start:: CreateRestorePoint: cmd: Net stop wuauserv CloseProcesses: Hosts: RemoveProxy: DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NoxMultiPlayer DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\\Software\Microsoft\Windows\CurrentVersion\Run|NoxMultiPlayer] DeleteKey: HKCU\SOFTWARE\f6c4a7ae-abcb-5b7e-ac53-6c20f026dd0e DeleteKey: HKCU\SOFTWARE\fee38e36-bd5c-5f8c-a4c4-29d7f942a22c DeleteKey: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\SOFTWARE\f6c4a7ae-abcb-5b7e-ac53-6c20f026dd0e DeleteKey: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\SOFTWARE\fee38e36-bd5c-5f8c-a4c4-29d7f942a22c DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TranslationStudioShlExt2011 DeleteKey: HKLM\Software\Classes\CLSID\{F6C08E19-DCE1-45B5-A225-E94FADB585DD} DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} DeleteKey: HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 C:\Users\Frouk\AppData\Local\Temp\mat-debug-1180.log C:\Users\Frouk\AppData\Local\Temp\mat-debug-20160.log DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\PROGRA~2\MICROS~2\Office12\OIS.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\PROGRA~2\MICROS~2\Office12\OIS.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\INFOPATH.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\INFOPATH.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\AppData\Roaming\uTorrent Web\utweb.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\AppData\Roaming\uTorrent Web\utweb.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Downloads\FRST64.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Downloads\FRST64.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Desktop\FRST64.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Desktop\FRST64.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Downloads\IPTVSmartersPro-Setup-1.1.1.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Downloads\IPTVSmartersPro-Setup-1.1.1.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\PROGRA~2\MICROS~2\Office12\OIS.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\PROGRA~2\MICROS~2\Office12\OIS.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\INFOPATH.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Office12\INFOPATH.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\AppData\Roaming\uTorrent Web\utweb.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\AppData\Roaming\uTorrent Web\utweb.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Downloads\FRST64.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Downloads\FRST64.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Desktop\FRST64.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Desktop\FRST64.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Downloads\IPTVSmartersPro-Setup-1.1.1.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Frouk\Downloads\IPTVSmartersPro-Setup-1.1.1.exe.ApplicationCompany C:\Users\Frouk\AppData\Roaming\uTorrent Web C:\Users\Frouk\AppData\Local\BitTorrentHelper HKU\S-1-5-21-1698136197-2352247009-3257628520-1001\...\Run: [NoxMultiPlayer] => "D:\Program Files\Nox\bin\MultiPlayerManager.exe" -startSource:auto_start (Pas de fichier) Task: {ABDC8B0B-EB23-4418-B4C0-D7535629B20D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Pas de fichier) S2 ElevationService; C:\ProgramData\Wondershare\wsServices\ElevationService.exe [X] S2 WirelessBackupService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\WirelessBackupService.exe [X] S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [X] S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X] S3 WinDivert1.1; \??\C:\ProgramData\KMSAuto\bin\driver\x64WDV\WinDivert.sys [X] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\119.0.6045.160\Installer\chrmstp.exe [2023-11-17] (Google LLC -> Google LLC) IFEO\osppsvc.exe: [Debugger] rundll32.exe SppExtComObjHook.dll,PatcherMain Task: {E35FF05C-A82A-480D-9905-3CDA347CEB8F} - System32\Tasks\GoogleUpdateTaskMachineCore{75577C4A-5DDF-49C7-A518-CA171DB179C4} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-05-01] (Google LLC -> Google LLC) Task: {49306EB9-C620-4701-B0A3-E285F963198F} - System32\Tasks\GoogleUpdateTaskMachineUA{23D3D573-FE10-441C-BA44-6DBA132102CF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-05-01] (Google LLC -> Google LLC) Task: {B6B34A7A-9229-4117-9C13-A0367B7D1745} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-11-23] (Mozilla Corporation -> Mozilla Foundation) Task: {AC519B1D-54B2-477E-8241-3F7C7D86D59C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {0D08CA48-2FF6-493E-8513-1C43359C04AD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {33777620-7CF7-40F0-A659-3872768459FC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [170496 2023-10-11] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe CHR HKLM\...\Chrome\Extension: [lbojggafdepnclikhiapkpinbfdhbdoi] CHR HKLM-x32\...\Chrome\Extension: [lbojggafdepnclikhiapkpinbfdhbdoi] CustomCLSID: HKU\S-1-5-21-1698136197-2352247009-3257628520-1001_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> "C:\Users\Frouk\AppData\Local\0install.net\implementations\sha256new_7ATQFYMYISD5LU42STURHNI33TRSMJBHVQPLEAO3EX4R5WPI6GTQ\DeepL.exe" -ToastActivated => Pas de fichier AlternateDataStreams: C:\Users\Frouk\Downloads\Attestation accueil Vicky 2022_1.jpeg:3or4kl4x13tuuug3Byamue2s4b [85] AlternateDataStreams: C:\Users\Frouk\Downloads\Attestation accueil Vicky 2022_1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Frouk\Downloads\Attestation accueil Vicky 2022_2.jpeg:3or4kl4x13tuuug3Byamue2s4b [85] AlternateDataStreams: C:\Users\Frouk\Downloads\Attestation accueil Vicky 2022_2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Frouk\Downloads\Justificatif paiement timbre fiscal.jpeg:3or4kl4x13tuuug3Byamue2s4b [85] AlternateDataStreams: C:\Users\Frouk\Downloads\Justificatif paiement timbre fiscal.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Frouk\Downloads\Timbre fiscal.jpeg:3or4kl4x13tuuug3Byamue2s4b [85] AlternateDataStreams: C:\Users\Frouk\Downloads\Timbre fiscal.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk C:\Users\Frouk\AppData\Roaming\Microsoft\Word\39221_5_WP_10.1_Draft%20PIP%204_French_Updated310459970660219122\39221_5_WP_10.1_Draft%20PIP%204_French_Updated.docx.lnk C:\Users\Frouk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kprm_2.15.lnk C:\Users\Frouk\AppData\Roaming\Microsoft\Excel\51162011_EM_1120_2.xlsx310715662179001427\51162011_EM_1120_2.xlsx.xlsx.lnk cmd: chkdsk cmd: Net start wuauserv Reboot: end::