SystemRestore: on
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKLM-x32\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Pas de fichier)
HKLM-x32\...\Run: [Backup] => C:\Program Files (x86)\Wondershare\drfone\Addins\Backup\DrFoneBackup.exe /hide (Pas de fichier)
HKU\S-1-5-21-2658046708-696331542-2478491235-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ND\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Pas de fichier)
HKU\S-1-5-21-2658046708-696331542-2478491235-500\...\MountPoints2: {1bf44cfc-2cbf-11eb-8383-d0abd545611c} - "E:\startme.exe"
GroupPolicy: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {8C467B28-2BBF-4268-8295-E9FEB3053E77} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Pas de fichier)
Task: {E216CEC8-C147-405F-8D72-D735DE34024D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Pas de fichier)
Task: {F4EB01D2-0BC4-4911-B1EB-D08C3C6BDF55} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2658046708-696331542-2478491235-1002 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (Pas de fichier)
Task: {B5FFC9D2-CCE6-4CA2-B38B-7FE91BBCBFCF} - System32\Tasks\OneDrive Standalone Update Task-S-1-12-1-3235991928-1201836235-1882932916-1731298099 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Pas de fichier)
Task: {BAE4F64B-7E61-4966-A4C2-5BB72A8E7E47} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2658046708-696331542-2478491235-1002 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Pas de fichier)
Task: {76083428-6FDE-472B-9903-A0E827753A2D} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2658046708-696331542-2478491235-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Pas de fichier)
Task: {E2F90ED4-2D5A-407F-8D48-E3563BF61D35} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe
CHR HKU\S-1-5-21-2658046708-696331542-2478491235-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe [X]
2024-09-29 05:47 - 2024-09-29 05:47 - 001624440 _____ (Tous Les Drivers) C:\Users\Administrateur\Downloads\Mes_Drivers_3.0.4 (3).exe
2024-09-29 05:34 - 2024-09-29 05:34 - 001624440 _____ (Tous Les Drivers) C:\Users\Administrateur\Downloads\Mes_Drivers_3.0.4 (2).exe
2024-09-29 05:30 - 2024-09-29 05:30 - 008917384 _____ (Google LLC) C:\Users\Administrateur\Downloads\ChromeSetup (5).exe
2024-09-29 05:30 - 2024-09-29 05:30 - 008917384 _____ (Google LLC) C:\Users\Administrateur\Downloads\ChromeSetup (4).exe
2024-09-29 05:29 - 2024-09-29 05:29 - 008917384 _____ (Google LLC) C:\Users\Administrateur\Downloads\ChromeSetup (3).exe
2024-09-29 05:29 - 2024-09-29 05:29 - 008917384 _____ (Google LLC) C:\Users\Administrateur\Downloads\ChromeSetup (2).exe
2024-09-25 21:22 - 2024-09-25 21:23 - 000000000 ____D C:\AdwCleaner
2024-09-25 21:22 - 2024-09-25 21:22 - 008790880 _____ (Malwarebytes) C:\Users\Administrateur\Downloads\adwcleaner.exe
2024-09-25 21:20 - 2024-09-25 21:20 - 000000772 _____ C:\Users\Administrateur\Desktop\ZHPFix.txt
2024-09-25 21:16 - 2024-09-25 21:16 - 000414829 _____ C:\Users\Administrateur\Desktop\ZHPDiag.html
2024-09-25 21:10 - 2024-09-25 21:10 - 003539144 _____ (Nicolas Coolman) C:\Users\Administrateur\Downloads\ZHPSuite.exe
2024-09-25 21:10 - 2024-09-25 21:10 - 000000874 _____ C:\Users\Administrateur\Desktop\ZHPSuite.lnk
2024-09-25 20:33 - 2024-09-25 20:51 - 000000000 ____D C:\Users\Administrateur\AppData\Roaming\AVG
2024-09-25 20:32 - 2024-09-25 21:06 - 000000000 ____D C:\ProgramData\AVG
2024-09-25 20:10 - 2024-09-25 20:10 - 002596072 _____ (Malwarebytes) C:\Users\Administrateur\Downloads\MBSetup (3).exe
2024-09-25 20:09 - 2024-09-25 20:09 - 002596072 _____ (Malwarebytes) C:\Users\Administrateur\Downloads\MBSetup (2).exe
2024-09-25 19:58 - 2024-09-25 21:40 - 000330754 _____ C:\Users\Administrateur\Desktop\ZHPDiag.txt
2024-09-25 19:44 - 2024-09-25 21:40 - 000000000 ____D C:\Users\Administrateur\AppData\Roaming\ZHP
2024-09-25 19:44 - 2024-09-25 21:32 - 000000874 _____ C:\Users\Administrateur\Desktop\ZHPDiag.lnk
2024-09-25 19:44 - 2024-09-25 21:10 - 000000000 ____D C:\Users\Administrateur\AppData\Local\ZHP
2024-09-25 19:43 - 2024-09-25 19:43 - 003370696 _____ (Nicolas Coolman) C:\Users\Administrateur\Downloads\ZHPDiag3.exe
2024-09-25 19:43 - 2024-09-25 19:43 - 003370696 _____ (Nicolas Coolman) C:\Users\Administrateur\Downloads\ZHPDiag3 (1).exe
2024-09-22 13:02 - 2024-09-22 13:03 - 000000000 ____D C:\Users\Administrateur\Downloads\MF212w_e-Manual_FR_1
2024-09-15 10:06 - 2024-09-15 10:06 - 1073741824 _____ C:\Users\Administrateur\Downloads\1G (1)
AlternateDataStreams: C:\Users\Administrateur\Desktop\Bachelor Design.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\Bachelor Design.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\caret id lu.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\caret id lu.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\carte id lu.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\carte id lu.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\Facture consultation psychologique Chamoux.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\Facture consultation psychologique Chamoux.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy aout-sept lucile.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy aout-sept lucile.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy fevrier lucile.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy fevrier lucile.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy juillet lucile.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy juillet lucile.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy lucile fevrier.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy lucile fevrier.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy lucile mars1.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy lucile mars1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy lucile mars2.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy lucile mars2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy lucile mars3.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy lucile mars3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy mai lucile.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\facture psy mai lucile.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\Facture Scanner poumon 5.9.24.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\Facture Scanner poumon 5.9.24.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\fortuneo.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\fortuneo.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\recto carte identité.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\recto carte identité.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\relevé note bachelor design.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\relevé note bachelor design.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\Standing order from lucile appart leeds.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\Standing order from lucile appart leeds.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\verso carte identité.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Desktop\verso carte identité.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Downloads\2023 04.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Downloads\2023 04.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Downloads\Atestation Employer.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Downloads\Atestation Employer.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Downloads\ccsetup628.exe:MBAM.Zone.Identifier [215]
AlternateDataStreams: C:\Users\Administrateur\Downloads\Solde tout compte.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Administrateur\Downloads\Solde tout compte.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
EmptyTemp:
cmd: netsh advfirewall reset
cmd: ipconfig /flushdns
cmd: netsh winsock reset