start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
S3 MpKslafe9ea04; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9DA2949-ABD3-4A13-9F01-F72F457EB8D3}\MpKslDrv.sys [X]
2022-08-05 16:03 - 2022-08-05 16:03 - 000000000 ____D C:\Users\Pierre\AppData\Local\{79B22AE7-E490-4367-8A30-3AA0C5791FAB}
2022-08-04 17:35 - 2022-08-04 17:35 - 000000000 ____D C:\Users\Pierre\AppData\Local\{B9F9B3D9-1612-4CEC-8D21-F14F584ED7DB}
2022-08-02 18:32 - 2022-08-02 18:32 - 000000000 ____D C:\Users\Pierre\AppData\Local\{18E45CF2-A0BF-40A7-B909-5F2AB617D632}
2022-07-30 06:42 - 2022-07-30 06:42 - 000000000 ____D C:\Users\Pierre\AppData\Local\{BFFB0F21-90DA-4506-A749-92F88B213773}
2022-07-28 16:48 - 2022-07-28 16:48 - 000000000 ____D C:\Users\Pierre\AppData\Local\{8D0CA8C0-E33D-4CDF-95C3-FDF49998D21D}
2022-07-13 22:39 - 2022-07-13 22:39 - 000000000 ____D C:\Users\Pierre\AppData\Local\{967A0D8E-D931-4052-930E-AD4C5A428B8A}
2016-07-05 10:22 - 2018-03-28 15:28 - 003041664 _____ () C:\Users\Pierre\ZHPDiag3.exe
SearchScopes: HKU\S-1-5-21-651286356-1307612687-2307201019-1000 -> DefaultScope {B336F2E4-DEBF-41AB-8DD2-46B500961927} URL =
SearchScopes: HKU\S-1-5-21-651286356-1307612687-2307201019-1000 -> {0865CAB6-2D06-4AF3-B707-3747A77E8410} URL = hxxp://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-651286356-1307612687-2307201019-1000 -> {B336F2E4-DEBF-41AB-8DD2-46B500961927} URL =
MSCONFIG\startupfolder: C:^Users^Pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk => C:\Windows\pss\TRDCReminder.lnk.Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: NBAgent => "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
EmptyTemp:
cmd: ipconfig /flushdns
end::