start::
closeprocesses:
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-1568788971-1803981128-75823642-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\cdaub\AppData\Local\Microsoft\OneDrive\21.083.0425.0003\Microsoft.Nucleus.exe" => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1568788971-1803981128-75823642-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\cdaub\AppData\Local\Microsoft\OneDrive\21.083.0425.0003\Microsoft.Nucleus.exe" => Pas de fichier
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Pas de fichier
IE trusted site: HKU\S-1-5-21-1568788971-1803981128-75823642-1001\...\sharepoint.com -> hxxps://igscampus-files.sharepoint.com
HKU\S-1-5-21-1568788971-1803981128-75823642-1001\...\StartupApproved\StartupFolder: => "RUNDLL32.EXE.lnk"
FirewallRules: [{59F936DC-9861-421D-9246-101DAD45BC20}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => Pas de fichier
FirewallRules: [{6C86A413-E073-49C4-9322-6B26D82E3780}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Pas de fichier
FirewallRules: [{55974B44-45C7-467B-9370-826B83AFA012}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Pas de fichier
S2 AppServicea; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
S2 AppServiceb; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
S2 AppServicec; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
S2 AppServiced; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
S2 AppServicee; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
S2 AppServicef; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
S2 AppServiceg; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
S2 AppServiceh; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
S2 AppServicei; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
S2 AppServicej; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
S2 AppServicel; C:\WINDOWS\system32\ZSRWCR5193.tmp [6144 2021-06-04] (Microsoft Corporation) [Fichier non signé]
2021-06-04 19:33 - 2021-06-04 19:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-06-01 18:29 - 2021-06-01 18:27 - 011096456 _____ (McAfee, Inc.) C:\Users\cdaub\Desktop\MCPR.exe
emptytemp:
end::