start::
closeprocesses:
createrestorepoint:
defaultuser0 (S-1-5-21-3375461410-1454050851-1953557858-1000 - Limited - Disabled)
CustomCLSID: HKU\S-1-5-21-3375461410-1454050851-1953557858-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => Pas de fichier
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> Pas de fichier
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> Pas de fichier
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
SearchScopes: HKU\S-1-5-21-3375461410-1454050851-1953557858-1001 -> DefaultScope {CB71AAF6-FA5A-4501-B4A9-D213ABBD1322} URL = 
SearchScopes: HKU\S-1-5-21-3375461410-1454050851-1953557858-1001 -> {CB71AAF6-FA5A-4501-B4A9-D213ABBD1322} URL = 
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
GroupPolicy-Firefox: Restriction <==== ATTENTION
Task: {918FAB71-4746-4D99-8220-6FD82D02801E} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery7eEDyQYF => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-01-24] (Microsoft Windows -> Microsoft Corporation) -> -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Users\Utilisateur\AppData\Roaming\discord\wvnS5v.ps1" <==== ATTENTION
Task: {3E270D60-4D1F-401E-B9C4-ABAC23BA8884} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTaskMdKq3BtO => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-01-24] (Microsoft Windows -> Microsoft Corporation) -> -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Users\Utilisateur\AppData\Roaming\DropboxElectron\zH4lFdHbs.ps1" <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (Pas de fichier)
Task: {7AC01EC7-411A-47A3-856D-EA42E9D6251A} - System32\Tasks\Microsoft\Windows\SyncCenter\MJs8tc => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-01-24] (Microsoft Windows -> Microsoft Corporation) -> -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Users\Utilisateur\AppData\Roaming\Adobe\7dCti1.ps1" <==== ATTENTION
Task: {878F7A1A-DD2E-4C03-B0AE-F71D12A4DD0B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe  Display (Pas de fichier)
Task: {93407F19-13F3-4E3F-8586-DE4DF697405A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (Pas de fichier)
Task: {72F5CBA4-84E8-4921-B559-BABF11BCEF9E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (Pas de fichier)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Pas de fichier)
Task: {7F15CC3A-0199-455D-97A7-6FBA941B023B} - System32\Tasks\S-1-5-21-3375461410-1454050851-1953557858-1001\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe  (Pas de fichier)
CHR HKU\S-1-5-21-3375461410-1454050851-1953557858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Utilisateur\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <non trouvé(e)>
CHR HKU\S-1-5-21-3375461410-1454050851-1953557858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3375461410-1454050851-1953557858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ekmeppjgajofkpiofbebgcbohbmfldaf]
CHR HKU\S-1-5-21-3375461410-1454050851-1953557858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKU\S-1-5-21-3375461410-1454050851-1953557858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx [2023-02-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ekmeppjgajofkpiofbebgcbohbmfldaf]
CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
C:\Users\Utilisateur\AppData\Roaming\discord\wvnS5v.ps1
C:\Users\Utilisateur\AppData\Roaming\DropboxElectron
C:\Users\Utilisateur\AppData\Roaming\Adobe
S3 dcpm-notify; "C:\Program Files\Dell\CommandPowerManager\NotifyService.exe" [X]
S4 Dell SupportAssist Remediation; "C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe" [X]
S4 DellClientManagementService; "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe" [X]
S4 DellDigitalDelivery; "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X]
S2 rsSyncSvc; C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe -pn:EPP -lpn:rav_antivirus -url:hxxps://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10 <==== ATTENTION
cmd: netsh advfirewall reset
emptytemp:
end::