start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\Claude\Programs\Adblock\Adblock.exe
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="warm"
EndRegedit:
Task: {E65ADE29-16BF-4B80-BE90-C41BFAD9FBF1} - \Firefox Default Browser Agent 95750FA7FAF9DE34 -> Pas de fichier <==== ATTENTION
Task: {EB2D8FF0-1536-4E51-8816-5FCA20BB4916} - \Firefox Default Browser Agent 0E309D495E3D8B6C -> Pas de fichier <==== ATTENTION
Task: {FAC5D809-51BE-4322-8E34-B626B930BCD1} - \Firefox Default Browser Agent F3364F31A6B5E287 -> Pas de fichier <==== ATTENTION
OPR Notifications: Opera Stable -> hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://mail-notification.info; hxxps://mnthor.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://supertopfreegames.com; hxxps://www.pinterest.fr; hxxps://zarabotok-online.xyz
OPR DefaultSearchURL: Opera Stable -> hxxps://find-it.pro/search?q={searchTerms}
OPR DefaultSearchKeyword: Opera Stable -> find-it.pro
C:\Users\Claude\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk
C:\Users\Claude\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\npiclhkkbgabhapklngkpahnaafkgpne
2022-09-27 18:52 - 2022-09-28 19:02 - 000000000 ___DC C:\Program Files (x86)\MCYGDcGEHxUn
2022-09-27 18:51 - 2022-09-28 17:12 - 000000000 ___DC C:\Program Files (x86)\jPDVFKipU
2022-09-27 16:50 - 2022-09-28 19:02 - 000000000 ___DC C:\Program Files (x86)\LwwnfqzUtnUn
2022-09-27 15:08 - 2022-09-28 19:02 - 000000000 ___DC C:\Users\Claude\AppData\Local\60223306-7f95-424c-b35e-edba33ff5f19
2022-09-27 15:08 - 2022-09-27 15:08 - 000000000 ___DC C:\ProgramData\Alcarass 2.9
2022-09-27 15:07 - 2022-09-28 19:02 - 000000000 ___DC C:\Users\Claude\AppData\Roaming\xsPoOL
2022-09-27 15:07 - 2022-09-28 19:02 - 000000000 ___DC C:\Users\Claude\AppData\Roaming\5bXys2aH1sh
2022-09-27 15:07 - 2022-09-28 19:02 - 000000000 ___DC C:\Users\Claude\AppData\Roaming\2WEME
2022-09-27 15:07 - 2022-09-27 15:08 - 000000000 ___DC C:\Users\Claude\AppData\Roaming\BFMWirQNm7
2022-09-27 15:07 - 2022-09-27 15:07 - 000000000 ___DC C:\Users\Claude\AppData\Roaming\B00241F55B6914BC
2022-09-27 15:06 - 2022-09-28 19:02 - 000000000 ___DC C:\Users\Claude\AppData\Local\9064ef94-a497-4c0e-ae25-81c6f7443aa8
cmd: type C:\Users\Claude\_readme.txt
emptytemp:
end::