Start::
CloseProcesses:
CreateRestorePoint:
Removeproxy:
Hosts:
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} =>  -> Pas de fichier
HKU\S-1-5-21-1339820563-475386342-3544726719-1001\...\Run: [EPSDNMON] => "" (Pas de fichier)
HKU\S-1-5-21-1339820563-475386342-3544726719-1001\...\Run: [UpdateStore] => cmd /c powershell -windowstyle hidden cd $env:TEMP; powershell -ep bypass .\SystemServices.ps1 (Pas de fichier)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Pas de fichier]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
Task: {421CD1B7-319D-4C8D-8C74-48DB58928A5C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {616B80FD-2D90-4D48-819A-788AB3EAAA91} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {8280F83D-0D7D-488F-8BB0-A58C712D2957} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {A5620819-8215-4A80-BAF1-367ECC4658CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {D6D873EA-DCE2-4D22-A54E-10742398D8F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {FD1DB9F6-B794-4843-BA82-3B896461D1A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {FF0B0BD7-3A7B-4312-9B58-42B7E5A37F2A} - System32\Tasks\dawr oftEdgeUpdate => C:\Users\Public\dawr.vbs  (Pas de fichier)
Task: {DE0EA827-5D3C-475A-A07E-17899F842727} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe  -sr (Accès refusé) <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (cb672556b38846d7) => ""="Service"
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1339820563-475386342-3544726719-1001\...\MountPoints2: {0bd81eb0-3464-11eb-8382-086266b63cd1} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1339820563-475386342-3544726719-1001\...\MountPoints2: {c22e83b4-8178-11eb-8392-086266b63cd1} - "G:\Setup.exe" 
Startup: C:\Users\claud_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-08-09] () <==== ATTENTION [zéro octet Fichier/Dossier]
InternetURL: C:\Users\claud_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.url -> URL: file:///C:/Users/CLAUD_~1/AppData/Local/Temp/WindowStore.vbs <==== ATTENTION
\updates.url -> URL: file:///C:/Users/CLAUD_~1/AppData/Local/Temp/Brave.vbs <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\...\StartupApproved\Run32: => "Discord"
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe" [X]
S3 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe" [X]
C:\ProgramData\IObit
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
C:\WINDOWS\System32\drivers\AppleLowerFilter.sys
StartRegEdit:
Windows Registry Editor Version 5.00
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\*.update]
"http"=dword:00000002
"https"=dword:00000002
EndRegEdit:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
cmd: netsh winsock reset
Emptytemp: 
End::