Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
Task: {51D9B765-5CF8-4802-8A5B-A4F9B1541C72} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2045832 2019-08-20] (AVAST Software s.r.o. -> AVAST Software) 
HKU\S-1-5-21-3286805605-1997177543-4102321847-11683-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-09102019132939443\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
HKU\S-1-5-21-3286805605-1997177543-4102321847-11683.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09112019083846641\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
HKU\S-1-5-21-3286805605-1997177543-4102321847-11683.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09112019083926937\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4472936 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc) 
R2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [251496 2019-09-09] (Digital Communications Inc. -> Digital Communications Inc)
R1 SEGURAZOKD; C:\Program Files (x86)\Segurazo\SegurazoKD.sys [84256 2019-07-26] (Digital Communications Inc. -> Digital Communications Inc) 
2019-09-09 14:25 - 2019-09-09 14:25 - 000000000 ____D C:\Users\admin.computer\AppData\Roaming\segurazoclient 
2019-08-18 17:31 - 2019-08-18 17:33 - 000000000 ____D C:\Users\dasilvamartinse\AppData\Roaming\segurazoclient
2019-08-18 17:30 - 2019-08-20 12:12 - 000000000 ____D C:\Program Files (x86)\bookingDesktopApp
2019-08-18 17:27 - 2019-09-11 11:40 - 000000000 ____D C:\Program Files (x86)\Segurazo
2019-08-18 17:27 - 2019-08-20 13:08 - 000000000 ____D C:\ProgramData\AVAST Software
2019-08-18 17:27 - 2019-08-18 17:28 - 000000000 ____D C:\ProgramData\Segurazo
2019-08-18 17:27 - 2019-08-18 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segurazo 
C:\Program Files\Common Files\AVAST Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
EmptyTemp:
End::