start::
closeprocesses:
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> Pas de fichier
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> Pas de fichier
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => -> Pas de fichier
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Pas de fichier
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> Pas de fichier
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> Pas de fichier
C:\Program Files\AVAST Software
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
BHO: Pas de nom -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Pas de fichier
BHO: Pas de nom -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Pas de fichier
BHO: Pas de nom -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> Pas de fichier
FirewallRules: [TCP Query User{CAC1B08D-8B01-4618-B961-D4D060A4D11B}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Corporation) [Fichier non signé]
FirewallRules: [UDP Query User{22F54699-F2AD-41A0-BAF2-EEF2E14D7E51}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe (Microsoft Corporation) [Fichier non signé]
FirewallRules: [TCP Query User{9488524C-8FEE-4190-935F-26D6AFB504D7}C:\windows\system32\cmd.exe] => (Block) C:\windows\system32\cmd.exe
FirewallRules: [UDP Query User{F6001372-F606-478C-8E93-F79958170FA0}C:\windows\system32\cmd.exe] => (Block) C:\windows\system32\cmd.exe
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [271872 2017-01-27] (Microsoft Corporation) [Fichier non signé]
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [266752 2017-01-27] (Microsoft Corporation) [Fichier non signé]
HKLM\...\Winlogon: [Shell] C:\Windows\explorer.exe [3473408 2017-01-21] (Microsoft Corporation) [Fichier non signé]
HKLM-x32\...\Winlogon: [Shell] explorer.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [337920 2017-01-27] (Microsoft Corporation) [Fichier non signé]
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [337920 2017-01-27] (Microsoft Corporation) [Fichier non signé]
Task: {387E1D0B-5838-4D1C-ACA5-62E43161874D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe [439808 2017-01-21] (Microsoft Corporation) [Fichier non signé]
Task: {398E5028-785F-497F-B833-AAB8CA8A5D16} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [424448 2017-01-27] (Microsoft Corp.) [Fichier non signé]
Task: {7AF6F3BF-2824-4727-85BB-D159968D42AA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe [439808 2017-01-21] (Microsoft Corporation) [Fichier non signé]
Task: {91A42727-1D7F-41B4-84A4-87625381ACCC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe [439808 2017-01-21] (Microsoft Corporation) [Fichier non signé]
Task: {A74CAEC8-A497-46C1-8EB4-F266A346A7CF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-05-25] (Avast Software s.r.o. -> Avast Software)
Task: {C3697B30-8910-4DAB-BA86-87AC981D6FAD} - System32\Tasks\ReclaimerResumeInstallLogin_Administrateur => C:\Users\Administrateur\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.18\agent\rnupgagent.exe [969216 2020-03-22] (RealNetworks, Inc.) [Fichier non signé]
Task: {DD71730D-6947-496F-AE8E-DABA211F37D0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [439808 2017-01-21] (Microsoft Corporation) [Fichier non signé]
Task: {DE6BEBA1-FCD3-49A5-BBEC-8F605024C5ED} - System32\Tasks\ReclaimerResumeInstall_Administrateur => C:\Users\Administrateur\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.18\agent\rnupgagent.exe [969216 2020-03-22] (RealNetworks, Inc.) [Fichier non signé]
Task: {EE72DF56-606D-4DE7-A88A-C142CF194264} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe [439808 2017-01-21] (Microsoft Corporation) [Fichier non signé]
Task: {F5A1C722-DE49-4010-B8A2-CCAFDEF65244} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe [439808 2017-01-21] (Microsoft Corporation) [Fichier non signé]
Task: {FBB06BC3-9C22-4A1A-B869-F468E0C8FACE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (Pas de fichier)
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [Pas de fichier]
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Pas de fichier]
S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\aswidsagent.exe" [X]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc [X]
S2 avast! Tools; "C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe" /runassvc [X]
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [42304 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [238152 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [390096 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [306128 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [105936 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [48512 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [276520 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [114464 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [90008 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [862936 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [672272 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [221944 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [327896 2022-10-22] (Avast Software s.r.o. -> AVAST Software)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2022-05-27] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2022-05-27] (Malwarebytes Inc -> Malwarebytes)
U1 aswbdisk; pas de ImagePath
U3 aswblog; pas de ImagePath
cmd: copy "C:\Windows\explorer.exe" "C:\Windows\SysWOW64"
emptytemp:
end::