start::
closeprocesses:
createrestorepoint:
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> Pas de fichier
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> Pas de fichier
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> Pas de fichier
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> Pas de fichier
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Pas de fichier
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Pas de fichier
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> Pas de fichier
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> Pas de fichier
AlternateDataStreams: C:\ProgramData:err [1602]
AlternateDataStreams: C:\Users\All Users:err [1602]
AlternateDataStreams: C:\ProgramData\Application Data:err [1602]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log:F107EE40EF [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log_backup1:2DD1EC5C91 [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer2.log:CCB2353F35 [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer2.log_backup1:0544EFE2DB [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer3.log:8A1F56CED6 [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer3.log_backup1:A473474DD2 [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer4.log:3B2EC2BDEF [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer4.log_backup1:DC5D04D24A [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer5.log:84BD5AAA09 [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer5.log_backup1:038079845B [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer6.log:4C1811BCCA [3434]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer6.log_backup1:AC11A713EE [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à jour de Windows 10.lnk:628A25EA7E [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [3434]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490]
SearchScopes: HKU\.DEFAULT -> DefaultScope {F9176637-CF6A-42D8-A12E-3C1A091A9598} URL =
SearchScopes: HKU\.DEFAULT -> {F9176637-CF6A-42D8-A12E-3C1A091A9598} URL =
SearchScopes: HKU\S-1-5-21-2718715299-2838987772-912226498-1001 -> DefaultScope {F9176637-CF6A-42D8-A12E-3C1A091A9598} URL =
SearchScopes: HKU\S-1-5-21-2718715299-2838987772-912226498-1001 -> {F9176637-CF6A-42D8-A12E-3C1A091A9598} URL =
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
EndRegedit:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe
Task: {76B8D7D0-DF19-4F22-983E-6EDA1CC77D52} - System32\Tasks\Opera scheduled Autoupdate 1638578146 => C:\Users\marzu\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {95024FCB-2CA9-4C04-B27B-49FB59B19A9D} - System32\Tasks\Opera scheduled Autoupdate 1652473247 => C:\Users\marzu\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {AF1F5E91-2FBD-4AB8-886E-6B0906B2DD49} - \Opera scheduled assistant Autoupdate 1652473249 -> Pas de fichier <==== ATTENTION
Task: {F85D4B40-E2E4-43EB-84B9-7870FCB3BDDE} - \Opera scheduled assistant Autoupdate 1638578148 -> Pas de fichier <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
C:\Users\marzu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmpchkfhgoclkajbifladignhbanjdk
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [21916208 2021-05-27] (Mail.Ru LLC -> LLC Mail.Ru)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
2022-10-07 16:36 - 2022-10-08 18:10 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2022-10-07 16:36 - 2022-10-08 18:09 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-10-07 16:36 - 2022-10-07 16:36 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\marzu\Downloads\spybotsd-2.7.64.0.exe
2022-10-07 16:36 - 2022-10-07 16:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2022-10-07 16:36 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2022-10-07 15:25 - 2022-10-07 15:25 - 000000000 ____D C:\Users\marzu\OneDrive\Documents\TotalAV
2022-10-07 15:23 - 2022-10-07 15:23 - 000000000 ____D C:\ProgramData\TotalAV
2022-10-07 15:22 - 2022-10-07 15:22 - 057016112 _____ C:\Users\marzu\Downloads\TotalAV.exe
emptytemp:
end::