Publicité
Publicité
Format du document : text/plain
Prévisualisation
start::
Hosts:
Removeproxy:
CreateRestorePoint:
CloseProcesses:
2023-03-24 15:10 - 2023-03-23 08:00 - 000498176 _____ () [Fichier non signé] \\?\C:\Users\Alexy\AppData\Local\Programs\Blitz\resources\app.asar.unpacked\node_modules\leveldown\prebuilds\win32-x64\node.napi.node
2023-03-24 15:10 - 2023-03-23 08:00 - 000816640 _____ () [Fichier non signé] \\?\C:\Users\Alexy\AppData\Local\Programs\Blitz\resources\app.asar.unpacked\node_modules\lzma-native\prebuilds\win32-x64\electron.napi.node
AlternateDataStreams: C:\Windows\system32\9EarsSurroundSound.dll:72B1DE377E [3434]
AlternateDataStreams: C:\Users\Alexy\Application Data:374c9b336db4fa9522b72c58dcd0c3f9 [394]
AlternateDataStreams: C:\Users\Alexy\Application Data:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
AlternateDataStreams: C:\Users\Alexy\Application Data:a71eda622791298bf432424e2ed8fdad [394]
AlternateDataStreams: C:\Users\Alexy\Application Data:c7637b1ddf4ebe3cea300c7598738ba3 [394]
AlternateDataStreams: C:\Users\Alexy\AppData\Roaming:374c9b336db4fa9522b72c58dcd0c3f9 [394]
AlternateDataStreams: C:\Users\Alexy\AppData\Roaming:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
AlternateDataStreams: C:\Users\Alexy\AppData\Roaming:a71eda622791298bf432424e2ed8fdad [394]
AlternateDataStreams: C:\Users\Alexy\AppData\Roaming:c7637b1ddf4ebe3cea300c7598738ba3 [394]
AlternateDataStreams: C:\Users\Alexy\AppData\Local\Microsoft:ISBD1 [33]
AlternateDataStreams: C:\Users\Alexy\AppData\Local\Microsoft:ISBD2 [33]
AlternateDataStreams: C:\Users\Alexy\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc:169D67954B [3434]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3434]
AlternateDataStreams: C:\ProgramData\NVDisplayContainerWatchdog.log:204739A7F2 [3434]
AlternateDataStreams: C:\ProgramData\NVDisplayContainerWatchdog.log_backup1:C3CA1050CA [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arcadia.lnk:3E4B9E3FB7 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5 Multi-Instance Manager.lnk:35C0D57199 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk:088221F38A [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk:550995E265 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm Launcher.lnk:7B66F3DBEE [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firmware updater for DualSenseâ„¢ wireless controller.lnk:984BC2B727 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCUE.lnk:36398BE0BF [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCUE.lnk:97831153DE [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netmarble Launcher.lnk:CD5AEA454C [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk:335CDB8984 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs OBS.lnk:5BF9B01493 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Oculus.lnk:CAC6944A29 [3434]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4604]
71.19.252.151 ca-west-015.whiskergalaxy.com #added by Windscribe, do not modify.
71.19.251.139 ca-west-007.whiskergalaxy.com #added by Windscribe, do not modify.
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexy\AppData\Local\Temp\gm_ttt_50638\spooker.png
DNS Servers: 192.168.1.1
HKLM\...\StartupApproved\Run: => "PenTablet"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "Rave"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "Salad"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D8070CF6B96621D9DD4D1CCDB4B74C5D"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "Netmarble Launcher"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "Voicemod"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "FACEIT"
FirewallRules: [TCP Query User{D9197C7F-D45B-4528-B03A-3C9F1728692E}D:34\wreckfest_x64.exe] => (Allow) D:34\wreckfest_x64.exe => Pas de fichier
FirewallRules: [UDP Query User{29FB00D3-4955-465F-8DA9-4178857D1478}D:34\wreckfest_x64.exe] => (Allow) D:34\wreckfest_x64.exe => Pas de fichier
FirewallRules: [TCP Query User{752034AC-3C94-4590-B755-4208A5BA3674}D:0\fsd\binaries\wingdk\fsd-wingdk-shipping.exe] => (Allow) D:0\fsd\binaries\wingdk\fsd-wingdk-shipping.exe => Pas de fichier
FirewallRules: [UDP Query User{4777090D-6A8D-44FE-8D90-8065A2C01EFE}D:0\fsd\binaries\wingdk\fsd-wingdk-shipping.exe] => (Allow) D:0\fsd\binaries\wingdk\fsd-wingdk-shipping.exe => Pas de fichier
FirewallRules: [TCP Query User{D3F388DF-6FBF-45E5-BA15-D94EC167C032}D:0\gobi\binaries\wingdk\back4blood.exe] => (Allow) D:0\gobi\binaries\wingdk\back4blood.exe => Pas de fichier
FirewallRules: [UDP Query User{29B6E879-BDE4-4562-91F3-C10F331A63FB}D:0\gobi\binaries\wingdk\back4blood.exe] => (Allow) D:0\gobi\binaries\wingdk\back4blood.exe => Pas de fichier
FirewallRules: [TCP Query User{602BA4B4-D915-4E7E-907F-673372243A48}D:3\forzahorizon5.exe] => (Allow) D:3\forzahorizon5.exe => Pas de fichier
FirewallRules: [UDP Query User{0920E1CF-42F5-4157-9567-3D39C6A8C5E2}D:3\forzahorizon5.exe] => (Allow) D:3\forzahorizon5.exe => Pas de fichier
FirewallRules: [TCP Query User{EAA5A3EF-34B7-4893-A748-6B8501FD6E32}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.6d\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.6d\phoenixminer.exe => Pas de fichier
FirewallRules: [UDP Query User{515ED9C9-A36F-4B96-93C7-08FCA2AFF489}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.6d\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.6d\phoenixminer.exe => Pas de fichier
FirewallRules: [TCP Query User{441E83FE-18B9-4CCC-A9F7-29FA0BA90135}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.5c\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.5c\phoenixminer.exe => Pas de fichier
FirewallRules: [UDP Query User{193218B7-2412-40F8-9C31-0A8EE5389E95}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.5c\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.5c\phoenixminer.exe => Pas de fichier
FirewallRules: [TCP Query User{374A5E7B-B05B-4725-BC1F-F91354A21FA5}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe => Pas de fichier
FirewallRules: [UDP Query User{64DC4392-0AB4-4C7E-970B-6AF3EFA1E5EB}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe => Pas de fichier
FirewallRules: [{E598A431-1C01-4CDC-96FB-6A975EBDF888}] => (Allow) D:\Steam\steamapps\common\Gunfire Reborn\Gunfire Reborn.exe (广州多益网络股份有é™å…¬å¸ -> )
FirewallRules: [{DC957B29-3775-4B04-BB93-A6F05C07C110}] => (Allow) D:\Steam\steamapps\common\Gunfire Reborn\Gunfire Reborn.exe (广州多益网络股份有é™å…¬å¸ -> )
FirewallRules: [{7293CDE7-6F4D-41BF-997F-1E89B242F118}] => (Allow) C:\Program Files\Salad\Salad.exe => Pas de fichier
FirewallRules: [{735C93A6-7590-449B-B9B1-E14B30B5DBB7}] => (Allow) C:\Program Files\Salad\Salad.exe => Pas de fichier
FirewallRules: [{5231D292-C691-47C0-8A01-45F6B806909B}] => (Allow) C:\Program Files\Salad\Salad.exe => Pas de fichier
FirewallRules: [{C08BA801-0175-438C-BC6C-AB8462EAEC93}] => (Allow) C:\Program Files\Salad\Salad.exe => Pas de fichier
FirewallRules: [TCP Query User{B10CBCC5-6A2E-4AA6-8772-BCA0FD50A4E1}C:\users\alexy\desktop\deisim\deisim.exe] => (Allow) C:\users\alexy\desktop\deisim\deisim.exe => Pas de fichier
FirewallRules: [UDP Query User{78692A5E-999B-4FE6-A9A0-0C0330F9E854}C:\users\alexy\desktop\deisim\deisim.exe] => (Allow) C:\users\alexy\desktop\deisim\deisim.exe => Pas de fichier
FirewallRules: [TCP Query User{78C034DC-99EE-4174-94A4-7AB128EBB332}C:\users\alexy\desktop\pistolwhip\pistol whip.exe] => (Allow) C:\users\alexy\desktop\pistolwhip\pistol whip.exe => Pas de fichier
FirewallRules: [UDP Query User{2348D1BE-BA5F-41B1-A64B-A17FE1EAA61F}C:\users\alexy\desktop\pistolwhip\pistol whip.exe] => (Allow) C:\users\alexy\desktop\pistolwhip\pistol whip.exe => Pas de fichier
FirewallRules: [TCP Query User{77E87002-77EF-4615-9480-7178E929FC18}C:\users\alexy\desktop\presentiment.of.death\presentimentofdeath\presentimentofdeath.exe] => (Allow) C:\users\alexy\desktop\presentiment.of.death\presentimentofdeath\presentimentofdeath.exe => Pas de fichier
FirewallRules: [UDP Query User{F6E6C7B3-B792-4C95-B78A-CB73B85A384E}C:\users\alexy\desktop\presentiment.of.death\presentimentofdeath\presentimentofdeath.exe] => (Allow) C:\users\alexy\desktop\presentiment.of.death\presentimentofdeath\presentimentofdeath.exe => Pas de fichier
FirewallRules: [TCP Query User{CFEDB209-15A2-4843-BE38-039EC6BFA0F2}C:\users\alexy\desktop\shadowgate.vr.the.mines.of.mythrok\shadowgate vr.exe] => (Allow) C:\users\alexy\desktop\shadowgate.vr.the.mines.of.mythrok\shadowgate vr.exe => Pas de fichier
FirewallRules: [UDP Query User{75F0DFF2-A1F2-4ACE-A8F7-C49BDAEBA330}C:\users\alexy\desktop\shadowgate.vr.the.mines.of.mythrok\shadowgate vr.exe] => (Allow) C:\users\alexy\desktop\shadowgate.vr.the.mines.of.mythrok\shadowgate vr.exe => Pas de fichier
FirewallRules: [TCP Query User{3CCC3985-AF4B-4519-AFCE-F2C24BDFC70F}C:\users\alexy\desktop\tracery.of.fate\fate\binaries\win64\fate-win64-shipping.exe] => (Allow) C:\users\alexy\desktop\tracery.of.fate\fate\binaries\win64\fate-win64-shipping.exe => Pas de fichier
FirewallRules: [UDP Query User{57E86325-8D70-486C-A55F-E1BFEB7FFE18}C:\users\alexy\desktop\tracery.of.fate\fate\binaries\win64\fate-win64-shipping.exe] => (Allow) C:\users\alexy\desktop\tracery.of.fate\fate\binaries\win64\fate-win64-shipping.exe => Pas de fichier
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\Run: [GalaxyClient] => [X]
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Intel PTT EK Recertification.job => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_dec9bbf83f76d9e5\lib\IntelPTTEKRecertification.exe
2023-03-14 23:17 - 2023-03-14 23:17 - 000003668 _____ C:\Windows\system32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-24 20:22 - 2022-03-27 00:46 - 000000000 ____D C:\Users\Alexy\AppData\Roaming\qBittorrent
2023-02-24 17:00 - 2023-02-24 17:00 - 000006598 _____ () C:\Users\Alexy\AppData\Local\92761170034
2023-02-01 10:21 - 2023-02-01 10:21 - 000003982 _____ () C:\Users\Alexy\AppData\Local\9288529759
2023-02-01 21:44 - 2023-02-01 21:44 - 000005414 _____ () C:\Users\Alexy\AppData\Local\93086452306
2023-02-18 11:17 - 2023-02-18 11:17 - 000005414 _____ () C:\Users\Alexy\AppData\Local\93596085969
2023-02-26 16:12 - 2023-02-26 16:12 - 000006598 _____ () C:\Users\Alexy\AppData\Local\93803181808
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh winsock reset
cmd: sfc /scannow
EmptyEventLogs:
EmptyTemp:
end::
Hosts:
Removeproxy:
CreateRestorePoint:
CloseProcesses:
2023-03-24 15:10 - 2023-03-23 08:00 - 000498176 _____ () [Fichier non signé] \\?\C:\Users\Alexy\AppData\Local\Programs\Blitz\resources\app.asar.unpacked\node_modules\leveldown\prebuilds\win32-x64\node.napi.node
2023-03-24 15:10 - 2023-03-23 08:00 - 000816640 _____ () [Fichier non signé] \\?\C:\Users\Alexy\AppData\Local\Programs\Blitz\resources\app.asar.unpacked\node_modules\lzma-native\prebuilds\win32-x64\electron.napi.node
AlternateDataStreams: C:\Windows\system32\9EarsSurroundSound.dll:72B1DE377E [3434]
AlternateDataStreams: C:\Users\Alexy\Application Data:374c9b336db4fa9522b72c58dcd0c3f9 [394]
AlternateDataStreams: C:\Users\Alexy\Application Data:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
AlternateDataStreams: C:\Users\Alexy\Application Data:a71eda622791298bf432424e2ed8fdad [394]
AlternateDataStreams: C:\Users\Alexy\Application Data:c7637b1ddf4ebe3cea300c7598738ba3 [394]
AlternateDataStreams: C:\Users\Alexy\AppData\Roaming:374c9b336db4fa9522b72c58dcd0c3f9 [394]
AlternateDataStreams: C:\Users\Alexy\AppData\Roaming:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
AlternateDataStreams: C:\Users\Alexy\AppData\Roaming:a71eda622791298bf432424e2ed8fdad [394]
AlternateDataStreams: C:\Users\Alexy\AppData\Roaming:c7637b1ddf4ebe3cea300c7598738ba3 [394]
AlternateDataStreams: C:\Users\Alexy\AppData\Local\Microsoft:ISBD1 [33]
AlternateDataStreams: C:\Users\Alexy\AppData\Local\Microsoft:ISBD2 [33]
AlternateDataStreams: C:\Users\Alexy\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc:169D67954B [3434]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3434]
AlternateDataStreams: C:\ProgramData\NVDisplayContainerWatchdog.log:204739A7F2 [3434]
AlternateDataStreams: C:\ProgramData\NVDisplayContainerWatchdog.log_backup1:C3CA1050CA [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arcadia.lnk:3E4B9E3FB7 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5 Multi-Instance Manager.lnk:35C0D57199 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk:088221F38A [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk:550995E265 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm Launcher.lnk:7B66F3DBEE [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firmware updater for DualSenseâ„¢ wireless controller.lnk:984BC2B727 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCUE.lnk:36398BE0BF [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCUE.lnk:97831153DE [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netmarble Launcher.lnk:CD5AEA454C [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk:335CDB8984 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs OBS.lnk:5BF9B01493 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Oculus.lnk:CAC6944A29 [3434]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4604]
71.19.252.151 ca-west-015.whiskergalaxy.com #added by Windscribe, do not modify.
71.19.251.139 ca-west-007.whiskergalaxy.com #added by Windscribe, do not modify.
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexy\AppData\Local\Temp\gm_ttt_50638\spooker.png
DNS Servers: 192.168.1.1
HKLM\...\StartupApproved\Run: => "PenTablet"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "Rave"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "Salad"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D8070CF6B96621D9DD4D1CCDB4B74C5D"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "Netmarble Launcher"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "Voicemod"
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\StartupApproved\Run: => "FACEIT"
FirewallRules: [TCP Query User{D9197C7F-D45B-4528-B03A-3C9F1728692E}D:34\wreckfest_x64.exe] => (Allow) D:34\wreckfest_x64.exe => Pas de fichier
FirewallRules: [UDP Query User{29FB00D3-4955-465F-8DA9-4178857D1478}D:34\wreckfest_x64.exe] => (Allow) D:34\wreckfest_x64.exe => Pas de fichier
FirewallRules: [TCP Query User{752034AC-3C94-4590-B755-4208A5BA3674}D:0\fsd\binaries\wingdk\fsd-wingdk-shipping.exe] => (Allow) D:0\fsd\binaries\wingdk\fsd-wingdk-shipping.exe => Pas de fichier
FirewallRules: [UDP Query User{4777090D-6A8D-44FE-8D90-8065A2C01EFE}D:0\fsd\binaries\wingdk\fsd-wingdk-shipping.exe] => (Allow) D:0\fsd\binaries\wingdk\fsd-wingdk-shipping.exe => Pas de fichier
FirewallRules: [TCP Query User{D3F388DF-6FBF-45E5-BA15-D94EC167C032}D:0\gobi\binaries\wingdk\back4blood.exe] => (Allow) D:0\gobi\binaries\wingdk\back4blood.exe => Pas de fichier
FirewallRules: [UDP Query User{29B6E879-BDE4-4562-91F3-C10F331A63FB}D:0\gobi\binaries\wingdk\back4blood.exe] => (Allow) D:0\gobi\binaries\wingdk\back4blood.exe => Pas de fichier
FirewallRules: [TCP Query User{602BA4B4-D915-4E7E-907F-673372243A48}D:3\forzahorizon5.exe] => (Allow) D:3\forzahorizon5.exe => Pas de fichier
FirewallRules: [UDP Query User{0920E1CF-42F5-4157-9567-3D39C6A8C5E2}D:3\forzahorizon5.exe] => (Allow) D:3\forzahorizon5.exe => Pas de fichier
FirewallRules: [TCP Query User{EAA5A3EF-34B7-4893-A748-6B8501FD6E32}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.6d\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.6d\phoenixminer.exe => Pas de fichier
FirewallRules: [UDP Query User{515ED9C9-A36F-4B96-93C7-08FCA2AFF489}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.6d\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.6d\phoenixminer.exe => Pas de fichier
FirewallRules: [TCP Query User{441E83FE-18B9-4CCC-A9F7-29FA0BA90135}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.5c\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.5c\phoenixminer.exe => Pas de fichier
FirewallRules: [UDP Query User{193218B7-2412-40F8-9C31-0A8EE5389E95}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.5c\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.5c\phoenixminer.exe => Pas de fichier
FirewallRules: [TCP Query User{374A5E7B-B05B-4725-BC1F-F91354A21FA5}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe => Pas de fichier
FirewallRules: [UDP Query User{64DC4392-0AB4-4C7E-970B-6AF3EFA1E5EB}C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe] => (Allow) C:\users\alexy\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe => Pas de fichier
FirewallRules: [{E598A431-1C01-4CDC-96FB-6A975EBDF888}] => (Allow) D:\Steam\steamapps\common\Gunfire Reborn\Gunfire Reborn.exe (广州多益网络股份有é™å…¬å¸ -> )
FirewallRules: [{DC957B29-3775-4B04-BB93-A6F05C07C110}] => (Allow) D:\Steam\steamapps\common\Gunfire Reborn\Gunfire Reborn.exe (广州多益网络股份有é™å…¬å¸ -> )
FirewallRules: [{7293CDE7-6F4D-41BF-997F-1E89B242F118}] => (Allow) C:\Program Files\Salad\Salad.exe => Pas de fichier
FirewallRules: [{735C93A6-7590-449B-B9B1-E14B30B5DBB7}] => (Allow) C:\Program Files\Salad\Salad.exe => Pas de fichier
FirewallRules: [{5231D292-C691-47C0-8A01-45F6B806909B}] => (Allow) C:\Program Files\Salad\Salad.exe => Pas de fichier
FirewallRules: [{C08BA801-0175-438C-BC6C-AB8462EAEC93}] => (Allow) C:\Program Files\Salad\Salad.exe => Pas de fichier
FirewallRules: [TCP Query User{B10CBCC5-6A2E-4AA6-8772-BCA0FD50A4E1}C:\users\alexy\desktop\deisim\deisim.exe] => (Allow) C:\users\alexy\desktop\deisim\deisim.exe => Pas de fichier
FirewallRules: [UDP Query User{78692A5E-999B-4FE6-A9A0-0C0330F9E854}C:\users\alexy\desktop\deisim\deisim.exe] => (Allow) C:\users\alexy\desktop\deisim\deisim.exe => Pas de fichier
FirewallRules: [TCP Query User{78C034DC-99EE-4174-94A4-7AB128EBB332}C:\users\alexy\desktop\pistolwhip\pistol whip.exe] => (Allow) C:\users\alexy\desktop\pistolwhip\pistol whip.exe => Pas de fichier
FirewallRules: [UDP Query User{2348D1BE-BA5F-41B1-A64B-A17FE1EAA61F}C:\users\alexy\desktop\pistolwhip\pistol whip.exe] => (Allow) C:\users\alexy\desktop\pistolwhip\pistol whip.exe => Pas de fichier
FirewallRules: [TCP Query User{77E87002-77EF-4615-9480-7178E929FC18}C:\users\alexy\desktop\presentiment.of.death\presentimentofdeath\presentimentofdeath.exe] => (Allow) C:\users\alexy\desktop\presentiment.of.death\presentimentofdeath\presentimentofdeath.exe => Pas de fichier
FirewallRules: [UDP Query User{F6E6C7B3-B792-4C95-B78A-CB73B85A384E}C:\users\alexy\desktop\presentiment.of.death\presentimentofdeath\presentimentofdeath.exe] => (Allow) C:\users\alexy\desktop\presentiment.of.death\presentimentofdeath\presentimentofdeath.exe => Pas de fichier
FirewallRules: [TCP Query User{CFEDB209-15A2-4843-BE38-039EC6BFA0F2}C:\users\alexy\desktop\shadowgate.vr.the.mines.of.mythrok\shadowgate vr.exe] => (Allow) C:\users\alexy\desktop\shadowgate.vr.the.mines.of.mythrok\shadowgate vr.exe => Pas de fichier
FirewallRules: [UDP Query User{75F0DFF2-A1F2-4ACE-A8F7-C49BDAEBA330}C:\users\alexy\desktop\shadowgate.vr.the.mines.of.mythrok\shadowgate vr.exe] => (Allow) C:\users\alexy\desktop\shadowgate.vr.the.mines.of.mythrok\shadowgate vr.exe => Pas de fichier
FirewallRules: [TCP Query User{3CCC3985-AF4B-4519-AFCE-F2C24BDFC70F}C:\users\alexy\desktop\tracery.of.fate\fate\binaries\win64\fate-win64-shipping.exe] => (Allow) C:\users\alexy\desktop\tracery.of.fate\fate\binaries\win64\fate-win64-shipping.exe => Pas de fichier
FirewallRules: [UDP Query User{57E86325-8D70-486C-A55F-E1BFEB7FFE18}C:\users\alexy\desktop\tracery.of.fate\fate\binaries\win64\fate-win64-shipping.exe] => (Allow) C:\users\alexy\desktop\tracery.of.fate\fate\binaries\win64\fate-win64-shipping.exe => Pas de fichier
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-3814252811-3508934249-2902343537-1001\...\Run: [GalaxyClient] => [X]
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Intel PTT EK Recertification.job => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_dec9bbf83f76d9e5\lib\IntelPTTEKRecertification.exe
2023-03-14 23:17 - 2023-03-14 23:17 - 000003668 _____ C:\Windows\system32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-24 20:22 - 2022-03-27 00:46 - 000000000 ____D C:\Users\Alexy\AppData\Roaming\qBittorrent
2023-02-24 17:00 - 2023-02-24 17:00 - 000006598 _____ () C:\Users\Alexy\AppData\Local\92761170034
2023-02-01 10:21 - 2023-02-01 10:21 - 000003982 _____ () C:\Users\Alexy\AppData\Local\9288529759
2023-02-01 21:44 - 2023-02-01 21:44 - 000005414 _____ () C:\Users\Alexy\AppData\Local\93086452306
2023-02-18 11:17 - 2023-02-18 11:17 - 000005414 _____ () C:\Users\Alexy\AppData\Local\93596085969
2023-02-26 16:12 - 2023-02-26 16:12 - 000006598 _____ () C:\Users\Alexy\AppData\Local\93803181808
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh winsock reset
cmd: sfc /scannow
EmptyEventLogs:
EmptyTemp:
end::