start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
Task: {9A909BB2-522D-40E2-BC84-142B95FF5C3C} - System32\Tasks\ASUS Update Checker 2.0 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_e72ab2c70c461382\ASUSSoftwareManager\AsusUpdateChecker.exe (Pas de fichier)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Pas de fichier)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
HKU\S-1-5-21-2391117296-232183445-2925338909-1001\...\MountPoints2: {4ec5ea8c-6dac-11ec-b216-cb2e884afc04} - "D:\OnePlus_setup.exe" /s
Task: {695CEFAF-C872-4181-A0A4-A735BF53A4E8} - System32\Tasks\McAfee\mfewin10switch => c:\ASUS\McAfeeOSDetection\1.7.104\DADUpdater.exe [4089168 2022-02-08] (McAfee, LLC -> McAfee, LLC)
Edge HomePage: Default -> hxxp://www.msn.com/?pc=ASTE
Edge NewTab: Default ->  Active:"chrome-extension://fhfidmlnclkepgapcephbaciajegheco/newtab.html"
Edge DefaultSearchURL: Default -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=edge&addonversion=3.2.0&method=topbar
Edge DefaultSearchKeyword: Default -> ecosia
Edge DefaultSuggestURL: Default -> hxxps://ac.ecosia.org/?q={searchTerms}&type=list&mkt=fr
Edge Extension: (Ecosia Search) - C:\Users\Bérénice\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fhfidmlnclkepgapcephbaciajegheco [2022-03-04]
2022-03-04 17:02 - 2022-03-04 17:02 - 000000000 ____D C:\ProgramData\McAfee
2022-03-04 17:02 - 2022-03-04 17:02 - 000000000 ____D C:\Program Files\Common Files\McAfee
2022-03-04 17:02 - 2022-03-04 17:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
FirewallRules: [{2AAC4A1F-71CE-4905-B72D-1B81BA5DDC53}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_e72ab2c70c461382\ASUSLinkRemote\AsusLinkRemoteAgent.exe => Pas de fichier
FirewallRules: [{F8A78245-FCAA-4386-B532-3934500A43D9}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_e72ab2c70c461382\ASUSLinkRemote\AsusLinkRemoteAgent.exe => Pas de fichier
IE trusted site: HKU\S-1-5-21-2391117296-232183445-2925338909-1001\...\sharepoint.com -> hxxps://lsxschoolo-files.sharepoint.com
InternetURL: C:\Users\Bérénice\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-2391117296-232183445-2925338909-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-2391117296-232183445-2925338909-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe.ApplicationCompany
DeleteKey: HKLM\SOFTWARE\Setup
unlock: C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver)
C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys
unlock: C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationservice.exe
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice)
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationservice.exe
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{695CEFAF-C872-4181-A0A4-A735BF53A4E8[
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{695CEFAF-C872-4181-A0A4-A735BF53A4E8[
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{695CEFAF-C872-4181-A0A4-A735BF53A4E8[
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{695CEFAF-C872-4181-A0A4-A735BF53A4E8[
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{695CEFAF-C872-4181-A0A4-A735BF53A4E8[
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{695CEFAF-C872-4181-A0A4-A735BF53A4E8[
C:\Windows\System32\Tasks\McAfee\mfewin10switch]
c:\ASUS\McAfeeOSDetection\1.7.104\DADUpdater.exe  
C:\WINDOWS\System32\Tasks\McAfee\mfewin10switch 
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
C:\Program Files\Common Files\DynamicAppDownloader\Downloads\OSSwitchService.exe
DeleteKey: HKLM\SOFTWARE\McAfee
DeleteKey: HKLM\SOFTWARE\McAfee.com
DeleteKey: HKLM\SOFTWARE\McAfeeOSDetection
DeleteKey: HKLM\SOFTWARE\McAfeeStub
C:\ProgramData\McAfee
C:\ProgramData\mcafeeintegrationservice
C:\Program Files\Malwarebytes
C:\Users\Bérénice\AppData\Local\mbam
cmd: ipconfig /flushdns
cmd: netsh winsock reset
cmd: netsh advfirewall reset 
cmd: Netsh advfirewall set allprofiles state on
C:\Windows\Temp\ *.* 
C:\Users\CurrentUserName\Appdata\Local\Temp\ *.*
StartBatch:
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
Endbatch:
EmptyTemp:
C:\Windows\SoftwareDistribution\Download\ *
cmd: dism.exe /online /cleanup-image /restorehealth
cmd: sfc /scannow
Reboot:
end::