start:: closeprocesses: createrestorepoint: GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKU\S-1-5-21-4247927337-2898577755-962393942-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKU\S-1-5-21-4247927337-2898577755-962393942-1001\...\Run: [AdobeBridge] => [X] S2 AppServicea; C:\Windows\system32\1XVU42MI0W.tmp [6144 2021-09-13] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION S2 AppServiceb; C:\Windows\system32\1XVU42MI0W.tmp [6144 2021-09-13] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION S2 AppServiced; C:\Windows\system32\1XVU42MI0W.tmp [6144 2021-09-13] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION C:\Windows\system32\1XVU42MI0W.tmp 2021-09-13 12:55 - 2021-09-13 12:55 - 000000000 ____D C:\Program Files (x86)\foler 2021-09-13 12:54 - 2021-09-13 13:04 - 000000000 ____D C:\Users\jessy\AppData\Roaming\wushup 2021-09-13 12:54 - 2021-09-13 13:04 - 000000000 ____D C:\Users\jessy\AppData\LocalLow\aD1rF3aM8r 2021-09-13 12:54 - 2021-09-13 12:54 - 000000000 ____D C:\Users\jessy\AppData\Roaming\Romney 2021-09-13 12:53 - 2021-09-13 13:04 - 000000000 ____D C:\Users\jessy\AppData\LocalLow\uS0wV5wY9qH3 2021-09-13 12:52 - 2021-09-13 13:05 - 006826592 ____N C:\Windows\system32\Drivers\U168J2r.sys 2021-09-13 12:52 - 2021-09-13 13:05 - 000000000 ___HD C:\Windows\rss 2021-09-13 12:52 - 2021-09-13 13:05 - 000000000 ___HD C:\Users\jessy\AppData\Roaming\WinHost 2021-09-13 12:52 - 2021-09-13 12:52 - 000000000 ____D C:\Users\jessy\AppData\Local\Yandex 2021-09-13 12:52 - 2021-09-13 12:52 - 000000000 ____D C:\Program Files (x86)\Windows Locator 2021-09-13 12:51 - 2021-09-13 13:05 - 000000000 ____D C:\Windows\PublicGaming 2021-09-13 12:48 - 2021-09-13 12:48 - 009004962 _____ C:\Users\jessy\Downloads\c747bd3f__lrtimelapse-pro.zip cmd: netsh advfirewall reset cmd: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" cmd: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions" cmd: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes" emptytemp: end::