start:: systemrestore:...

Posté le 5 novembre
Télécharger | Reposter | Largeur fixe

start::
systemrestore: on
closeprocesses:
createrestorepoint:
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
CustomCLSID: HKU\S-1-5-21-3679129218-2492701803-4163077832-1002_Classes\CLSID\{0b13c160-74a3-75a7-0821-886ee4b0f6c8}\localserver32 -> "C:\Users\Quentin\OneDrive\Bureau\OG fortnite ERA\FortniteLauncher.exe" -ToastActivated => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3679129218-2492701803-4163077832-1002_Classes\CLSID\{3f5d0051-61b8-0f45-6166-996cfb4f914f}\localserver32 -> "C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe" -ToastActivated => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3679129218-2492701803-4163077832-1002_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> "C:\Users\Quentin\AppData\Local\0install.net\implementations\sha256new_7ATQFYMYISD5LU42STURHNI33TRSMJBHVQPLEAO3EX4R5WPI6GTQ\DeepL.exe" -ToastActivated => Pas de fichier
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Quentin\AppData\Local\MEGAsync\ShellExtX64.dll -> Pas de fichier
AlternateDataStreams: C:\desktop.ini:CachedTiles [4840]
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [6858]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [6858]
AlternateDataStreams: C:\ProgramData\rsEngine.config.backup:CF02139FF4 [6858]
AlternateDataStreams: C:\ProgramData\xnugqooy.ugm:E5437D12FE [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Badlion Client.lnk:8BD81608B2 [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk:14E057C8D9 [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Dragons.lnk:3B287A9E63 [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:C8B6D970BF [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lecture à distance PS.lnk:9FABCB2CFD [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk:4E42ED6D31 [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [6858]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [6858]
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4020]
HKU\S-1-5-21-3679129218-2492701803-4163077832-1002\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3679129218-2492701803-4163077832-1002\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-3679129218-2492701803-4163077832-1002\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-3679129218-2492701803-4163077832-1002\Software\Classes\.cmd: => <==== ATTENTION
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2021-11-24]
ShortcutTarget: DS4Windows.lnk -> C:\Users\Quentin\OneDrive\Bureau\DS4Windows\DS4Windows.exe (Pas de fichier)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {6B8DC69C-6E7D-4BD3-B236-6C26AFDF598C} - System32\Tasks\chrome policy => C:\Windows\system32\cmd.exe [323584 2023-11-04] (Microsoft Windows -> Microsoft Corporation) -> /c powershell -WindowStyle Hidden -E "CgAKACQAQQBzAGMAXwBFAG4AYwBTAHQAcgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoAJABSAFYAXwBsAGQAIAA9ACAAIgAyADcAIgA7AAoACgAKACQAbgBqAF8AdgBhAHIAMQA9ACQAbgB1AGwAbAA7AAoAJAB2ADIAXwBQAFIATQAgAD0AIAAiAFcAeQBJADIATgB6AGsAeQBOAH (l'élément de données a 5291 caractères en plus). <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Pas de fichier)
Task: {F40B273A-A32B-41D7-9C30-4AD4FA638A49} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (Pas de fichier)
Task: {E1F065F1-D85E-4478-9EA1-F6BB5729408E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Pas de fichier)
Task: {553AB4A4-8CE7-4D1E-AFDC-8904A1C9B3C8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Pas de fichier)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Pas de fichier)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
2023-11-04 20:26 - 2023-11-04 20:26 - 000013716 _____ C:\WINDOWS\system32\Tasks\chrome policy
cmd: netsh advfirewall reset
emptytemp:
end::