start::
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
EmptyTemp:
HKU\S-1-5-21-3637482986-880581174-2501248515-1001\...\Run: [Polar FlowSync] => [X]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.myplaycity.com/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3637482986-880581174-2501248515-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=
SearchScopes: HKU\S-1-5-21-3637482986-880581174-2501248515-1001 -> {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = hxxp://start.myplaycity.com/results.php?category=web&s=
FF SearchPlugin: C:\Users\Anaïs-Fanny\AppData\Roaming\Mozilla\Firefox\Profiles\ir7ybty5.default-1440691626303\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\Anaïs-Fanny\AppData\Roaming\Mozilla\Firefox\Profiles\ir7ybty5.default-1440691626303\searchplugins\searx.xml
FF SearchPlugin: C:\Users\Anaïs-Fanny\AppData\Roaming\Mozilla\Firefox\Profiles\ir7ybty5.default-1440691626303\searchplugins\startpage-ssl.xml
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer Pro\mpoe.crx <non trouvé(e)>
S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
2018-11-26 15:43 - 2018-11-26 15:43 - 000000000 ____D C:\b5f82f842cdbd3bfd19986dc4254
ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> Pas de fichier
ContextMenuHandlers1: [EDSshellExt] -> [CC]{29FF7AB0-BE34-4992-A30B-53A9D86EE239} => -> Pas de fichier
ContextMenuHandlers3: [ShredderContextMenu] -> [CC]{521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => -> Pas de fichier
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} => -> Pas de fichier
ContextMenuHandlers4: [EDSshellExt] -> [CC]{29FF7AB0-BE34-4992-A30B-53A9D86EE239} => -> Pas de fichier
Task: {697E946F-8DC7-49F2-BA66-B89051BAE80E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {697E946F-8DC7-49F2-BA66-B89051BAE80E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {A1BC3041-E3FF-4BF2-9523-DE0769F90CCE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {A1BC3041-E3FF-4BF2-9523-DE0769F90CCE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Pas de fichier
Task: {C013E91C-9698-4E5E-9CD5-951CDEC6D1AC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {C013E91C-9698-4E5E-9CD5-951CDEC6D1AC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {C013E91C-9698-4E5E-9CD5-951CDEC6D1AC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Pas de fichier
Task: {D1D4561F-6F8A-4EFD-9970-4CC3D247865A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {D1D4561F-6F8A-4EFD-9970-4CC3D247865A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Pas de fichier
Task: C:\Windows\Tasks\09c3d208-0170-40fc-a6d3-a66cdb2139fc-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV23.08\09c3d208-0170-40fc-a6d3-a66cdb2139fc-1-6.exe
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB [132]
AlternateDataStreams: C:\ProgramData\Temp:0ED4AC2F [216]
AlternateDataStreams: C:\ProgramData\Temp:1D8551A3 [308]
AlternateDataStreams: C:\ProgramData\Temp:268A5068 [284]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:30E0D641 [145]
AlternateDataStreams: C:\ProgramData\Temp:9603033A [124]
AlternateDataStreams: C:\ProgramData\Temp:D987CB43 [308]
AlternateDataStreams: C:\ProgramData\Temp:DB77E2C4 [145]
AlternateDataStreams: C:\ProgramData\Temp:F986CC21 [112]
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\Launcher\Avira.OE.Systray.exe
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: SpUninstallCleanUp => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
cmd: ipconfig /flushdns
end::