start::
closeprocesses:
createrestorepoint:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Pas de fichier
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Pas de fichier
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Pas de fichier
Task: {253A8EFA-FEBB-4703-936A-547A4D949B2E} - System32\Tasks\AviraSystemSpeedupRemoval => %comspec% [Argument = /C rmdir "C:\Program Files (x86)\Avira\System Speedup" /S /Q & schtasks /Delete /F /TN AviraSystemSpeedupRemoval]
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Pas de fichier <==== ATTENTION
Task: {80CA45F1-DA4A-43E3-AC81-168B969A0436} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Pas de fichier <==== ATTENTION
Task: {A4809179-3D3E-4FF5-983D-3CD2E0503073} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Pas de fichier <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Pas de fichier <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Pas de fichier <==== ATTENTION
Task: {EB3AA15C-2D7F-49A9-96DC-71A1B1E371DD} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe
Task: {F89FFDB2-23A7-4527-B8AA-135BDDA4B21A} - System32\Tasks\{7BE4CBED-6D48-4280-8F3A-92F582434DFB} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {F8CA69C0-ED55-43CC-BAB8-54D7E089B07E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Pas de fichier <==== ATTENTION
Task: {FAE6D2F1-E560-4C62-A185-3E93171D7E41} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
C:\Program Files\Common Files\avast software
C:\Program Files\Common Files\AV
C:\Program Files (x86)\Avira
AlternateDataStreams: C:\Users\Administrateur\proplast.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Administrateur\proplast.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\PHOTOS FAMILLE BOUL.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Administrateur\Desktop\PHOTOS FAMILLE BOUL.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\rainbow.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Administrateur\Desktop\rainbow.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Administrateur\Desktop\spabox.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Administrateur\Desktop\spabox.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
IE trusted site: HKU\S-1-5-21-222650334-1294849713-3726248724-500\...\sharepoint.com -> hxxps://proxyplast-files.sharepoint.com
FirewallRules: [TCP Query User{23956173-AF89-44A7-9DBC-6EE552C16780}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe Pas de fichier
FirewallRules: [UDP Query User{7C0FADE9-25EF-45D2-98B2-67F9D858C6CA}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe Pas de fichier
FirewallRules: [TCP Query User{E2E70C35-EA65-40BA-9142-40F6BE36A79C}D:\easysetupassistant\tssh2.exe] => (Allow) D:\easysetupassistant\tssh2.exe Pas de fichier
FirewallRules: [UDP Query User{4A24FA81-B289-40A2-A07F-14C7AFAA37B8}D:\easysetupassistant\tssh2.exe] => (Allow) D:\easysetupassistant\tssh2.exe Pas de fichier
FirewallRules: [{7925319F-01E9-4BE8-8109-3A29917B5200}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FE0BF0ED-B4D6-4A00-91E2-6739F7ECC4F8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8D818BE2-7FF9-4B63-B81E-B4767F937632}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E1AA6ACC-80F2-4DAB-AE0F-287952965207}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A5FF7140-D1FF-4C3E-97E6-0DBC98B1A697}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe Pas de fichier
FirewallRules: [{7CE15644-D8E6-4985-9AF7-E23F658816BF}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe Pas de fichier
FirewallRules: [{E907CAB6-96FC-4410-9B6F-A210558812DD}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe Pas de fichier
FF Extension: (Avira Browser Safety) - C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\RXzSMtzB.default\Extensions\abs@avira.com [2019-03-05] [hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (Avira Password Manager) - C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\RXzSMtzB.default\Extensions\passwordmanager@avira.com [2019-03-05]
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
R4 avusbflt; System32\Drivers\avusbflt.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
2019-03-26 13:02 - 2019-03-26 13:02 - 000003354 _____ C:\Windows\System32\Tasks\AviraSystemSpeedupRemoval
2019-03-26 09:00 - 2019-03-26 09:00 - 000000000 ____D C:\Users\Administrateur\AppData\Local\AviraSpeedup
cmd: type C:\AdwCleaner\AdwCleaner[S0].txt
cmd: type C:\AdwCleaner\AdwCleaner[S1].txt
cmd: type C:\AdwCleaner\AdwCleaner[S2].txt
cmd: type C:\AdwCleaner\AdwCleaner[C0].txt
cmd: type C:\AdwCleaner\AdwCleaner[C1].txt
2019-03-25 16:17 - 2019-03-26 09:14 - 000000000 ____D C:\rsit
2019-03-25 16:17 - 2019-03-26 09:14 - 000000000 ____D C:\Program Files (x86)\trend micro
2019-03-25 16:17 - 2019-03-25 16:17 - 000001528 _____ C:\Users\Administrateur\Desktop\RSIT - Raccourci.lnk
2019-03-25 16:16 - 2019-03-25 16:16 - 001107968 _____ C:\Users\Administrateur\Downloads\RSIT.exe
2019-03-05 11:27 - 2019-03-05 11:32 - 005808920 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrateur\Desktop\avira_en_aps10_3305296976_rwnzbu0mgosxe0kk9g3h_wd.exe
2019-03-05 11:15 - 2019-03-05 11:57 - 000000000 ____D C:\Users\Administrateur\AppData\Local\Opera Software
2019-03-05 11:12 - 2019-03-05 11:57 - 000000000 ____D C:\Users\Administrateur\AppData\Roaming\Opera Software
2019-03-05 11:11 - 2019-03-05 11:11 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2019-03-05 11:03 - 2019-03-05 11:03 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2019-03-05 10:58 - 2019-03-25 14:50 - 000000000 ____D C:\Users\Administrateur\AppData\Local\Avira
2019-03-05 10:57 - 2019-03-05 11:42 - 000000000 ____D C:\Windows\System32\Tasks\Avira
2019-03-05 10:47 - 2019-03-26 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-03-05 10:46 - 2019-03-26 13:06 - 000000000 ____D C:\ProgramData\Avira
2019-03-05 10:46 - 2019-03-26 13:06 - 000000000 ____D C:\Program Files (x86)\Avira
2019-03-05 10:43 - 2019-03-05 10:44 - 005807360 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrateur\Downloads\avira__fass1___tch.exe
2019-03-25 16:59 - 2015-09-29 19:41 - 000000000 ____D C:\ProgramData\AVAST Software
2019-03-25 16:55 - 2016-09-02 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
emptytemp:
end::