start:: closeprocesses: createrestorepoint:...

Édité le 23 novembre 2022
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="warm"
EndRegedit:
CustomCLSID: HKU\S-1-5-21-2227814765-2585813274-1219433992-1016_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\isaac\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2227814765-2585813274-1219433992-1016_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\isaac\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2227814765-2585813274-1219433992-1016_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\isaac\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2227814765-2585813274-1219433992-1016_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\isaac\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2227814765-2585813274-1219433992-1016_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\isaac\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2227814765-2585813274-1219433992-1016_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\isaac\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => Pas de fichier
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Startup.log:4098BA314F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Startup.log:B2DD4C1AB7 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk:DC8F23BC3A [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.log:0E4B5BDF43 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.log:CB6454A782 [3442]
AlternateDataStreams: C:\Users\isaac\AppData\Local\Temp:$DATA [16]
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2227814765-2585813274-1219433992-1016\...\StartupApproved\Run: => "Avast Browser"
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Pas de fichier)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2227814765-2585813274-1219433992-1016\...\Run: [AMDNoiseSuppression] => "C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe" (Pas de fichier)
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 1
HKU\S-1-5-18\...\Policies\system: [DisableRegistryTools] 1
Task: {045D2929-C4B0-4D31-9416-F27EA8A71E4D} - System32\Tasks\WindowsDefenderServices\WindowsDefenderServicesServices_bk525 => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {0F60208D-FC9F-4256-B42B-B25598EF2EAA} - System32\Tasks\WmiPrvSE => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {2BA92E73-1821-4AF6-BDAA-D721F038B6BF} - System32\Tasks\RuntimeBroker => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {2E16138C-4E54-4F7D-B4A9-B351FEFD6F22} - System32\Tasks\Agent Activation Runtime\Agent Activation RuntimeServices_bk93 => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {3CE1DCC6-26F8-4BAD-B36C-21411FDDB636} - System32\Tasks\MicrosoftUpdateServices\MicrosoftUpdateServicesServices_bk637 => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {5F462375-90E0-4A9E-A584-84E485EE7DED} - System32\Tasks\OneDriveService => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {610C67FF-85C8-4225-A57D-BEB209B5D85F} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2227814765-2585813274-1219433992-1016 => C:\Users\isaac\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (Pas de fichier)
Task: {629BFDFE-EEC9-465D-B0D6-808F659AC993} - System32\Tasks\MicrosoftEdgeUpd => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {6ED0F38B-BCC6-4313-BDAE-1DC5148D2AA5} - System32\Tasks\ActivationRuntime => C:\ProgramData\RuntimeBrokerData\RegSvc.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé]
Task: {7147967B-4B39-4F73-AA08-695A68725932} - System32\Tasks\WindowsDefender => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {895A0737-ACD9-4688-BBF1-2C10A1F1BBBD} - System32\Tasks\SettingSysHost\SettingSysHostServices_bk315 => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {B3FF2266-BD5B-4C29-B719-E2CF252F6D51} - System32\Tasks\SecurityHealthSystray => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {B6EC67E0-4C1B-4F2C-A90F-7A5BC4B128AB} - System32\Tasks\AntiMalwareServiceExecutable => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {C8D90459-5F0F-45BB-84E5-A215FE020CC9} - System32\Tasks\NvStray\NvStrayService_bk5849 => C:\ProgramData\Dllhost\dllhost.exe [73216 2022-10-14] (Microsoft® Windows® Operating System) [Fichier non signé] <==== ATTENTION
Task: {D4131A5D-E445-4731-B23C-88D2D64BF975} - System32\Tasks\dllhost => C:\ProgramData\Dllhost\dllhost.exe [73216 2022-10-14] (Microsoft® Windows® Operating System) [Fichier non signé] <==== ATTENTION
Task: {D71C8544-F935-4CD2-BC8D-48765806CEE7} - System32\Tasks\ActivationRule => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
Task: {EE1BE57D-A8ED-477D-A275-F0E6D72C3C02} - System32\Tasks\AntiMalwareSericeExecutable\AntiMalwareSericeExecutableServices_bk931 => C:\ProgramData\RuntimeBrokerData\RuntimeBroker.exe [0 0000-00-00] (Microsoft® Windows® Operating System) [Accès refusé] <==== ATTENTION
S3 equ8_helper; \??\C:\Windows\system32\DRIVERS\equ8_helper.sys [X]
S3 UCORESYS; \??\C:\Users\isaac\AppData\Roaming\UCORESYS.sys [X]
S3 UCOREW64; \??\C:\Users\isaac\AppData\Roaming\UCOREW64.sys [X]
hosts:
emptytemp:
end::