start::
CreateRestorePoint:
CloseProcesses:
Hosts:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe 
IE trusted site: HKU\S-1-5-21-3867007612-3223829456-4233311489-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3867007612-3223829456-4233311489-1001\...\aeriagames.com -> hxxp://aeriagames.com 
FirewallRules: [UDP Query User{38DDB281-C1BF-49B7-A9E4-0BCCD025874E}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
C:\program files (x86)\arc
FirewallRules: [UDP Query User{CEC6FF4B-7280-41F1-8C4F-79AC7BF673FC}C:\users\alessf\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\alessf\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{E13F5837-9635-4200-955C-5AE84EB9B7C6}C:\users\alessf\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\alessf\appdata\local\akamai\netsession_win.exe 
C:\users\alessf\appdata\local\akamai
FirewallRules: [TCP Query User{81D0A152-341A-4BCC-AFC4-32D328968165}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe 
FirewallRules: [UDP Query User{43AE88D9-E9B6-46A4-B280-CB6404A16400}C:\users\alessf\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\alessf\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2E0CF034-0EB0-48BF-8046-1EDA9044D152}C:\users\alessf\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\alessf\appdata\local\akamai\netsession_win.exe 
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_46鄉1=1鄉2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DyD0AyC0CyEtCtAyByEzytN0D0Tzu0StCyByBzytN1L2XzutAtFtByEtFtAtDtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzyzyzzyBtD0E0AtGyCyE0FtDtGyDtC0BtCtGtD0AtAyDtGtA0D0EtDtC0D0F0AtAzyyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyzytByByB0A0DtG0B0E0FtAtGyEzytDzztGzyyEzztCtGzyyBzztByBtAtAtB0C0E0CtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyByDzz%26cr%3D281167958%26a%3Dwbf_ir_16_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-3867007612-3223829456-4233311489-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3867007612-3223829456-4233311489-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_46鄉1=1鄉2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DyD0AyC0CyEtCtAyByEzytN0D0Tzu0StCyByBzytN1L2XzutAtFtByEtFtAtDtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzyzyzzyBtD0E0AtGyCyE0FtDtGyDtC0BtCtGtD0AtAyDtGtA0D0EtDtC0D0F0AtAzyyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyzytByByB0A0DtG0B0E0FtAtGyEzytDzztGzyyEzztCtGzyyBzztByBtAtAtB0C0E0CtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyByDzz%26cr%3D281167958%26a%3Dwbf_ir_16_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_46鄉1=1鄉2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DyD0AyC0CyEtCtAyByEzytN0D0Tzu0StCyByBzytN1L2XzutAtFtByEtFtAtDtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzyzyzzyBtD0E0AtGyCyE0FtDtGyDtC0BtCtGtD0AtAyDtGtA0D0EtDtC0D0F0AtAzyyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyzytByByB0A0DtG0B0E0FtAtGyEzytDzztGzyyEzztCtGzyyBzztByBtAtAtB0C0E0CtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyByDzz%26cr%3D281167958%26a%3Dwbf_ir_16_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_46鄉1=1鄉2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DyD0AyC0CyEtCtAyByEzytN0D0Tzu0StCyByBzytN1L2XzutAtFtByEtFtAtDtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzyzyzzyBtD0E0AtGyCyE0FtDtGyDtC0BtCtGtD0AtAyDtGtA0D0EtDtC0D0F0AtAzyyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyzytByByB0A0DtG0B0E0FtAtGyEzytDzztGzyyEzztCtGzyyBzztByBtAtAtB0C0E0CtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyByDzz%26cr%3D281167958%26a%3Dwbf_ir_16_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_46鄉1=1鄉2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DyD0AyC0CyEtCtAyByEzytN0D0Tzu0StCyByBzytN1L2XzutAtFtByEtFtAtDtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzyzyzzyBtD0E0AtGyCyE0FtDtGyDtC0BtCtGtD0AtAyDtGtA0D0EtDtC0D0F0AtAzyyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyzytByByB0A0DtG0B0E0FtAtGyEzytDzztGzyyEzztCtGzyyBzztByBtAtAtB0C0E0CtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyByDzz%26cr%3D281167958%26a%3Dwbf_ir_16_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} 
FF Homepage: Mozilla\Firefox\Profiles\3ln7gnkv.default -> hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_46鄉1=1鄉2=f%3D1%26b%3DFirefox%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0CtB0D0DyD0AyC0CyEtCtAyByEzytN0D0Tzu0StCyByBzytN1L2XzutAtFtByEtFtAtDtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzyzyzzyBtD0E0AtGyCyE0FtDtGyDtC0BtCtGtD0AtAyDtGtA0D0EtDtC0D0F0AtAzyyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzyzytByByB0A0DtG0B0E0FtAtGyEzytDzztGzyyEzztCtGzyyBzztByBtAtAtB0C0E0CtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyByDzz%26cr%3D281167958%26a%3Dwbf_ir_16_46%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF NewTab: Mozilla\Firefox\Profiles\3ln7gnkv.default -> about:newtab 
FF SearchPlugin: C:\Users\AlessF\AppData\Roaming\Mozilla\Firefox\Profiles\3ln7gnkv.default\searchplugins\McSiteAdvisor.xml [2016-02-27]
FF SearchPlugin: C:\Users\AlessF\AppData\Roaming\Mozilla\Firefox\Profiles\3ln7gnkv.default\searchplugins\yahoo! powered.xml [2016-11-14] 
CHR HomePage: Default -> hxxp://start.mysearchdial.com/?f=1&a=tele_14_12_ie&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyEtCtBtDyE0AzyyBtA0EtAtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0FtB0E0BtDtDtGzz0D0D0DtG0DyDyE0EtG0B0A0D0DtGyE0E0E0E0DtDzzyD0C0C0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtD0F0CtBtAtByDtGyBzzyC0FtGtA0B0DzytGtAtAtC0CtGyDyEtAtA0FtB0D0A0CtBtAtC2Q&cr=1056226114&ir=
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srchbar.com/?s={searchTerms} 
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3867007612-3223829456-4233311489-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx 
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [X] 
2018-03-07 12:31 - 2017-12-03 20:05 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-07 00:13 - 2017-12-03 20:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software 
RemoveProxy:
EmptyTemp:
cmd: ipconfig /flushdns
end::