start::
closeprocesses:
createrestorepoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-145644232-4165256417-3914902437-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607496 2023-07-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-145644232-4165256417-3914902437-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4362600 2023-05-30] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-145644232-4165256417-3914902437-1001\...\Run: [SharewareOnSale Notifier] => C:\ProgramData\SharewareOnSale Notifier\SharewareOnSale Notifier.exe [1008816 2021-07-26] (Azadi Network LLC -> ) <==== ATTENTION
C:\ProgramData\SharewareOnSale Notifier
HKU\S-1-5-21-145644232-4165256417-3914902437-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-145644232-4165256417-3914902437-1001\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (Pas de fichier)
HKU\S-1-5-21-145644232-4165256417-3914902437-1001\...\MountPoints2: {5f39e59a-ef8d-11ed-9f6b-d01b812f521e} - "D:\autorun.exe"
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Task: {C3BF93BA-7583-4D86-96C8-79BB27D5BD22} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {61E981F5-E082-4351-8EBF-A042240045A9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {DA831E26-A152-4062-8076-9BD8395F9F58} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {41A59092-8EE2-4FA2-8D05-B11913B26B8E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {6731A592-E462-434E-A757-2979D974D453} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {E1221B1C-0873-4F83-9F8F-B7501CD6514F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {1E7FEF05-F0CE-457D-AB6A-4BD3E83242B7} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {150CF794-9F41-4601-ACE3-16307D0B9C3C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {E0CD5DA6-CAE1-48B2-BD6F-3C731E8FD733} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {97222A8E-A254-48C1-A271-DF91CA8FCC46} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {CF7B6F2C-2EE7-4B66-862C-042ECA6D41EB} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [466944 2023-06-28] (Microsoft Windows -> Microsoft Corporation)
Task: {A5C8FFDE-AFD8-4409-8512-EB9C8F70861D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [466944 2023-06-28] (Microsoft Windows -> Microsoft Corporation)
Task: {04679795-8026-4874-B1DC-D919A8A41D68} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {22499FE9-5D55-48D0-9017-1138056C3D95} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\8BAA4736-59B2-4EED-A667-F361B8AA21F2\Wsc Startup event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-06-02] (Microsoft Windows -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Pas de fichier)
Task: {9982001B-075E-4507-B40B-F78E3DF50A9F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Pas de fichier)
Task: {9C193011-F3BC-489E-AE00-13FD51FC4CC6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Pas de fichier)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Pas de fichier)
HKU\S-1-5-21-145644232-4165256417-3914902437-1001\...\StartupApproved\Run: => "ut"
HKU\S-1-5-21-145644232-4165256417-3914902437-1001\...\StartupApproved\Run: => "uTorrent"
cmd: netsh advfirewall reset
cmd: sfc /scannow
emptytemp:
end::