CreateRestorePoint:
CloseProcesses:
Edge Session Restore: Default -> est activé.
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HPJumpStartBridge; "C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
S3 MpKsl2e170874; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7537994D-112D-4D73-96F9-F64DEB0760EB}\MpKslDrv.sys [X]
2021-03-17 17:48 - 2021-03-17 17:48 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth19.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-03-17 17:48 - 2021-03-17 17:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-03-21 09:12 - 2020-06-03 22:09 - 000000000 ____D C:\Program Files (x86)\Avira
2021-03-21 09:07 - 2020-06-03 22:09 - 000000000 ____D C:\ProgramData\Avira
AS: Protection antivirus et antispyware McAfee  (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fe9700ea-db9c-48bd-9561-b7d053321d04}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{fe9700ea-db9c-48bd-9561-b7d053321d04}" /f
FirewallRules: [{BFD17B00-4DAF-44CD-9336-AC94949A2398}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Pas de fichier
FirewallRules: [{80F1D054-0150-4D9B-83E4-69020A04514E}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Pas de fichier
FirewallRules: [{7DA4655E-CBC5-4271-A1A8-8490B2F8A057}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Pas de fichier
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
CMD: net stop wuauserv
CMD: sc config wuauserv start= auto
CMD: net start wuauserv
CMD: netsh advfirewall reset 
CMD: netsh int ipv4 reset all
CMD: netsh int ipv6 reset all
CMD: netsh int portproxy reset all
CMD: netsh int tcp reset all
CMD: netsh int ip reset all
CMD: cscript %windir%\System32\slmgr.vbs /dli
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /V SmartScreenEnabled /T REG_SZ /D RequireAdmin /f
cmd: sc config diagtrack start= disabled
cmd: sc config dmwappushservice start= disabled
CMD: echo "" > %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
Reg: REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /V AllowTelemetry /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /V SmartScreenEnabled /T REG_SZ /D RequireAdmin /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V Enable /T REG_SZ /D n /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V OptimizeComplete /T REG_SZ /D no /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V PowerdownAfterShutdown /T REG_SZ /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V ClearPageFileAtShutdown /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 400 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V WaitToKillAppTimeout /T REG_SZ /D 1200 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V HungAppTimeout /T REG_SZ /D 1200 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V AutoEndTasks /T REG_SZ /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillServiceTimeout /T REG_SZ /D 1200 /f
Reg: REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" 
Reg: REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
Reg: REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE"
Reg: REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node"
c:\windows\temp\*.*
C:\Users\CurrentUserName\AppData\Local\Temp\*.*
C:\Windows\SoftwareDistribution\Download\*
EmptyTemp: