Start:: CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare) HKU\S-1-5-21-3377447511-381197650-2276093609-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35646080 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-3377447511-381197650-2276093609-1001\...\MountPoints2: {ca3ccac1-60b4-11ec-ac88-089798782017} - "D:\setup.exe" HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Task: {7257E807-1013-4C34-B50F-3D5F2786771A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Task: {E0E63452-D941-4969-96F8-98AB72CB3709} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation) Task: {E47ABE1E-CD37-4EA5-90DC-BFB506368ADB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Pas de fichier) FF Extension: (Hoxx VPN Proxy) - C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\49ojdxwj.default-release-1599230994153\Extensions\@hoxx-vpn.xpi [2022-03-12] Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Mans Sky Desolation\No Mans Sky Desolation.lnk -> C:\Program Files (x86)\No Mans Sky Desolation\Binaries\NMS.exe (Pas de fichier) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Mans Sky Desolation\Uninstall No Mans Sky Desolation.lnk -> C:\Program Files (x86)\No Mans Sky Desolation\unins000.exe (Pas de fichier) Shortcut: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Word\Rédige%20un%20paragraphe%20présentant%20les%20aggl309472113148330740\Rédige%20un%20paragraphe%20présentant%20les%20agglomérations%20connectées%20par%20la%20mondialisation.docx.lnk -> [LF 7.7~7dU//D:\tY^Hg3(w,/J>Vh6 Rdige un paragraphe prsentant les agglomrations connectes par la mondialisation.docx.Rdige un paragraphe prsentant les agglomrations connectes par la mondialisation.docx-LcD:\Rdige un paragraphe prsentant les agglomrations connectes par la mondialisation.docxDernire version0] (Pas de fichier) cmd: cscript %windir%\System32\slmgr.vbs /dli cmd: sc config diagtrack start= disabled cmd: sc config dmwappushservice start= disabled cmd: echo "" > %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl cmd: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V Enable /T REG_SZ /D n /f cmd: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V OptimizeComplete /T REG_SZ /D no /f cmd: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V PowerdownAfterShutdown /T REG_SZ /D 1 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V ClearPageFileAtShutdown /T REG_DWORD /D 0 /f cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 400 /f cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V WaitToKillAppTimeout /T REG_SZ /D 1200 /f cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V HungAppTimeout /T REG_SZ /D 1200 /f cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V AutoEndTasks /T REG_SZ /D 1 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillServiceTimeout /T REG_SZ /D 1200 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxPortExhausted /T REG_DWORD /D 1 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxHalfOpenRetried /T REG_DWORD /D 400 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxHalfOpen /T REG_DWORD /D 500 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V SynAttackProtect /T REG_DWORD /D 2 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V KeapAliveTime /T REG_DWORD /D 300000 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableDeadGWDetect /T REG_DWORD /D 0 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V DisableIPSourceRouting /T REG_DWORD /D 1 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableMulticastForwarding /T REG_DWORD /D 0 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V IPEnableRouter /T REG_DWORD /D 0 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnableAddrMaskReply /T REG_DWORD /D 0 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxConnectResponseRetransmissions /T REG_DWORD /D 2 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V TcpMaxDataRetransmissions /T REG_DWORD /D 2 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V EnablePMTUDiscovery /T REG_DWORD /D 0 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /V NoNameReleaseOnDemand /T REG_DWORD /D 1 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V EnableDynamicBacklog /T REG_DWORD /D 1 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V MinimumDynamicBacklog /T REG_DWORD /D 20 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V MaximumDynamicBacklog /T REG_DWORD /D 20000 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V DynamicBacklogGrowthDelta /T REG_DWORD /D 10 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V FastCopyReceiveThreshold /T REG_DWORD /D 500 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters" /V FastSendDatagramThreshold /T REG_DWORD /D 500 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /V NoNameReleaseOnDemand /T REG_DWORD /D 1 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /V NoLmHash /T REG_DWORD /D 1 /f cmd: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /V lmcompatibilitylevel /T REG_DWORD /D 5 /f cmd: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 20 /f cmd: bitsadmin /reset powershell: Get-PhysicalDisk cmd: fsutil repair enumerate %homedrive% $Corrupt cmd: wmic path Win32_VideoController get description cmd: wmic path Win32_VideoController get driverversion powershell: Get-HotFix | Sort-Object -Property InstalledOn cmd: "%windir%\system32\lodctr.exe" /R cmd: "%windir%\syswow64\lodctr.exe" /R cmd: winmgmt /verifyrepository cmd: dism /online /cleanup-image /checkhealth powershell: Get-Process | Sort CPU -descending | Select -first 10 -Property ProcessName,ID,CPU,WS | format-table powershell: Get-Process | Sort WS -descending | Select -first 10 -Property ProcessName,ID,CPU,WS | format-table cmd: tasklist /svc /fi "imagename eq svchost.exe" RemoveProxy: cmd: ipconfig /flushdns c:\windows\temp\*.* C:\Users\CurrentUserName\AppData\Local\Temp\*.* Emptytemp: End::