start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\...\RunOnce: [PDFCreatorRestart] => [X]
HKU\S-1-5-21-2325629162-2556327254-2773609804-500\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2325629162-2556327254-2773609804-500\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {27AFE740-3E8D-483A-9C33-78967D30F1B4} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-4 -> Pas de fichier
Task: {2BF0C41D-AA0E-482E-844F-8F6FEFD58DF5} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {602A6D91-94FF-49E9-B7DC-0334A141DFBB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {602A6D91-94FF-49E9-B7DC-0334A141DFBB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {602A6D91-94FF-49E9-B7DC-0334A141DFBB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe
Task: {9F927827-1697-4A25-841C-7864E41A7C7D} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-2 -> Pas de fichier
Task: {9FBB2118-3AFF-4937-B19D-48894E6821C0} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-6 -> Pas de fichier
Task: {A2282AD6-304F-4264-8775-6E782E3842A4} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-7 -> Pas de fichier
Task: {BC379B0C-EC45-4811-8E65-D2CBD0A9E3AB} - System32\Tasks\{95A9502B-890E-4EE3-9EFA-F180AFED6F91} => C:\Windows\system32\pcalua.exe -a E:\oracle\vce_testing_system_setup.exe -d E:\oracle
Task: {C142EBB0-FACD-4F95-B7FB-D9FED0153175} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {C142EBB0-FACD-4F95-B7FB-D9FED0153175} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {DA011312-B1A2-4CC4-86CD-68751291B93E} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-1 -> Pas de fichier
Task: {F3C1D36F-643D-4BA8-B8BE-EF4F6301DDF0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {F42B5750-9152-4CBB-ADB2-49BD2CF1FB35} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-5 -> Pas de fichier
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Pas de nom -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Pas de fichier
BHO-x32: Pas de nom -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Pas de fichier
Toolbar: HKU\S-1-5-21-2325629162-2556327254-2773609804-500 -> Pas de nom - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Pas de fichier
FF NewTab: Mozilla\Firefox\Profiles\oa54gtoh.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__181014
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\oa54gtoh.default\Extensions\sp@avast.com.xpi [2019-12-22]
FF Extension: (Avast Online Security) - C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\oa54gtoh.default\Extensions\wrc@avast.com.xpi [2019-12-22]
S4 atashost; "C:\Windows\SysWOW64\atashost.exe" [X]
S3 AutonomyCFS; C:\Autonomy\IDOLServer\CFS\CFS.exe [X]
S3 AutonomyFileSystemConnector; C:\Autonomy\IDOLServer\FileSystemConnector\filesystemconnector.exe [X]
S3 AutonomyHTTPConnector; C:\Autonomy\IDOLServer\HTTPConnector\httpconnector.exe [X]
S3 AutonomyIDOLServer; C:\Autonomy\IDOLServer\IDOL\AutonomyIDOLServer.exe [X]
S3 AutonomyIDOLSPE; "C:\Autonomy\IDOLServer\IDOL\content\content.exe" [X]
S3 Autonomylicenseserver; C:\Autonomy\IDOLServer\LicenseServer\Autonomylicenseserver.exe [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
2019-12-22 16:34 - 2019-12-22 16:34 - 000000000 ____D C:\tmp
2019-12-22 19:40 - 2018-10-14 11:28 - 000000000 ____D C:\Users\Administrateur\AppData\Roaming\uTorrent
2019-12-22 16:41 - 2019-07-07 10:55 - 000000150 _____ C:\Windows\Reimage.ini
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2325629162-2556327254-2773609804-500_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL -> Pas de fichier
Shortcut: C:\Users\Administrateur\Desktop\support\media\Windows 7 shortcuts\Tomcat - shutdown.bat - Shortcut.lnk -> C:\Autonomy\IDOLServer\appserver\bin\shutdown.bat (Pas de fichier)
Shortcut: C:\Users\Administrateur\Desktop\support\media\Windows 7 shortcuts\Tomcat - startup.bat - Shortcut.lnk -> C:\Autonomy\IDOLServer\appserver\bin\startup.bat (Pas de fichier)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
HKU\S-1-5-21-2325629162-2556327254-2773609804-500\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Administrateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoUpdate_tv.bat => C:\Windows\pss\AutoUpdate_tv.bat.Startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
EmptyTemp:
cmd: ipconfig /flushdns
end::