start::
closeprocesses:
createrestorepoint:
HKU\S-1-5-21-3282699034-1007418648-181929168-1001\...\StartupApproved\Run: => "F0B4DAD85DCFF8C11A705B1D53E15DFDF0D581BA._service_run"
HKU\S-1-5-21-3282699034-1007418648-181929168-1001\...\MountPoints2: {2cb06283-631c-11ec-9f3d-7440bb42932a} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3282699034-1007418648-181929168-1001\...\MountPoints2: {d4e5f56f-bd2d-11eb-9e0b-7440bb42932a} - "E:\startme.exe"
HKU\S-1-5-21-3282699034-1007418648-181929168-1001\...\MountPoints2: {f5435c98-8d4f-11eb-9d6b-7440bb42932a} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3282699034-1007418648-181929168-1001\...\MountPoints2: {f5435d17-8d4f-11eb-9d6b-7440bb42932a} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3282699034-1007418648-181929168-1001\...\MountPoints2: {ff1fa32a-bb67-11ec-9faf-7440bb42932a} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3282699034-1007418648-181929168-1002\...\MountPoints2: {2cb06283-631c-11ec-9f3d-7440bb42932a} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3282699034-1007418648-181929168-1002\...\MountPoints2: {d4e5f56f-bd2d-11eb-9e0b-7440bb42932a} - "E:\startme.exe"
HKU\S-1-5-21-3282699034-1007418648-181929168-1002\...\MountPoints2: {f5435c98-8d4f-11eb-9d6b-7440bb42932a} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3282699034-1007418648-181929168-1002\...\MountPoints2: {f5435d17-8d4f-11eb-9d6b-7440bb42932a} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {06F241B8-BC4E-4C25-A6F1-A2A845B62B17} - System32\Tasks\Opera scheduled Autoupdate 1640686422 => c:\users\josue\appdata\local\programs\opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {12162AAE-26C6-42EF-8895-62E0DF09BE7D} - System32\Tasks\Opera scheduled Autoupdate 1618473295 => C:\Users\Utilisateur\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {1C4CF629-4ED9-475F-BEF2-AD158E86A77A} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (Pas de fichier)
Task: {5151C401-8D38-4EE8-8525-A46AC61D20D6} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (Pas de fichier)
Task: {64D14AF5-B7A5-4F32-9A0E-00DD3C9E4E9A} - System32\Tasks\Opera scheduled Autoupdate 1634755548 => c:\users\josue\appdata\local\programs\opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {AE75B805-C350-4400-ADDC-C1144DFF04DA} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71b3735655992 => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (Pas de fichier)
Task: {E65C8786-D7A1-49CA-8B33-4816E40D1996} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Pas de fichier)
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
R2 MaskVPNService; C:\Program Files (x86)\MaskVPN\mask_svc.exe [7493560 2020-08-06] (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd)
C:\Program Files (x86)\MaskVPN
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-10-15] (Mixbyte Inc -> Freemake)
C:\ProgramData\Freemake
2022-04-17 19:29 - 2022-04-17 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaskVPN
2022-04-17 19:29 - 2022-04-18 16:05 - 000000000 ____D C:\Program Files (x86)\MaskVPN
cmd: netsh advfirewall reset
emptytemp:
end::