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION 
HKU\S-1-5-21-3596324890-512145192-3689164997-1001\...\Run: [com.blitz.app] => C:\Users\Paul\AppData\Local\Programs\Blitz\Blitz.exe --autostart (Pas de fichier) 
HKU\S-1-5-21-3596324890-512145192-3689164997-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (Pas de fichier)
HKU\S-1-5-21-3596324890-512145192-3689164997-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" (Pas de fichier)
HKU\S-1-5-21-3596324890-512145192-3689164997-1001\...\Policies\Explorer: [NoSecurityTab] 1 
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
GroupPolicy\User: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION 
Task: {E24B102B-FB9D-496B-86D8-FE212D0FBE85} - System32\Tasks\Opera scheduled Autoupdate 1570628626 => D:\Users\Paul\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier) 
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] 
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mofbpbiajdaikdgmonifmegnchlklaeh
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier 
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log:F107EE40EF [3314]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log_backup1:2DD1EC5C91 [10]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer10.log:CCC93B07B0 [10]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer10.log_backup1:AD433BF298 [10]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer11.log:72C8986B20 [3314]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer11.log_backup1:97A90964FA [10]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer12.log:C40F6B9209 [3314]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer12.log_backup1:7CC29836A6 [3314]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer13.log:AE3C879266 [3314]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer13.log_backup1:AF8AA3CDC1 [3314]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer14.log:DE1448F4D7 [3314]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer14.log_backup1:D61270D3FD [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [10]
AlternateDataStreams: C:\Users\Paul\Application Data:a71eda622791298bf432424e2ed8fdad [394]
AlternateDataStreams: C:\Users\Paul\AppData\Roaming:a71eda622791298bf432424e2ed8fdad [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482] 
HKU\S-1-5-21-3596324890-512145192-3689164997-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__200118__yaie 
IE trusted site: HKU\S-1-5-21-3596324890-512145192-3689164997-1001\...\webcompanion.com -> hxxp://webcompanion.com 
HKU\S-1-5-21-3596324890-512145192-3689164997-1001\...\StartupApproved\Run: => "Chromium" 
HKU\S-1-5-21-3596324890-512145192-3689164997-1001\...\StartupApproved\Run: => "btweb"
HKU\S-1-5-21-3596324890-512145192-3689164997-1001\...\StartupApproved\Run: => "Web Companion" 
cmd: netsh advfirewall reset
emptytemp:
end::