start:: systemrestore: on closeprocesses: createrestorepoint: Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden CustomCLSID: HKU\S-1-5-21-3679129218-2492701803-4163077832-1002_Classes\CLSID\{0b13c160-74a3-75a7-0821-886ee4b0f6c8}\localserver32 -> "C:\Users\Quentin\OneDrive\Bureau\OG fortnite ERA\FortniteLauncher.exe" -ToastActivated => Pas de fichier CustomCLSID: HKU\S-1-5-21-3679129218-2492701803-4163077832-1002_Classes\CLSID\{3f5d0051-61b8-0f45-6166-996cfb4f914f}\localserver32 -> "C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe" -ToastActivated => Pas de fichier CustomCLSID: HKU\S-1-5-21-3679129218-2492701803-4163077832-1002_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> "C:\Users\Quentin\AppData\Local\0install.net\implementations\sha256new_7ATQFYMYISD5LU42STURHNI33TRSMJBHVQPLEAO3EX4R5WPI6GTQ\DeepL.exe" -ToastActivated => Pas de fichier ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier AlternateDataStreams: C:\desktop.ini:CachedTiles [4840] AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [6858] AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [6858] AlternateDataStreams: C:\ProgramData\rsEngine.config.backup:CF02139FF4 [6858] AlternateDataStreams: C:\ProgramData\xnugqooy.ugm:E5437D12FE [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Badlion Client.lnk:8BD81608B2 [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk:14E057C8D9 [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Dragons.lnk:3B287A9E63 [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:C8B6D970BF [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lecture à distance PS.lnk:9FABCB2CFD [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk:4E42ED6D31 [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [6858] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [6858] AlternateDataStreams: C:\Users\Public\AppData:CSM [482] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4020] HKU\S-1-5-21-3679129218-2492701803-4163077832-1002\Software\Classes\regfile: <==== ATTENTION HKU\S-1-5-21-3679129218-2492701803-4163077832-1002\Software\Classes\.reg: => <==== ATTENTION HKU\S-1-5-21-3679129218-2492701803-4163077832-1002\Software\Classes\.bat: => <==== ATTENTION HKU\S-1-5-21-3679129218-2492701803-4163077832-1002\Software\Classes\.cmd: => <==== ATTENTION HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> Startup: C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2021-11-24] ShortcutTarget: DS4Windows.lnk -> C:\Users\Quentin\OneDrive\Bureau\DS4Windows\DS4Windows.exe (Pas de fichier) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION Task: {6B8DC69C-6E7D-4BD3-B236-6C26AFDF598C} - System32\Tasks\chrome policy => C:\Windows\system32\cmd.exe [323584 2023-11-04] (Microsoft Windows -> Microsoft Corporation) -> /c powershell -WindowStyle Hidden -E "CgAKACQAQQBzAGMAXwBFAG4AYwBTAHQAcgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoAJABSAFYAXwBsAGQAIAA9ACAAIgAyADcAIgA7AAoACgAKACQAbgBqAF8AdgBhAHIAMQA9ACQAbgB1AGwAbAA7AAoAJAB2ADIAXwBQAFIATQAgAD0AIAAiAFcAeQBJADIATgB6AGsAeQBOAH (l'élément de données a 5291 caractères en plus). <==== ATTENTION Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Pas de fichier) Task: {F40B273A-A32B-41D7-9C30-4AD4FA638A49} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (Pas de fichier) Task: {E1F065F1-D85E-4478-9EA1-F6BB5729408E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Pas de fichier) Task: {553AB4A4-8CE7-4D1E-AFDC-8904A1C9B3C8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Pas de fichier) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Pas de fichier) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier] 2023-11-04 20:26 - 2023-11-04 20:26 - 000013716 _____ C:\WINDOWS\system32\Tasks\chrome policy cmd: netsh advfirewall reset emptytemp: end::