Publicité
Publicité
Format du document : text/plain
Prévisualisation
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-3377447511-381197650-2276093609-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35646080 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3377447511-381197650-2276093609-1001\...\MountPoints2: {ca3ccac1-60b4-11ec-ac88-089798782017} - "D:\setup.exe"
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {7257E807-1013-4C34-B50F-3D5F2786771A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {E0E63452-D941-4969-96F8-98AB72CB3709} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {E47ABE1E-CD37-4EA5-90DC-BFB506368ADB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Pas de fichier)
FF Extension: (Hoxx VPN Proxy) - C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\49ojdxwj.default-release-1599230994153\Extensions\@hoxx-vpn.xpi [2022-03-12]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Mans Sky Desolation\No Mans Sky Desolation.lnk -> C:\Program Files (x86)\No Mans Sky Desolation\Binaries\NMS.exe (Pas de fichier)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Mans Sky Desolation\Uninstall No Mans Sky Desolation.lnk -> C:\Program Files (x86)\No Mans Sky Desolation\unins000.exe (Pas de fichier)
Shortcut: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Word\Rédige%20un%20paragraphe%20présentant%20les%20aggl309472113148330740\Rédige%20un%20paragraphe%20présentant%20les%20agglomérations%20connectées%20par%20la%20mondialisation.docx.lnk -> [LF 7.7~7dU //D:\tY^Hg3(w,/J>Vh6 Rdige un paragraphe prsentant les agglomrations connectes par la mondialisation.docx.Rdige un paragraphe prsentant les agglomrations connectes par la mondialisation.docx-LcD:\Rdige un paragraphe prsentant les agglomrations connectes par la mondialisation.docxDernire version0] (Pas de fichier)
cmd: cscript %windir%\System32\slmgr.vbs /dli
cmd: sc config diagtrack start= disabled
cmd: sc config dmwappushservice start= disabled
cmd: echo "" > %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
cmd: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V Enable /T REG_SZ /D n /f
cmd: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V OptimizeComplete /T REG_SZ /D no /f
cmd: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V PowerdownAfterShutdown /T REG_SZ /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V ClearPageFileAtShutdown /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 400 /f
cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V WaitToKillAppTimeout /T REG_SZ /D 1200 /f
cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V HungAppTimeout /T REG_SZ /D 1200 /f
cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V AutoEndTasks /T REG_SZ /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillServiceTimeout /T REG_SZ /D 1200 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxPortExhausted /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxHalfOpenRetried /T REG_DWORD /D 400 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxHalfOpen /T REG_DWORD /D 500 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V SynAttackProtect /T REG_DWORD /D 2 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V KeapAliveTime /T REG_DWORD /D 300000 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableDeadGWDetect /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V DisableIPSourceRouting /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableMulticastForwarding /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V IPEnableRouter /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableAddrMaskReply /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxConnectResponseRetransmissions /T REG_DWORD /D 2 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxDataRetransmissions /T REG_DWORD /D 2 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnablePMTUDiscovery /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V NoNameReleaseOnDemand /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V EnableDynamicBacklog /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V MinimumDynamicBacklog /T REG_DWORD /D 20 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V MaximumDynamicBacklog /T REG_DWORD /D 20000 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V DynamicBacklogGrowthDelta /T REG_DWORD /D 10 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V FastCopyReceiveThreshold /T REG_DWORD /D 500 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V FastSendDatagramThreshold /T REG_DWORD /D 500 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /V NoNameReleaseOnDemand /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /V NoLmHash /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /V lmcompatibilitylevel /T REG_DWORD /D 5 /f
cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 20 /f
cmd: bitsadmin /reset
powershell: Get-PhysicalDisk
cmd: fsutil repair enumerate %homedrive% $Corrupt
cmd: wmic path Win32_VideoController get description
cmd: wmic path Win32_VideoController get driverversion
powershell: Get-HotFix | Sort-Object -Property InstalledOn
cmd: "%windir%\system32\lodctr.exe" /R
cmd: "%windir%\syswow64\lodctr.exe" /R
cmd: winmgmt /verifyrepository
cmd: dism /online /cleanup-image /checkhealth
powershell: Get-Process | Sort CPU -descending | Select -first 10 -Property ProcessName,ID,CPU,WS | format-table
powershell: Get-Process | Sort WS -descending | Select -first 10 -Property ProcessName,ID,CPU,WS | format-table
cmd: tasklist /svc /fi "imagename eq svchost.exe"
RemoveProxy:
cmd: ipconfig /flushdns
c:\windows\temp\*.*
C:\Users\CurrentUserName\AppData\Local\Temp\*.*
Emptytemp:
End::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-3377447511-381197650-2276093609-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35646080 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3377447511-381197650-2276093609-1001\...\MountPoints2: {ca3ccac1-60b4-11ec-ac88-089798782017} - "D:\setup.exe"
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {7257E807-1013-4C34-B50F-3D5F2786771A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {E0E63452-D941-4969-96F8-98AB72CB3709} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {E47ABE1E-CD37-4EA5-90DC-BFB506368ADB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Pas de fichier)
FF Extension: (Hoxx VPN Proxy) - C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\49ojdxwj.default-release-1599230994153\Extensions\@hoxx-vpn.xpi [2022-03-12]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Mans Sky Desolation\No Mans Sky Desolation.lnk -> C:\Program Files (x86)\No Mans Sky Desolation\Binaries\NMS.exe (Pas de fichier)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Mans Sky Desolation\Uninstall No Mans Sky Desolation.lnk -> C:\Program Files (x86)\No Mans Sky Desolation\unins000.exe (Pas de fichier)
Shortcut: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Word\Rédige%20un%20paragraphe%20présentant%20les%20aggl309472113148330740\Rédige%20un%20paragraphe%20présentant%20les%20agglomérations%20connectées%20par%20la%20mondialisation.docx.lnk -> [LF 7.7~7dU //D:\tY^Hg3(w,/J>Vh6 Rdige un paragraphe prsentant les agglomrations connectes par la mondialisation.docx.Rdige un paragraphe prsentant les agglomrations connectes par la mondialisation.docx-LcD:\Rdige un paragraphe prsentant les agglomrations connectes par la mondialisation.docxDernire version0] (Pas de fichier)
cmd: cscript %windir%\System32\slmgr.vbs /dli
cmd: sc config diagtrack start= disabled
cmd: sc config dmwappushservice start= disabled
cmd: echo "" > %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
cmd: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V Enable /T REG_SZ /D n /f
cmd: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V OptimizeComplete /T REG_SZ /D no /f
cmd: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V PowerdownAfterShutdown /T REG_SZ /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V ClearPageFileAtShutdown /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 400 /f
cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V WaitToKillAppTimeout /T REG_SZ /D 1200 /f
cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V HungAppTimeout /T REG_SZ /D 1200 /f
cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V AutoEndTasks /T REG_SZ /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillServiceTimeout /T REG_SZ /D 1200 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxPortExhausted /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxHalfOpenRetried /T REG_DWORD /D 400 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxHalfOpen /T REG_DWORD /D 500 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V SynAttackProtect /T REG_DWORD /D 2 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V KeapAliveTime /T REG_DWORD /D 300000 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableDeadGWDetect /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V DisableIPSourceRouting /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableMulticastForwarding /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V IPEnableRouter /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableAddrMaskReply /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxConnectResponseRetransmissions /T REG_DWORD /D 2 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxDataRetransmissions /T REG_DWORD /D 2 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnablePMTUDiscovery /T REG_DWORD /D 0 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V NoNameReleaseOnDemand /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V EnableDynamicBacklog /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V MinimumDynamicBacklog /T REG_DWORD /D 20 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V MaximumDynamicBacklog /T REG_DWORD /D 20000 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V DynamicBacklogGrowthDelta /T REG_DWORD /D 10 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V FastCopyReceiveThreshold /T REG_DWORD /D 500 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V FastSendDatagramThreshold /T REG_DWORD /D 500 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /V NoNameReleaseOnDemand /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /V NoLmHash /T REG_DWORD /D 1 /f
cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /V lmcompatibilitylevel /T REG_DWORD /D 5 /f
cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 20 /f
cmd: bitsadmin /reset
powershell: Get-PhysicalDisk
cmd: fsutil repair enumerate %homedrive% $Corrupt
cmd: wmic path Win32_VideoController get description
cmd: wmic path Win32_VideoController get driverversion
powershell: Get-HotFix | Sort-Object -Property InstalledOn
cmd: "%windir%\system32\lodctr.exe" /R
cmd: "%windir%\syswow64\lodctr.exe" /R
cmd: winmgmt /verifyrepository
cmd: dism /online /cleanup-image /checkhealth
powershell: Get-Process | Sort CPU -descending | Select -first 10 -Property ProcessName,ID,CPU,WS | format-table
powershell: Get-Process | Sort WS -descending | Select -first 10 -Property ProcessName,ID,CPU,WS | format-table
cmd: tasklist /svc /fi "imagename eq svchost.exe"
RemoveProxy:
cmd: ipconfig /flushdns
c:\windows\temp\*.*
C:\Users\CurrentUserName\AppData\Local\Temp\*.*
Emptytemp:
End::