start::
closeprocesses:
createrestorepoint:
virustotal: C:\Windows\SysWOW64\rundll32.exe
virustotal: C:\WINDOWS\nl.exe
virustotal: C:\Program Files (x86)\MSCaches\Apply\FilesInUse\XXRR85FA5F-5AE7-4FB4-952B-7F02457AAB21\Edge.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
ContextMenuHandlers1: [_MovaviSuite10] -> [CC]{9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} =>  -> Pas de fichier
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:com.affinity.designer.2 [240]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:com.affinity.designer.3 [197]
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
FirewallRules: [{A00F681A-3B1E-40E1-A731-1989B2B98287}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe => Pas de fichier
FirewallRules: [{85731FD0-7D98-463E-8B12-A6B032212C25}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe => Pas de fichier
ProxyServer: [S-1-5-21-2187722912-3222798664-2885332564-1001] => 127.0.0.1:31437
removeproxy:
Edge Notifications: HKU\S-1-5-21-2187722912-3222798664-2885332564-1001 -> hxxps://www.instagram.com; hxxps://www.zone-telechargement.network; hxxps://photos.google.com
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge Notifications: Default -> hxxps://photos.google.com; hxxps://www.instagram.com; hxxps://www.systemed.fr; hxxps://www.zone-telechargement.network
FF Notifications: Mozilla\Firefox\Profiles\qx87u5oa.default-release -> hxxps://triacaffaire.clicforum.fr; hxxps://planetes360.fr; hxxps://forums.futura-sciences.com; hxxps://www.gchange.fr; hxxps://www.l-itineraire.com; hxxps://colab.research.google.com; hxxps://drive.google.com; hxxps://olivier-rocq.pushengage.com; hxxps://twitter.com
S2 TCI2XX; \SystemRoot\System32\drivers\TCI2XX.sys [X]
cmd: sfc /scannow
emptytemp:
end::