start::
closeprocesses:
createrestorepoint:
cmd: type C:\ProgramData\NTUSER.pol
virustotal: C:\Users\Carole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wondershare Filmora X\WondershareFilmoraX.exe
CustomCLSID: HKU\S-1-5-21-246789546-2301261532-4149948280-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Carole\AppData\Local\Microsoft\OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-246789546-2301261532-4149948280-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Carole\AppData\Local\Microsoft\OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-246789546-2301261532-4149948280-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Carole\AppData\Local\Microsoft\OneDrive\19.152.0927.0012\amd64\FileSyncShell64.dll => Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> Pas de fichier
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> Pas de fichier
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> Pas de fichier
HKU\S-1-5-19\...\RunOnce: [01-DIKAssist] => C:\Windows\Setup\Scripts\DIKAssistDesktop.exe
HKU\S-1-5-19\...\RunOnce: [03-DikBackApps] => C:\Windows\Setup\Scripts\bin\DIK_BackApps.cmd
HKU\S-1-5-20\...\RunOnce: [01-DIKAssist] => C:\Windows\Setup\Scripts\DIKAssistDesktop.exe
HKU\S-1-5-20\...\RunOnce: [03-DikBackApps] => C:\Windows\Setup\Scripts\bin\DIK_BackApps.cmd
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
EndRegedit:
HKU\S-1-5-21-246789546-2301261532-4149948280-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\Software\...\Authentication\Credential Providers: [{5EF9A232-5B5B-4768-95F2-3F601FB184E3}] -> C:\WINDOWS\system32\AutoGreenCP.dll [2020-12-14] () [Fichier non signé]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-x32: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
cmd: netsh advfirewall reset
emptytemp:
end::