start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
EmptyTemp:
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 0
GroupPolicy-x32: Restriction ? <==== ATTENTION
FF Extension: (Protection Web Avira) - C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\6jjhxep2.default-1475825713599\Extensions\abs@avira.com.xpi 
FF HKU\S-1-5-21-3228999793-1869967242-2393064060-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [Pas de fichier]
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [Pas de fichier]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S2 PDF Architect 5 Manager; pas de ImagePath
S3 1516976F; C:\Windows\system32\drivers\1516976F.sys [255928 2018-03-06]
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [38048 2018-04-25]
R1 epp; C:\EEK\bin64\epp.sys [142448 2018-04-07]
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [562776 2017-10-16]
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys 
HKU\S-1-5-21-3228999793-1869967242-2393064060-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Pas de nom -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Pas de fichier
BHO: Pas de nom -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Pas de fichier
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2017-10-16]
U3 aswbdisk; pas de ImagePath
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
2018-06-09 08:44 - 2018-06-09 11:28 - 000000000 ____D C:\Users\_\AppData\Roaming\Wise Euask
2018-06-09 08:43 - 2018-06-09 08:43 - 000000000 ____D C:\Windows\ERUNT
2018-06-08 16:57 - 2018-06-08 16:57 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\332115D3.sys
2018-06-06 11:06 - 2018-06-06 11:06 - 000000207 _____ C:\Windows\tweaking.com-regbackup-TOM0471-Windows-8.1-(64-bit).dat
2018-06-05 21:49 - 2018-06-05 21:49 - 000000000 ____D C:\Users\_\AppData\Local\SquirrelTemp
2018-06-04 17:00 - 2018-06-08 16:57 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-06-04 17:00 - 2018-06-04 17:00 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\21162158.sys
2018-05-25 18:32 - 2018-05-25 18:32 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\56752541.sys
2018-05-18 15:37 - 2018-05-18 15:37 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7A777A5E.sys
2018-06-10 17:01 - 2018-04-27 18:54 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-10 16:10 - 2017-09-20 18:04 - 000000000 ____D C:\EEK
2018-06-08 16:50 - 2018-04-14 12:05 - 000003090 _____ C:\Windows\System32\Tasks\AdwCleaner_onReboot
2018-04-14 08:43 - 2018-04-14 08:43 - 000000171 _____ () C:\Users\_\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2018-04-14 08:43 - 2018-04-14 08:43 - 000000304 _____ () C:\Users\_\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2018-04-14 08:43 - 2018-04-14 08:43 - 000000175 _____ () C:\Users\_\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2018-01-02 11:21 - 2018-01-02 11:21 - 000000036 _____ () C:\Users\_\AppData\Local\housecall.guid.cache
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll
Task: {0DB8D5F3-A3C4-474F-A231-8EE6ECB684BA} - System32\Tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (Delete old Restore Points) (For User _) => C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
Task: {4ECCD0A4-9F11-42B5-892B-A3B4D8207B25} - System32\Tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (For User _) => C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
Task: {671FD8AB-C752-45C8-812D-FA59256108F7} - System32\Tasks\AdwCleaner_onReboot => C:\Users\_\Desktop\adwcleaner_7.2.0.exe
Task: {7340B2C5-1A0C-4143-94C9-0C6A22E6529C} - System32\Tasks\{F46E9C53-23A8-43C9-99B5-53C002D64318} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ERUNT\ERUNT.EXE" -d "C:\Program Files (x86)\ERUNT"
Task: {96206B65-5508-478D-A601-1E4A87B5764C} - \AviraSystemSpeedupRemoval -> Pas de fichier <==== ATTENTION
Task: {988394A5-0D5C-44EE-891B-3CDCAEB118F8} - \AviraSystemSpeedupUpdate -> Pas de fichier <==== ATTENTION
Task: {8EE986F5-29B7-4279-9BA6-D25EBA5A0E76} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
Task: {BE880DCC-8A08-45DC-AA96-08B6211871B9} - System32\Tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (Keep X Number of Restore Points) (For User _) => C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
Task: {C52AB09E-53EB-4F16-AA5F-7FFDC8ABAB8F} - System32\Tasks\Microsoft\Windows\OrangeUpdate_Install => C:\Program Files (x86)\Orange Update\install.bat [2018-04-20] () <==== ATTENTION
Task: {D5C27FC5-4F1A-4FF2-8414-E9FF7AE6402F} - System32\Tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (Create Custom Restore Point) (For User _) => C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
Task: {DC045984-78C1-4233-893C-F5B4D113E430} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
Task: {E8A9C982-4F43-4FF7-BE3B-512B3EF2CCFC} - System32\Tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (Create Restore Point) (For User _) => C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
Task: {FC0BCA41-CCC8-4F6A-A472-0D8B1AAE0AC5} - System32\Tasks\{82579C7B-5D23-4B9C-88DE-D3C4D157B7EC} => C:\Windows\system32\pcalua.exe -a H:\Setup.exe -d H:\
2010-07-15 06:44 - 2010-07-15 06:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
AlternateDataStreams: C:\ProgramData\Temp:D47D9FF6 [103]
cmd: ipconfig /flushdns
end::