start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3027819176-2949685208-2171496700-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1587680 2018-11-30] (Google Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\Installer\chrmstp.exe [2018-12-05] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\70.1.973.111\Installer\chrmstp.exe [2019-01-06] (AVAST Software)
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDyDtA0FzztByDtAtDyE0DtN0D0Tzu0CyCyDtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1567602139&ir=","hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZLPTi8JOzLs49daZvMli2TLuQadXuzWLKndxrm0Gr_vpwDRIF82eQPKHjh3UhD9zeFOsXPun6rifLY-4rQ_SbmIZN-uUQHdOGSq_mb1VET20_2AavGvHvWSpvLaHpwa2aBEIKtnKt2Oog,,","hxxps://www.google.com/","hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZLPTi8JOzLs49daZvMli2TLuQadXuzWLKndxrm0Gr_vpwDRIF82eQPKHjh3UhD9zeFOsXPun6rifLY-4rQ_SbmIZN-uUQHdOGSq_mb1VET20_2AavGvHvWSpvLaHpwa2aBEIKtnKt2Oog,"
U3 aswbdisk; pas de ImagePath
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Spotify
DeleteValue: HKU\S-1-5-21-3027819176-2949685208-2171496700-1001\Software\Microsoft\Windows\CurrentVersion\Run|Spotify
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx
DeleteKey: HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip
DeleteKey: HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64
DeleteKey: HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu
DeleteKey: HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx
DeleteKey: HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip
DeleteKey: HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu
DeleteKey: HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C9A6EDBD-11B5-45D8-B458-45473E82E0A0}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B78D1BC3-CD86-4193-BDB8-988064A3B0A9}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{61CA3903-C81E-4E74-AFFC-078FD6CEF19F}D:\games\total war - attila\attila.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CA1B61E7-378B-435E-94D9-A7022D5624F3}D:\games\total war - attila\attila.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F02580C8-E190-43F5-92BC-B68C6B1492BF}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{383D6A57-E056-449C-801F-9D7623182FE4}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E6B3D981-BBA9-444C-AFEB-27C5ECC68A8A}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{43C1F642-15CF-418F-B778-86665A015D28}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A8A029F2-E902-4256-BC3C-1EAE4FBC3D77}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{231C5260-FD43-46C1-9387-44F41CC384B2}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{53F1DBD5-44DA-4409-A77B-E563EEB70FD2}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B7BEDA6C-77AB-424A-A4C2-61231AE267CB}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{26B23B4C-9520-4646-BD71-6AAD9B5DF266}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{16550FF8-6436-4605-9959-1AB9B1A71C74}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{436AE1A4-E81F-49E4-B863-C27CC425E9CA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DF09AC64-0E13-4652-80ED-417E0652FCBE}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C2BA0E90-8787-4F18-B7E8-171E0065A570}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu
DeleteKey: HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}
DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
C:\Users\Alexis\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\Alexis\AppData\Local\Google\Chrome\User Data\Default\File System\068
C:\Users\Alexis\AppData\Local\Google\Chrome\User Data\Default\File System\069
C:\Users\Alexis\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins
2018-04-12 00:34 - 2018-04-12 00:34 - 000059904 ____N (Microsoft Corporation) C:\Users\Alexis\amwjNtMxaU.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000178688 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\UueAX.exe
2019-01-09 11:07 - 2019-01-09 23:38 - 000000000 ___DC () C:\Users\Alexis\AppData\Local\Temp\JSCore.dll
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Pas de fichier
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Pas de fichier
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Pas de fichier
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Pas de fichier
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Pas de fichier
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Pas de fichier
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Pas de fichier
Task: {956F65DA-8D91-4FB1-B720-07CCE3D4FFC7} - System32\Tasks\{2A39C792-0D1B-4169-1B71-F5E9E1A67C9B} => C:\Users\Alexis\amwjNtMxaU.exe [2018-04-12] (Microsoft Corporation)
Task: {FC2B9411-3B53-44AD-88F9-1D05196BC545} - System32\Tasks\{72D6B73F-87BF-7099-0739-64ACB78F7C14} => C:\Windows\SysWOW64\tUiyQA.exe [2018-04-12] 
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
FirewallRules: [{C9A6EDBD-11B5-45D8-B458-45473E82E0A0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Pas de fichier
FirewallRules: [{B78D1BC3-CD86-4193-BDB8-988064A3B0A9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Pas de fichier
FirewallRules: [{F02580C8-E190-43F5-92BC-B68C6B1492BF}] => (Block) D:\games\total war - attila\attila.exe Pas de fichier
FirewallRules: [{383D6A57-E056-449C-801F-9D7623182FE4}] => (Block) D:\games\total war - attila\attila.exe Pas de fichier
EmptyTemp:
end::