CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2027290184-1426980810-2324477913-1002\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\grégory\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2027290184-1426980810-2324477913-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\grégory\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2027290184-1426980810-2324477913-1002\...\RunOnce: [Uninstall 20.201.1005.0009\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\grégory\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64"
HKU\S-1-5-21-2027290184-1426980810-2324477913-1002\...\RunOnce: [Uninstall 20.201.1005.0009] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\grégory\AppData\Local\Microsoft\OneDrive\20.201.1005.0009"
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2027290184-1426980810-2324477913-1002\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {30C7E190-FE23-45CB-8C5F-20027D0C10DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
Task: {395CA822-A83B-4CBA-A329-465317C488EA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {3A98FDD8-C3AD-451C-95CE-3F659F082371} - pas de chemin du fichier
Task: {40156679-89B6-4CE7-8FF3-B386A9A61A3A} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2027290184-1426980810-2324477913-1002 -> Pas de fichier <==== ATTENTION
Task: {41E4BA36-DDC2-4D2B-80BC-3E6194DDA02F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {431428FA-D173-4684-AC4E-9537346556D6} - System32\Tasks\Sunrise => C:\WINDOWS\TEMP\CUpdater\s3us..exe <==== ATTENTION
Task: {6A74897D-10BE-45C9-8AB6-8994C3FD5D5E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {84987F0C-268B-48D8-9015-11B74F711402} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {85009550-749D-44E8-9BF5-DB9F6BD71339} - System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 => C:\Users\GRGORY~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe -> /INSTALL /dwlurl=http://vzbucket.clara-labs.com/3c91fcc2-ce59-42b3-b901-f68079520898/build/1.36.1.25/1068c92a-e71e-417a-beb8-ff6c250c11ff.exe /zdata=appinstanceuid%3de8fb9ce5-7ea6-4465-801d-3b63c0e3d8ec%26appkey%3d3c91fcc2-ce59-42b3-b901-f68079520898  /bagkey=aNZJUAbP  /configurationfields=325 /configid=7 --make-default-browser=true -AppInstanceUid=E8FB9CE5-7EA6-4465-801D-3B63C0E3D8EC <==== ATTENTION
Task: {8567ED7A-9AF3-4402-9402-731FCE05230D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {9AE31794-01C8-4E44-9CC5-FEB50CB12B2C} - \CGN -> Pas de fichier <==== ATTENTION
Task: {9CE3653B-3187-4E81-8B0F-3D3FAA5AA792} - \brbrw_5606 -> Pas de fichier <==== ATTENTION
Task: {A2661FF0-7D0E-47E3-9CE1-0F781A5DE9BF} - System32\Tasks\updateTask => c:\task.vbs
Task: {B0037F8F-177B-49CD-81B4-4188BA3AFAF6} - \2pP -> Pas de fichier <==== ATTENTION
Task: {B14B0717-A9AD-46DC-BE16-BC5C8AECA518} - pas de chemin du fichier
Task: {B25A4DC3-E58C-4250-ABD3-422C9A29C05B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {B5D57D2F-729B-4ED7-A19A-3C8B5F2320CB} - \WPD\SqmUpload_S-1-5-21-2027290184-1426980810-2324477913-1002 -> Pas de fichier <==== ATTENTION
Task: {BCF6C717-8306-4160-948B-A25E6CEEE7DA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {D2A22E88-9335-4B55-9C92-A614361C0092} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {DC0422A0-52B7-4AF8-8EF3-E955A9DA1656} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {E22725BE-7A97-4BA8-801A-2CEDDDE5D658} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {FD946C0D-CE00-4BD6-A4DF-E05414752C8F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: C:\WINDOWS\Tasks\82xnBVC4cNYrfYx0nEuVlz.job => C:\Users\grgory\AppData\Roaming\82xnBVC4cNYrfYx0nEuVlz.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\cOLp0c4dqzXpLGu25bHrD0N.job => C:\Users\grgory\AppData\Roaming\cOLp0c4dqzXpLGu25bHrD0N.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GUYBwyI8g9MN.job => C:\Users\grgory\AppData\Roaming\GUYBwyI8g9MN.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\lUFUOufE4b2t3Vz2OwBFgdJ.job => C:\Users\grgory\AppData\Roaming\lUFUOufE4b2t3Vz2OwBFgdJ.exe <==== ATTENTION
C:\Users\grgory\AppData\Roaming\lUFUOufE4b2t3Vz2OwBFgdJ.exe
C:\Users\grgory\AppData\Roaming\cOLp0c4dqzXpLGu25bHrD0N.exe
C:\Users\grgory\AppData\Roaming\82xnBVC4cNYrfYx0nEuVlz.exe
C:\Users\grgory\AppData\Roaming\GUYBwyI8g9MN.exe
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn => non trouvé(e)
FF HKU\S-1-5-21-2027290184-1426980810-2324477913-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => non trouvé(e)
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-2027290184-1426980810-2324477913-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-2027290184-1426980810-2324477913-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\Exts\Chrome.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
2015-04-19 13:20 - 2015-10-31 23:17 - 000000626 _____ () C:\Users\grégory\AppData\Roaming\82xnBVC4cNYrfYx0nEuVlz
2015-04-19 13:20 - 2015-10-31 23:23 - 000000626 _____ () C:\Users\grégory\AppData\Roaming\cOLp0c4dqzXpLGu25bHrD0N
2015-04-19 13:20 - 2015-11-05 20:49 - 000000626 _____ () C:\Users\grégory\AppData\Roaming\GUYBwyI8g9MN
2019-08-04 16:46 - 2019-08-04 16:46 - 000000000 _____ () C:\Users\grégory\AppData\Local\{328ABEFC-ECEE-4B5B-A581-01FF12538152}
2019-08-04 16:46 - 2019-08-04 16:46 - 000000000 _____ () C:\Users\grégory\AppData\Local\{5C6C49A5-7413-4BD9-AC88-06F1674FB19C}
AV: Norton Internet Security (Disabled - Out of date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Internet Security (Disabled - Out of date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Norton Internet Security (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Norton Internet Security (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Internet Security (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Internet Security (Disabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
Norton Online Backup ARA (HKLM-x32\...\NARA) (Version: 4.1.0.14 - Symantec Corporation) Hidden
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]
HKU\S-1-5-21-2027290184-1426980810-2324477913-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2027290184-1426980810-2324477913-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_secureddownload_18_20_05&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwingy%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAyE0FyCtCtByBzzyDtD0FtN0D0Tzu0StBtAtByDtN1L2XzuyEtFtByEtFtDtFzytBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDtCyEtB0EtByBtGtC0CyEtAtG0DyC0F0EtGtAzy0F0EtGyEyB0B0EyBtD0Ezy0AtD0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1QyCtCzy1SyCyEtGzy1RyC1OtGyEyB1S1PtG1StD1SyBtGyC1RyEzy1Q1PzyyEtBtB1S1S2QtN0A0LzutDtN1B2Z1V1T1S1NzutCyByEtBtAtN1Q2Z1B1P1RzutCyDtByCtAtDtDzzyCtB%26cr%3D843466935%26a%3Dbgy_secureddownload_18_20_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2027290184-1426980810-2324477913-1002 -> {44B5B01C-88C9-4D3B-928B-56C0819E111E} URL = 
SearchScopes: HKU\S-1-5-21-2027290184-1426980810-2324477913-1002 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_secureddownload_18_20_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwingy%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAyE0FyCtCtByBzzyDtD0FtN0D0Tzu0StBtAtByDtN1L2XzuyEtFtByEtFtDtFzytBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDtCyEtB0EtByBtGtC0CyEtAtG0DyC0F0EtGtAzy0F0EtGyEyB0B0EyBtD0Ezy0AtD0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz1QyCtCzy1SyCyEtGzy1RyC1OtGyEyB1S1PtG1StD1SyBtGyC1RyEzy1Q1PzyyEtBtB1S1S2QtN0A0LzutDtN1B2Z1V1T1S1NzutCyByEtBtAtN1Q2Z1B1P1RzutCyDtByCtAtDtDzzyCtB%26cr%3D843466935%26a%3Dbgy_secureddownload_18_20_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2027290184-1426980810-2324477913-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKLM - Pas de nom - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Pas de fichier
FirewallRules: [UDP Query User{84DD6263-6771-4103-A843-2F0B435F7EB6}C:\users\grégory\appdata\local\temp\rar$exa0.391\age2_x1\age2_x1.exe] => (Block) C:\users\grégory\appdata\local\temp\rar$exa0.391\age2_x1\age2_x1.exe => Pas de fichier
FirewallRules: [TCP Query User{40570720-B131-482E-8907-6689753BC44F}C:\users\grégory\appdata\local\temp\rar$exa0.391\age2_x1\age2_x1.exe] => (Block) C:\users\grégory\appdata\local\temp\rar$exa0.391\age2_x1\age2_x1.exe => Pas de fichier
FirewallRules: [UDP Query User{99F68B36-F213-4E31-A0D2-1E7D30B7382F}C:\users\grégory\appdata\local\temp\rar$exa0.187\age2_x1\age2_x1.exe] => (Allow) C:\users\grégory\appdata\local\temp\rar$exa0.187\age2_x1\age2_x1.exe => Pas de fichier
FirewallRules: [TCP Query User{5E7C5869-2CFE-4258-BAE6-03BC935C92A9}C:\users\grégory\appdata\local\temp\rar$exa0.187\age2_x1\age2_x1.exe] => (Allow) C:\users\grégory\appdata\local\temp\rar$exa0.187\age2_x1\age2_x1.exe => Pas de fichier
FirewallRules: [UDP Query User{4E704F93-F7E6-4460-9E1B-D64A1E05AF52}C:\users\grégory\appdata\local\temp\rar$exa0.374\age2_x1\age2_x1.exe] => (Allow) C:\users\grégory\appdata\local\temp\rar$exa0.374\age2_x1\age2_x1.exe => Pas de fichier
FirewallRules: [TCP Query User{12E2B14D-18CF-4143-B25F-DEA00C21C8DB}C:\users\grégory\appdata\local\temp\rar$exa0.374\age2_x1\age2_x1.exe] => (Allow) C:\users\grégory\appdata\local\temp\rar$exa0.374\age2_x1\age2_x1.exe => Pas de fichier
FirewallRules: [UDP Query User{37BFBB3D-A313-4518-8F74-0215BEDC18D0}G:\crack\pes2013.exe] => (Allow) G:\crack\pes2013.exe => Pas de fichier
FirewallRules: [TCP Query User{8EF8F9D6-86DD-401E-87A0-5368717D5A10}G:\crack\pes2013.exe] => (Allow) G:\crack\pes2013.exe => Pas de fichier
FirewallRules: [UDP Query User{6C3BD51D-055C-401E-8ADB-90D4E904DF20}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [TCP Query User{0570416D-1413-47FD-A30A-1FA42B56D97F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [UDP Query User{EBFD96BE-D322-4C2F-A3B6-A4AEEE198C3B}C:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe] => (Block) C:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe => Pas de fichier
FirewallRules: [TCP Query User{136D8192-6A3B-42FF-BC28-832FA7DCF49C}C:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe] => (Block) C:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe => Pas de fichier
FirewallRules: [UDP Query User{FA9B31F1-67FB-4802-902E-2E43FA908539}E:\worms_revolution-flt\worms revolution\wormsrevolution.exe] => (Block) E:\worms_revolution-flt\worms revolution\wormsrevolution.exe => Pas de fichier
FirewallRules: [TCP Query User{9BF9D7A6-8D98-4543-9515-B4531FEE1F56}E:\worms_revolution-flt\worms revolution\wormsrevolution.exe] => (Block) E:\worms_revolution-flt\worms revolution\wormsrevolution.exe => Pas de fichier
FirewallRules: [UDP Query User{14C8F8AE-B89B-4829-A892-BA1991A8AF67}C:\users\grégory\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\grégory\appdata\roaming\cacaoweb\cacaoweb.exe => Pas de fichier
FirewallRules: [TCP Query User{3B964101-A2EB-4548-9F6E-668F8F07C913}C:\users\grégory\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\grégory\appdata\roaming\cacaoweb\cacaoweb.exe => Pas de fichier
FirewallRules: [{C6527551-C61F-4485-9A32-F4CA4CC4956D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => Pas de fichier
FirewallRules: [TCP Query User{8843A23D-6359-479B-8510-A88C0D7A4B0D}C:\games\grand theft auto iv\gta iv eflc\eflc.exe] => (Allow) C:\games\grand theft auto iv\gta iv eflc\eflc.exe => Pas de fichier
FirewallRules: [UDP Query User{9EF6DD2B-3EE7-4520-AEAC-EE89C2F7695B}C:\games\grand theft auto iv\gta iv eflc\eflc.exe] => (Allow) C:\games\grand theft auto iv\gta iv eflc\eflc.exe => Pas de fichier
FirewallRules: [{80114CC2-7053-4871-AFAB-1D24C09DE84B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Pas de fichier
FirewallRules: [{836E88DF-2120-4B89-A08D-2F1F64917EFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Pas de fichier
FirewallRules: [{9D1B8FAC-2950-4A38-8086-240FDD86E331}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => Pas de fichier
FirewallRules: [{EB2F55F9-C8C8-4E2D-88B5-75A558688BAB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => Pas de fichier
FirewallRules: [{2AF9436A-954F-446B-A401-BC8C59142CAB}] => (Allow) E:\Crack\pes2013.exe => Pas de fichier
FirewallRules: [{5739644F-9A3A-4DC0-B177-2B266E7AF17F}] => (Allow) E:\Crack\pes2013.exe => Pas de fichier
FirewallRules: [{EFA7C9F1-6514-41CE-83C2-17084F3F4158}] => (Allow) C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe => Pas de fichier
FirewallRules: [TCP Query User{0447C623-EF55-4082-B757-A20F534AE7CF}F:\crack\pes2013.exe] => (Allow) F:\crack\pes2013.exe => Pas de fichier
FirewallRules: [UDP Query User{1D570F57-4E9B-43ED-B22B-C2C5CBE16B5B}F:\crack\pes2013.exe] => (Allow) F:\crack\pes2013.exe => Pas de fichier
FirewallRules: [TCP Query User{2BA815A6-ECEC-4CFA-9E51-6D68BD7A0A06}C:\users\grégory\desktop\cacaoweb.exe] => (Allow) C:\users\grégory\desktop\cacaoweb.exe (CACAOWEB Ltd -> )
FirewallRules: [UDP Query User{D1C5E297-1818-4E2B-8FF9-B9DF98B61184}C:\users\grégory\desktop\cacaoweb.exe] => (Allow) C:\users\grégory\desktop\cacaoweb.exe (CACAOWEB Ltd -> )
FirewallRules: [TCP Query User{1DC6B4F1-E99C-418A-A6F8-C45C0758108E}C:\users\grégory\appdata\local\temp\rar$exa0.849\age2_x1\age2_x1.exe] => (Block) C:\users\grégory\appdata\local\temp\rar$exa0.849\age2_x1\age2_x1.exe => Pas de fichier
FirewallRules: [UDP Query User{F6B902D9-785F-4084-8C82-5EB11FA46B47}C:\users\grégory\appdata\local\temp\rar$exa0.849\age2_x1\age2_x1.exe] => (Block) C:\users\grégory\appdata\local\temp\rar$exa0.849\age2_x1\age2_x1.exe => Pas de fichier
FirewallRules: [TCP Query User{920EC8BE-156C-4540-9B44-31B55B393DB0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Pas de fichier
FirewallRules: [UDP Query User{A4B6EE1F-0A71-4488-88CE-1FC319FE3F85}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Pas de fichier
FirewallRules: [TCP Query User{FB45A440-6DD9-4881-8873-6EE6262A32C3}C:\users\grégory\downloads\cacaoweb (1).exe] => (Allow) C:\users\grégory\downloads\cacaoweb (1).exe (CACAOWEB Ltd -> )
FirewallRules: [UDP Query User{C606B5FE-C0D3-41B3-9D9D-117C1837672F}C:\users\grégory\downloads\cacaoweb (1).exe] => (Allow) C:\users\grégory\downloads\cacaoweb (1).exe (CACAOWEB Ltd -> )
FirewallRules: [{2F743232-4127-459F-A9CE-2CFCF4615DB7}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
C:\users\grégory\downloads\cacaoweb (1).exe
CMD: cscript %windir%\System32\slmgr.vbs /dlv
CMD: netsh int ipv4 reset all
CMD: netsh int ipv6 reset all
CMD: netsh int portproxy reset all
CMD: netsh int tcp reset all
CMD: netsh winsock reset
CMD: netsh int ip reset all
CMD: ipconfig /release
CMD: ipconfig /release6
CMD: ipconfig /renew
CMD: ipconfig /renew6
CMD: ipconfig /flushdns
CMD: bitsadmin /reset 
RemoveProxy:
CMD: Winmgmt /verifyrepository
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /V SmartScreenEnabled /T REG_SZ /D RequireAdmin /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V Enable /T REG_SZ /D n /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V OptimizeComplete /T REG_SZ /D no /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V PowerdownAfterShutdown /T REG_SZ /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V ClearPageFileAtShutdown /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V LargeSystemCache /T REG_DWORD /D 1 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 20 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V WaitToKillAppTimeout /T REG_SZ /D 1000 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V HungAppTimeout /T REG_SZ /D 1000 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V AutoEndTasks /T REG_SZ /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillServiceTimeout /T REG_SZ /D 1000 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillAppTimeout /T REG_SZ /D 1000 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxPortExhausted /T REG_DWORD /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /V AlwaysUnloadDll /T REG_DWORD /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer" /V AlwaysUnloadDll /T REG_DWORD /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxHalfOpenRetried /T REG_DWORD /D 400 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxHalfOpen /T REG_DWORD /D 500 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V SynAttackProtect /T REG_DWORD /D 2 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V KeapAliveTime /T REG_DWORD /D 300000 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableDeadGWDetect /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V DisableIPSourceRouting /T REG_DWORD /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableMulticastForwarding /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V IPEnableRouter /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableAddrMaskReply /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxConnectResponseRetransmissions /T REG_DWORD /D 2 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxDataRetransmissions /T REG_DWORD /D 2 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnablePMTUDiscovery /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V NoNameReleaseOnDemand /T REG_DWORD /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V EnableDynamicBacklog /T REG_DWORD /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V MinimumDynamicBacklog /T REG_DWORD /D 20 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V MaximumDynamicBacklog /T REG_DWORD /D 20000 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V DynamicBacklogGrowthDelta /T REG_DWORD /D 10 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V FastCopyReceiveThreshold /T REG_DWORD /D  500 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V FastSendDatagramThreshold /T REG_DWORD /D  500 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /V NoNameReleaseOnDemand /T REG_DWORD /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /V NoLmHash /T REG_DWORD /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /V lmcompatibilitylevel /T REG_DWORD /D 5 /f
c:\windows\temp\*.*
C:\Users\grégory\AppData\Local\Temp\*.*
C:\Windows\SoftwareDistribution\Download\*
Hosts: 
EmptyTemp: