start::
closeprocesses:
createrestorepoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe --startup_mode (Pas de fichier)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe --startup_mode (Pas de fichier)
HKU\S-1-5-21-10675335-1106685570-2759777711-1001\...\Run: [] => [X]
HKU\S-1-5-21-10675335-1106685570-2759777711-1001\...\MountPoints2: {fb5794f6-171a-11ec-9273-5cfb3a08f5f1} - "F:\SISetup.exe"
HKU\S-1-5-21-10675335-1106685570-2759777711-1005\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\Autre\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Pas de fichier)
HKU\S-1-5-21-10675335-1106685570-2759777711-1005\...\RunOnce: [Uninstall 23.153.0724.0003] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Autre\AppData\Local\Microsoft\OneDrive\23.153.0724.0003" [0 2023-08-27] () <==== ATTENTION [zéro octet Fichier/Dossier]
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe --startup_mode (Pas de fichier)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {CC8774F2-8140-4A61-BE35-9D465903809D} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.233\WatchDog.exe repair (Pas de fichier)
Task: {E8686DC0-B862-462C-9C45-8E6BFA1F0F4E} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr (Pas de fichier)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2023-01-28] <==== ATTENTION (Pointe vers un fichier *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2023-01-28] <==== ATTENTION
2023-10-23 19:07 - 2023-10-23 19:07 - 000000000 ____D C:\Users\Hugo\OneDrive\Documents\TotalAV
2023-10-23 18:58 - 2023-10-23 18:58 - 000000000 ____D C:\ProgramData\SecuritySuite
2023-10-23 18:57 - 2023-10-23 18:57 - 000000000 ____D C:\Users\Hugo\AppData\Local\GUI
2023-10-23 18:56 - 2023-10-23 18:56 - 057478016 _____ C:\Users\Hugo\Downloads\TotalAV_Setup.exe
CustomCLSID: HKU\S-1-5-21-10675335-1106685570-2759777711-1001_Classes\CLSID\{318cc681-4136-d2bd-6204-14d67a05b724}\localserver32 -> "C:\Program Files\Proton\VPN\v3.2.1\ProtonVPN.exe" -ToastActivated => Pas de fichier
ContextMenuHandlers1: [DefragglerShellExtension] -> [CC]{4380C993-0C43-4E02-9A7A-0D40B6EA7590} => -> Pas de fichier
ContextMenuHandlers1: [DriveFS 28 or later] -> [CC]{EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier
ContextMenuHandlers4: [DriveFS 28 or later] -> [CC]{EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier
ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} => -> Pas de fichier
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier
ContextMenuHandlers6: [DefragglerShellExtension] -> [CC]{4380C993-0C43-4E02-9A7A-0D40B6EA7590} => -> Pas de fichier
ContextMenuHandlers6: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} => -> Pas de fichier
HKU\S-1-5-21-10675335-1106685570-2759777711-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-10675335-1106685570-2759777711-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-10675335-1106685570-2759777711-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-10675335-1106685570-2759777711-1001\Software\Classes\.cmd: => <==== ATTENTION
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
C:\Program Files (x86)\TotalAV
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
EndRegedit:
emptytemp:
end::