start::
SystemRestore: on
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (Pas de fichier)
Startup: C:\Users\salhi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winexe.exe [2022-06-29]
Startup: C:\Users\salhi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winfiles [2022-10-09]
Task: {085BD6CA-751E-49FF-93C1-18829CF64B22} - System32\Tasks\UsbFix Monitor => C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe
Task: {175870FD-96CB-4E91-8DD8-356CE999FCFE} - System32\Tasks\PowerToys\Autorun for salhi1 => C:\Program Files\PowerToys\PowerToys.exe
Task: {AAF1D2F3-B38C-4400-A822-52DF00EB31D9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC Reboot (Pas de fichier)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Pas de fichier)
CHR HKU\S-1-5-21-1280661116-970770358-385692439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2022-11-09 21:30 - 2022-09-10 19:02 - 000000000 ____D C:\ProgramData\usb-set
2022-11-09 21:30 - 2022-09-10 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB-set
2022-11-09 21:30 - 2022-09-10 19:02 - 000000000 ____D C:\Program Files (x86)\USB-set
2022-11-06 20:18 - 2022-10-03 16:08 - 000000000 ____D C:\Program Files\Epic Games
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> Pas de fichier
HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [102400 2007-03-08]
AlternateDataStreams: C:\AMD:err [1508]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7322]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKU\S-1-5-21-1280661116-970770358-385692439-1001\Software\Classes\regfile: 
HKU\S-1-5-21-1280661116-970770358-385692439-1001\Software\Classes\.reg: => 
HKU\S-1-5-21-1280661116-970770358-385692439-1001\Software\Classes\.bat: => 
HKU\S-1-5-21-1280661116-970770358-385692439-1001\Software\Classes\.cmd: => 
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\StartupApproved\StartupFolder: => "Winexe.exe"
HKU\S-1-5-21-1280661116-970770358-385692439-1001\...\StartupApproved\Run: => "NordVPN"
EmptyTemp:
cmd: ipconfig /flushdns
cmd: sfc /scannow
end::