start::
closeprocesses:
createrestorepoint:
virustotal: D:\$.RECYCLEBIN\svshost.exe
HKLM\...\Run: [songpilot] => D:\$.RECYCLEBIN\svshost.exe [126976 2015-08-14] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
HKLM\...\Run: [Manual] => C:\$.RECYCLEBIN\svshost.exe [126976 2015-08-14] (Microsoft Corporation) [Fichier non signé] [Fichier en cours d'utilisation] <==== ATTENTION
HKLM\...\Run: [Printer] => C:\$.RECYCLEBIN\svshost.exe [126976 2015-08-14] (Microsoft Corporation) [Fichier non signé] [Fichier en cours d'utilisation] <==== ATTENTION
HKLM-x32\...\Run: [songpilot] => D:\$.RECYCLEBIN\svshost.exe [126976 2015-08-14] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
HKLM-x32\...\Run: [Manual] => C:\$.RECYCLEBIN\svshost.exe [126976 2015-08-14] (Microsoft Corporation) [Fichier non signé] [Fichier en cours d'utilisation] <==== ATTENTION
HKLM-x32\...\Run: [Printer] => C:\$.RECYCLEBIN\svshost.exe [126976 2015-08-14] (Microsoft Corporation) [Fichier non signé] [Fichier en cours d'utilisation] <==== ATTENTION
HKLM-x32\...\Run: [System] => D:\$.RECYCLEBIN\svshost.exe [126976 2015-08-14] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
D:\$.RECYCLEBIN\svshost.exe
C:\$.RECYCLEBIN\svshost.exe
D:\$.RECYCLEBIN
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {0496a8a8-c3a3-11e8-a04c-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {065b0df3-2ede-11eb-8c2c-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {136f0afa-0b8b-11eb-a580-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {16826e22-dc2b-11e4-92d8-d43d7eedeac6} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {1eee99a2-e050-11ea-a180-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {216f3cc8-c654-11ea-a152-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {27a1597e-b928-11eb-85c0-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {30394d52-cfa0-11e7-96af-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {30394d5d-cfa0-11e7-96af-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {34767e18-2d0d-11ec-93ed-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {3641779a-5b1a-11ec-80a8-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {3a0d588f-72db-11e9-b172-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {3a0d5896-72db-11e9-b172-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {43893865-1e67-11e4-bdfe-d43d7eedeac6} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {4c84d60a-c1a1-11e9-95ef-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {4c84d60f-c1a1-11e9-95ef-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {4cd1362b-753e-11e9-a88a-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {4d6973ae-7509-11e8-a748-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {6e67137f-dfa9-11eb-858d-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {75531d3b-7ed1-11e3-a5ad-d43d7eedeac6} - F:\setup.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {773e94f0-2fff-11e8-b642-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {81246087-c85b-11e8-ae0b-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {82fb977c-2c32-11e9-8f46-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {8e1acd92-5270-11eb-94e6-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {a2761bc8-fe9a-11e8-be3e-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {b15fc6c8-eb45-11ea-80c1-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {bac29041-4ce9-11eb-905b-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {bc9facd7-40c3-11ec-84c1-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {bc9facfa-40c3-11ec-84c1-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {be84763c-0312-11ea-b82a-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {c8e0d5bf-a798-11e9-85d2-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {c8e0d5c8-a798-11e9-85d2-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {cd05a2b4-cc82-11e9-8cdc-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {cddf8260-f614-11e8-bf9e-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {ce56afa6-5f95-11e6-afbd-d43d7eedeac6} - E:\MediaManager.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {cf8f5bb9-d4f9-11e8-b6c6-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {d694254a-e5d1-11ea-aacf-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {ddc3e36b-dd60-11e9-9eb2-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {e28a0fb4-2b66-11e9-b55d-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {e95bd776-0618-11eb-a752-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {fdc091bf-6f33-11ea-b31b-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-265740998-551177575-1690891536-1002\...\MountPoints2: {ff16d081-2078-11ec-b9f7-d43d7eedeac6} - F:\HiSuiteDownLoader.exe
HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
Startup: C:\Users\Ludivine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Astral.lnk [2022-06-26]
Startup: C:\Users\Ludivine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Claire.lnk [2022-07-01]
ShortcutTarget: Claire.lnk -> C:\$.RECYCLEBIN\svshost.exe (Microsoft Corporation) [Fichier non signé] [Fichier en cours d'utilisation]
Startup: C:\Users\Ludivine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cleaner.lnk [2022-06-26]
Startup: C:\Users\Ludivine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Help.lnk [2022-06-26]
Startup: C:\Users\Ludivine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Manual.lnk [2022-06-26]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Task: {8B61E47F-EE10-411A-9E38-A026C58EB724} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {E7EBF539-F45A-47CE-9688-C7DBC211D0CD} - \{459DE4B9-A8B9-48FE-9EA3-F734B41ECF85} -> Pas de fichier <==== ATTENTION
Task: {EA807504-A72A-4530-801D-1F096EA2F5B3} - \{77E1BD76-D651-4C05-ADBE-CD0D12F0B3FF} -> Pas de fichier <==== ATTENTION
Task: {EDEB2311-F714-4A03-98D1-F2ED976C6964} - System32\Tasks\{AF374622-F49C-4FFD-9498-07FC3DBD79EA} => C:\Windows\system32\pcalua.exe -a D:\Firefox\DCS-932L_sw_revALL_wizard_1-02_10_all_en_20130409\Advanced\autorun.exe -d D:\Firefox\DCS-932L_sw_revALL_wizard_1-02_10_all_en_20130409\Advanced
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Pas de fichier]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Pas de fichier]
FF Plugin-x32: @unisys.com/npornap -> C:\Program Files (x86)\Orange\CAP Nap Plugin ActiveX [2014-01-28] () <==== ATTENTION [zéro octet Fichier/Dossier]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\adslTV\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\adslTV\VLC\npvlc.dll [Pas de fichier]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\adslTV\VLC\npvlc.dll [Pas de fichier]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 iusb3hub; system32\DRIVERS\iusb3hub.sys [X]
S3 iusb3xhc; system32\DRIVERS\iusb3xhc.sys [X]
S3 MSICDSetup; \??\G:\CDriver64.sys [X]
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\G:\NTIOLib_X64.sys [X]
2022-06-06 11:24 - 2022-06-06 11:24 - 000000000 _RSHD C:\$.RECYCLEBIN
cmd: netsh advfirewall reset
emptytemp:
end::