start:: closeprocesses: createrestorepoint:...

Posté le 19 mai
Télécharger | Reposter | Largeur fixe

start::
closeprocesses:
createrestorepoint:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-2335175725-417758977-2113479248-1001\...\Run: [GalaxyClient] => [X]
Task: {BC0A6097-F752-4DF9-A567-0D788B2215D2} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask -> Pas de fichier <==== ATTENTION
Task: {8114EAE9-9F3B-4E24-94E0-7A8DD14C5B7B} - System32\Tasks\Check system => C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe [450560 2024-02-15] (Microsoft Windows -> Microsoft Corporation) -> -windowstyle Hidden C:\ProgramData\updates.ps1 <==== ATTENTION
C:\ProgramData\updates.ps1
Task: {172D626C-304D-4938-8D64-4921C3FA8880} - System32\Tasks\com.amazon.kpr.ncd => C:\Users\lilis\AppData\Local\Amazon\Kindle Previewer 3\KPR_NCD.exe [2094080 2023-05-03] () [Fichier non signé]
Task: {6D059F39-3045-44F3-889D-EC95389CC75B} - System32\Tasks\Microsoft\Windows\Bluetooth\Chromeniumscrypt => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-02-15] (Microsoft Windows -> Microsoft Corporation) -> -WindowStyle Hidden -File C:\Users\Public\updates.ps1
Task: {E154CC91-BCF8-47C2-ABE9-AB97D3BC731D} - System32\Tasks\Microsoft\Windows\Bluetooth\temp => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-02-15] (Microsoft Windows -> Microsoft Corporation) -> -WindowStyle Hidden -File C:\Users\Public\temp.ps1 <==== ATTENTION
C:\Users\Public\temp.ps1
Task: {ADCD96C6-DC0C-4699-A4CD-AEB0A2FAB0EB} - System32\Tasks\Microsoft\Windows\Maintenance\WinSATsBdqLK => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-02-15] (Microsoft Windows -> Microsoft Corporation) -> -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\75E8F651-7791-4432-AB08-C6C949E07E73.ps1" <==== ATTENTION
C:\WINDOWS\System32\75E8F651-7791-4432-AB08-C6C949E07E73.ps1
Task: {DA5E5D3E-3C7D-467E-959D-AFF090569411} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization90Eb8K => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-02-15] (Microsoft Windows -> Microsoft Corporation) -> -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\2E28522C-2F61-453B-8DA3-07038BC9F459.ps1" <==== ATTENTION
C:\WINDOWS\System32\2E28522C-2F61-453B-8DA3-07038BC9F459.ps1
Task: {BBEC2575-4FDD-4EB7-A62E-69B5DB262C6A} - System32\Tasks\Opera scheduled Autoupdate 1696430996 => C:\Users\lilis\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (Pas de fichier)
2024-05-17 11:34 - 2024-05-17 11:35 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-05-17 01:34 - 2024-05-17 01:34 - 000457012 _____ C:\ProgramData\cl.uninstall.1715902393.bdinstall.v2.bin
2024-05-17 01:34 - 2024-05-17 01:34 - 000084932 _____ C:\ProgramData\agent.uninstall.1715902446.bdinstall.v2.bin
2024-05-17 01:05 - 2024-05-17 01:05 - 000686968 _____ C:\ProgramData\cl.1715900656.bdinstall.v2.bin
2024-05-17 01:05 - 2024-05-17 01:05 - 000126580 _____ C:\ProgramData\cl.kit.1715900656.bdinstall.v2.bin
2024-05-17 01:04 - 2024-05-17 01:33 - 000000000 ____D C:\ProgramData\Bitdefender
2024-05-17 01:04 - 2024-05-17 01:21 - 000000000 ____D C:\ProgramData\BDLogging
2024-05-17 01:04 - 2024-05-17 01:04 - 000000000 ____D C:\WINDOWS\system32\elambkup
2024-05-17 01:04 - 2024-05-17 01:04 - 000000000 ____D C:\Users\lilis\AppData\Roaming\Bitdefender Security App
2024-04-25 11:19 - 2024-04-25 11:19 - 000338432 ____H () C:\ProgramData\Svchost.exe
2024-04-25 11:19 - 2024-04-25 11:19 - 000052224 _____ () C:\ProgramData\System32.exe
2024-04-20 19:04 - 2024-04-20 19:04 - 000009737 ____H () C:\Users\lilis\AppData\Roaming\dllhost.exe
2024-04-25 11:19 - 2024-04-25 11:19 - 000395776 ____H () C:\Users\lilis\AppData\Roaming\win32.exe
MSCONFIG\Services: McAfee WebAdvisor => 2
FirewallRules: [{9DB1E7FA-6BFF-42A9-AA6C-46CB30FD9544}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe => Pas de fichier
FirewallRules: [{DF499E0E-21E3-4AE0-81B9-EA5D62D2D19F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe => Pas de fichier
FirewallRules: [{6C34A734-0DA2-4C52-8351-7D3DECD106F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe => Pas de fichier
FirewallRules: [{4975D264-3FE3-46FD-B8CA-169F4604A92F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe => Pas de fichier
FirewallRules: [{4978751E-DC49-4D36-8292-BA3EB5F8EA8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe => Pas de fichier
FirewallRules: [{C0D6707C-BAA6-47D4-A59A-A782DD975A01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe => Pas de fichier
FirewallRules: [{6CB57D89-A1DA-47B3-9D6A-8FA3CBAA8BD8}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => Pas de fichier
FirewallRules: [TCP Query User{221022BE-870C-402F-B084-787717AB36A6}C:\xboxgames\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe] => (Allow) C:\xboxgames\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe => Pas de fichier
FirewallRules: [UDP Query User{190C5453-6D35-4E56-9183-9655F850D111}C:\xboxgames\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe] => (Allow) C:\xboxgames\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe => Pas de fichier
FirewallRules: [TCP Query User{BB5604B8-0FE4-4792-8076-63EA56AB935C}C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe] => (Allow) C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe => Pas de fichier
FirewallRules: [UDP Query User{FA0AAF13-9215-422D-83D5-B22A4E907E27}C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe] => (Allow) C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe => Pas de fichier
FirewallRules: [TCP Query User{EC56893A-7C50-430D-A733-D91F92F8E9D5}C:\xboxgames\dordogne - windows\content\dordogne.exe] => (Allow) C:\xboxgames\dordogne - windows\content\dordogne.exe => Pas de fichier
FirewallRules: [UDP Query User{665FF596-F669-4470-99CA-487951E6D676}C:\xboxgames\dordogne - windows\content\dordogne.exe] => (Allow) C:\xboxgames\dordogne - windows\content\dordogne.exe => Pas de fichier
FirewallRules: [TCP Query User{DC545832-DFE0-4F19-80AD-735B5991AD70}C:\xboxgames\planet of lana\content\planet of lana.exe] => (Allow) C:\xboxgames\planet of lana\content\planet of lana.exe => Pas de fichier
FirewallRules: [UDP Query User{7B1BD69D-01D8-4955-AF35-2331AEDC9EA0}C:\xboxgames\planet of lana\content\planet of lana.exe] => (Allow) C:\xboxgames\planet of lana\content\planet of lana.exe => Pas de fichier
FirewallRules: [{3194628C-6A02-4BCF-841A-3C4AB4B11B5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe => Pas de fichier
FirewallRules: [{CB7ACC7F-6CC8-45E4-A21A-0A1800E50971}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe => Pas de fichier
emptytemp:
end::