start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\eInstruction Device Manager.lnk [2021-12-07]
ShortcutTarget: eInstruction Device Manager.lnk -> C:\Program Files (x86)\eInstruction\Device Manager\Launch.exe
Startup: C:\Users\salhi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winexe.exe 
Startup: C:\Users\salhi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winfiles [2022-06-09]
Policies: C:\ProgramData\NTUSER.pol: Restriction
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Pas de fichier)
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\salhi1\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb
CHR HKU\S-1-5-21-1280661116-970770358-385692439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] 
CHR HKU\S-1-5-21-1280661116-970770358-385692439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
S2 WindscribeService; "C:\Program Files (x86)\Windscribe\WindscribeService.exe" [X]
R3 nlwt; C:\WINDOWS\System32\drivers\nlwt.sys
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys
S3 WindscribeSplitTunnel; \SystemRoot\system32\DRIVERS\WindscribeSplitTunnel.sys [X]
2022-06-17 18:25 - 2022-06-17 18:25 - 000000000 ____D C:\KPRM
2022-06-16 21:38 - 2022-06-16 21:38 - 000000000 ____D C:\ProgramData\Oracle
2022-06-16 20:54 - 2021-02-13 19:18 - 000000000 ____D C:\Users\salhi1\AppData\Roaming\uTorrent
2022-06-16 20:54 - 2020-12-26 18:11 - 000000000 ____D C:\Users\salhi1\AppData\Roaming\TunnelBear
2021-12-07 12:00 - 2021-12-07 12:00 - 000000411 _____ () C:\Program Files (x86)\Common Files\eInstruction.ini
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gimwrunc.sys:changelist [394]
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll 
HKLM\...\StartupApproved\StartupFolder: => "eInstruction Device Manager.lnk"
EmptyTemp:
cmd: ipconfig /flushdns
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-image /Restorehealth
end::