start::
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe
HKU\S-1-5-21-3717643553-1120456715-2055298086-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\aswidsagent.exe" [X]
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DBCA11FA-88D7-4E01-942C-A35458753108}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{638F1263-009A-4E7C-A31D-19456A9AD415}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C871754F-A203-4C41-ABB2-F9CBC4E3904D}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{2ABD5C62-413A-4674-9A91-5ADE831C2BAE}C:\games\world_of_tanks\worldoftanks.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{D8090BD9-DD67-4661-9312-A90ED4DAA662}C:\games\world_of_tanks\worldoftanks.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{77596A1C-14E0-4326-BD88-10686D0B998D}C:\games\world_of_tanks\wotlauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{A4798CA8-C9F5-4F34-A85F-C829057F0821}C:\games\world_of_tanks\wotlauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D42040E9-E1A4-457C-9D10-3869790C5B49}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A0852193-A2D6-48AF-9DBC-6F0282A280B5}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{495135F6-29DD-4DDC-AA39-18F23FBE1331}C:\games\world_of_warships\wowslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{F6901EC1-C3C4-4F5A-9B1A-2D51FF13E138}C:\games\world_of_warships\wowslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{98C499C8-2C18-4E09-9E49-BF9393FCE960}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{66D51002-9078-4B0C-83BC-27A9ACCD3180}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{205FA2B7-34A5-47B3-8B45-9218CEC1027D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{93FBE37C-2592-424D-ADFC-747D33F337A8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{D495C21B-40BE-4332-B874-C270B37BE1EA}C:\program files (x86)\star trek online_fr\star trek online\live\x64\gameclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{9A5B195C-4313-4BE7-B6FF-87BBC291F3EE}C:\program files (x86)\star trek online_fr\star trek online\live\x64\gameclient.exe
C:\WINDOWS\Installer\14688057.msp
C:\WINDOWS\Installer\1546a928.msp
C:\WINDOWS\Installer\18ee9a8.msp
C:\WINDOWS\Installer\2cb6fa.msp
C:\WINDOWS\Installer\300d29ec.msp
C:\WINDOWS\Installer\34947716.msp
C:\WINDOWS\Installer\3851d10.msp
C:\WINDOWS\Installer\420cd550.msp
C:\WINDOWS\Installer\4439445c.msp
C:\WINDOWS\Installer\49ac43c.msp
C:\WINDOWS\Installer\5c9ff65.msp
C:\WINDOWS\Installer\686f8b5.msp
C:\WINDOWS\Installer\85954c.msp
C:\WINDOWS\Installer\a9bdf35.msp
C:\WINDOWS\Installer\a9eb10c.msp
C:\WINDOWS\Installer\e83b3a.msp
C:\WINDOWS\Installer\fb0d096.msp
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu)
DeleteKey: HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}
DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu)
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu)
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\001
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\002
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\003
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\004
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\005
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\006
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\007
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\008
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\009
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\010
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\011
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\012
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\013
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\014
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\015
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\016
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\017
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\018
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\019
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\020
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\021
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\022
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\023
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\024
C:\Users\Johann\AppData\Local\Google\Chrome\User Data\Default\File System\025
C:\Program Files\KMSpico
ShellIconOverlayIdentifiers: [
 MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Johann\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
 MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Johann\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [
 MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Johann\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
 MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Johann\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
 MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Johann\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [
 MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Johann\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Johann\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Johann\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
Task: {3135E484-C952-4ADD-9028-2F8DAD91DAC2} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
EmptyTemp:
end::