start::
closeprocesses:
createrestorepoint:
AV: Emsisoft Anti-Malware (Disabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> Pas de fichier
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier
ContextMenuHandlers2: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> Pas de fichier
ContextMenuHandlers2: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> Pas de fichier
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> Pas de fichier
ContextMenuHandlers3: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> Pas de fichier
ContextMenuHandlers3: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> Pas de fichier
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier
ContextMenuHandlers6: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> Pas de fichier
ContextMenuHandlers6: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> Pas de fichier
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-8a7375dff1addf34
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-8a7375dff1addf34
Toolbar: HKU\S-1-5-21-3023512736-513249968-2566847795-1001 -> Pas de nom - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Pas de fichier
C:\Users\DUFOUR\AppData\Local\chromium
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.3.0\GoogleDriveFS.exe --startup_mode (Pas de fichier)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.3.0\GoogleDriveFS.exe --startup_mode (Pas de fichier)
HKU\S-1-5-21-3023512736-513249968-2566847795-1001\...\Run: [Chromium] => "c:\users\dufour\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [859648 2017-02-27] (The Chromium Authors) [Fichier non signé]
HKU\S-1-5-21-3023512736-513249968-2566847795-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36976728 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3023512736-513249968-2566847795-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.3.0\GoogleDriveFS.exe --startup_mode (Pas de fichier)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {27C49D9B-B38B-4906-BC8F-9FC753A2A4B3} - System32\Tasks\{51BC48E0-FC80-4291-A9A1-73A133DEFC81} => C:\WINDOWS\system32\pcalua.exe -a E:\autorun.EXE -d E:\
Task: {3F43FC82-5B81-45FC-AFBA-965524E094ED} - System32\Tasks\{FD194C88-603C-4B23-8091-DA63A09279CA} => C:\Windows\system32\pcalua.exe -a "F:\Seb tennis de table\divers fichers\wmp11-windowsxp-x86-FR-FR.exe"
Task: {47DA44AC-C6C8-4D49-B577-AED312524957} - System32\Tasks\{8A87F3C9-C3FD-41F5-836E-FC089F4A1134} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" -c /z-uninstall
Task: {611B5E9B-F23A-4781-82C1-77251827B8CF} - System32\Tasks\{03C93C4E-F039-4372-95C3-7A2741CD50AA} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe" -c /z-uninstall
Task: {6B3D7867-BF36-418E-9DA2-0EF933D9CAF6} - System32\Tasks\{31699E2E-749C-479E-9842-CF68E67DE45B} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_Plugin.exe -c -maintain plugin
Task: {753FC9B0-DBBA-4E78-A8F2-3FA5660CDC9B} - System32\Tasks\{775F8101-435C-4F40-919A-DBACB046CB39} => C:\Windows\system32\pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_Plugin.exe -c -maintain plugin
Task: {915F4FB3-DCB2-443E-9595-8F7CEBEAF3BD} - System32\Tasks\{37CB573B-FB3E-459A-90C9-766EE50BB22F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" -c /z-uninstall
Task: {B00BEFFB-2BA9-49B9-A217-229D104ED0FB} - System32\Tasks\{348D72F5-54F8-477E-8250-389A2E10980C} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{4862344A-A39C-4897-ACD4-A1BED5163C5A}\Setup.exe" -c /z-uninstall
Task: {B7307456-E7F0-4722-80C0-F7EFDBCBD205} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2059272 2015-07-27] (Symantec Corporation -> Symantec Corporation)
Task: {CD0D1DE7-40BC-40E0-A6D1-7D02E392D1EA} - System32\Tasks\{F6C36FC4-68FD-4E12-97A6-8E52724168F3} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -c /z-uninstall
Task: {FC136416-B99B-4220-B84F-ACE8A9DFD882} - \Microsoft\Windows\Setup\EOSNotify -> Pas de fichier <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy est activé.
ProxyEnable: [HKLM-x32] => Proxy est activé.
ProxyServer: [HKLM] => http=127.0.0.1:48080;https=127.0.0.1:48080
ProxyServer: [HKLM-x32] => http=127.0.0.1:48080;https=127.0.0.1:48080
ManualProxies: 1http=127.0.0.1:48080;https=127.0.0.1:48080
FF user.js: detected! => C:\Users\DUFOUR\AppData\Roaming\Mozilla\Firefox\Profiles\iwx5iq0b.default-release-1-1583428688013\user.js [2022-07-03]
C:\Users\DUFOUR\AppData\Roaming\Mozilla\Firefox\Profiles\iwx5iq0b.default-release-1-1583428688013
FF ProfilePath: C:\Users\DUFOUR\AppData\Roaming\Mozilla\Firefox\Profiles\iwx5iq0b.default-release-1-1583428688013 [2022-07-03]
FF ProfilePath: C:\Users\DUFOUR\AppData\Roaming\Mozilla\Firefox\Profiles\9nk7xz6x.default-release-2 [2022-07-03]
C:\Users\DUFOUR\AppData\Roaming\Mozilla\Firefox\Profiles\9nk7xz6x.default-release-2
FF user.js: detected! => C:\Users\DUFOUR\AppData\Roaming\Mozilla\Firefox\Profiles\9nk7xz6x.default-release-2\user.js [2022-07-03]
FF ProfilePath: C:\Users\DUFOUR\AppData\Roaming\Mozilla\Firefox\Profiles\emflbowl.default-release-3 [2022-07-03]
C:\Users\DUFOUR\AppData\Roaming\Mozilla\Firefox\Profiles\emflbowl.default-release-3
FF user.js: detected! => C:\Users\DUFOUR\AppData\Roaming\Mozilla\Firefox\Profiles\emflbowl.default-release-3\user.js [2022-07-03]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [Fichier non signé]
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006"
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
S3 clwvd7; \SystemRoot\system32\DRIVERS\clwvd7.sys [X]
S3 clwvdPFC; \SystemRoot\system32\DRIVERS\clwvdPFC.sys [X]
S2 WCMVCAM; \SystemRoot\system32\DRIVERS\wcmvcam64.sys [X]
cmd: sfc /scannow
emptytemp:
end::