start::
closeprocesses:
createrestorepoint:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-4247927337-2898577755-962393942-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-4247927337-2898577755-962393942-1001\...\Run: [AdobeBridge] => [X]
S2 AppServicea; C:\Windows\system32\1XVU42MI0W.tmp [6144 2021-09-13] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServiceb; C:\Windows\system32\1XVU42MI0W.tmp [6144 2021-09-13] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
S2 AppServiced; C:\Windows\system32\1XVU42MI0W.tmp [6144 2021-09-13] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
C:\Windows\system32\1XVU42MI0W.tmp
2021-09-13 12:55 - 2021-09-13 12:55 - 000000000 ____D C:\Program Files (x86)\foler
2021-09-13 12:54 - 2021-09-13 13:04 - 000000000 ____D C:\Users\jessy\AppData\Roaming\wushup
2021-09-13 12:54 - 2021-09-13 13:04 - 000000000 ____D C:\Users\jessy\AppData\LocalLow\aD1rF3aM8r
2021-09-13 12:54 - 2021-09-13 12:54 - 000000000 ____D C:\Users\jessy\AppData\Roaming\Romney
2021-09-13 12:53 - 2021-09-13 13:04 - 000000000 ____D C:\Users\jessy\AppData\LocalLow\uS0wV5wY9qH3
2021-09-13 12:52 - 2021-09-13 13:05 - 006826592 ____N C:\Windows\system32\Drivers\U168J2r.sys
2021-09-13 12:52 - 2021-09-13 13:05 - 000000000 ___HD C:\Windows\rss
2021-09-13 12:52 - 2021-09-13 13:05 - 000000000 ___HD C:\Users\jessy\AppData\Roaming\WinHost
2021-09-13 12:52 - 2021-09-13 12:52 - 000000000 ____D C:\Users\jessy\AppData\Local\Yandex
2021-09-13 12:52 - 2021-09-13 12:52 - 000000000 ____D C:\Program Files (x86)\Windows Locator
2021-09-13 12:51 - 2021-09-13 13:05 - 000000000 ____D C:\Windows\PublicGaming
2021-09-13 12:48 - 2021-09-13 12:48 - 009004962 _____ C:\Users\jessy\Downloads\c747bd3f__lrtimelapse-pro.zip
cmd: netsh advfirewall reset
cmd: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths"
cmd: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions"
cmd: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes"
emptytemp:
end::