start:: closeprocesses: SystemRestore:...

Édité le 19 octobre 2022
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
SystemRestore: On
createrestorepoint:
Task: {18337F62-2E39-4880-9E0C-B702EB5B9D11} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {1EBA14EE-6BA1-43CB-9AB5-F99F9226B2B5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [432128 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {2169C96B-8576-4B48-9F46-E28390EF1847} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {491106F0-9C5E-415F-A6C9-9F932A3D8B86} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {606E9521-B699-4757-BB9D-F6A42012DE54} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {63938190-B946-408B-A039-6B7EC9DAD0CA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {6CFF0646-2DB2-48EF-956A-C9F7215185EB} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {6DEDC546-5C39-4E02-A8AC-F14A316A8FC9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {764E359F-D4B4-4EF8-8012-CB9116B6F0B6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {83BD49B4-A041-4ABC-86B6-FC5D241A35F1} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {8C181997-597E-4ED2-BBA5-5248D06DF288} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {93C43FC2-BAFD-4CA2-9213-00F83AFEE5BE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {AFE054F4-BD22-47BD-8F5A-69234C2EC50F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\Wsc Startup event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {B3BCCBA0-CCCC-4E4E-A325-7B555C461030} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [448512 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
Task: {D58B1607-0E67-44EA-A7CE-C743F751FAF0} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2895B49E-4D59-4AE2-B5EC-EAC424F38E8F\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [432128 2022-09-03] (Microsoft Windows -> Microsoft Corporation)
C:\Users\marzu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmpchkfhgoclkajbifladignhbanjdk
C:\Users\marzu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
HKLM\...\Run: [iTunesHelper] => D:\prog files\iTunesHelper.exe [366960 2022-09-01] (Apple Inc. -> Apple Inc.)
virustotal: D:\prog files\iTunesHelper.exe
cmd: reg query HKEY_LOCAL_MACHINE\SOFTWARE\Policies
emptytemp:
end::