start::
closeprocesses:
createrestorepoint:
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Pas de fichier
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\phil\Cookies:rU3Ztdx1HLcRycRMo6Ki1 [2072]
HKLM\...\.scr:  =>  <==== ATTENTION
185.156.173.178 fr-001.whiskergalaxy.com   #added by Windscribe, do not modify.
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1658515048-1776074000-2273972881-1001\...\StartupApproved\Run: => "Windscribe"
FirewallRules: [UDP Query User{7ACE05B4-34B4-4CCF-980F-7D07807C15E4}C:5\program files (x86)\steam\steamapps\common\raceroom racing experience\game\rrre.exe] => (Allow) C:5\program files (x86)\steam\steamapps\common\raceroom racing experience\game\rrre.exe => Pas de fichier
FirewallRules: [TCP Query User{EDBED77C-E9FB-4C69-93FC-69F276CA14E2}C:5\program files (x86)\steam\steamapps\common\raceroom racing experience\game\rrre.exe] => (Allow) C:5\program files (x86)\steam\steamapps\common\raceroom racing experience\game\rrre.exe => Pas de fichier
FirewallRules: [TCP Query User{B0FCFBB9-4D37-4270-BA83-CD11C28B98DA}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => Pas de fichier
FirewallRules: [UDP Query User{95377884-C979-4834-B52D-54C78C4092FD}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => Pas de fichier
FirewallRules: [TCP Query User{44313257-554C-4C47-ABB6-5C8D9B7E7EF9}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => Pas de fichier
FirewallRules: [UDP Query User{A3165F56-5AD3-4644-8491-45758C315BFB}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => Pas de fichier
HKU\S-1-5-21-1658515048-1776074000-2273972881-1001\...\Run: [Windscribe] => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart
C:\Program Files (x86)\Windscribe
HKU\S-1-5-21-1658515048-1776074000-2273972881-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [4624880 2020-05-12] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
Task: {31BA330E-633C-413B-A357-3FAB35ECE93D} - System32\Tasks\Driver Booster SkipUAC (phil) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
C:\Program Files (x86)\IObit
Task: {3E901836-E9B8-4056-8CC8-4E1277CF0295} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-28] (Avast Software s.r.o. -> Avast Software)
C:\Program Files\Common Files\AVAST Software
Task: {6C9AF3B2-089E-450A-A9B7-6258114C6179} - System32\Tasks\FOSCAMVMS => C:\Program Files (x86)\FoscamVMS\VMSClient.exe [1732096 2017-06-08] () [Fichier non signé]
Hosts: 185.156.173.178 fr-001.whiskergalaxy.com   #added by Windscribe, do not modify.
FF Notifications: Mozilla\Firefox\Profiles\gw95guu8.default-1511027786848 -> hxxps://sim-racing-evolution.fr; hxxp://www.liberation.fr; hxxp://teamlsf.fr; hxxp://endurance-simracing-leagues.org; hxxps://teamlsf.fr; hxxps://photo-avenue.com; hxxps://maranhesduve.club; hxxps://rednews7.com
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
2020-06-22 07:02 - 2017-05-07 09:00 - 000000000 ____D C:\ProgramData\Avira
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
host:
emptytemp:
end::