start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier
AlternateDataStreams: C:\Users\Anne So Mazabrard\Desktop\Article scientifique1.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Anne So Mazabrard\Desktop\Article scientifique1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Anne So Mazabrard\Desktop\Article scientifique2.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Anne So Mazabrard\Desktop\Article scientifique2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Anne So Mazabrard\Desktop\CPAM.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Anne So Mazabrard\Desktop\CPAM.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Anne So Mazabrard\Desktop\G1 4°.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Anne So Mazabrard\Desktop\G1 4°.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
C:\Program Files (x86)\Avira
Task: {7153622E-9F0B-4787-8CEB-8500EDDCBB3D} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [670696 2018-05-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {DE54FD1A-C54B-460B-8DC8-F7E17B178BED} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
SearchScopes: HKU\S-1-5-21-694789152-727181915-1424928713-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-694789152-727181915-1424928713-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2019-10-19 17:56 - 2019-10-19 17:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-10-29 16:42 - 2017-08-30 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-10-29 16:42 - 2017-08-30 12:55 - 000000000 ____D C:\ProgramData\Avira
EmptyTemp:
cmd: ipconfig /flushdns
end::