start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
EmptyTemp:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {94688F7A-387C-45D1-AC1C-6F33B500639C} URL =
SearchScopes: HKLM-x32 -> DefaultScope {94688F7A-387C-45D1-AC1C-6F33B500639C} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll 
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll 
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Gian-Pietro ANIELLO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho 
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17]
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys 
2018-08-27 17:16 - 2018-08-27 17:16 - 000000000 ___DC C:\ProgramData\{42DEBD12-9D09-4B77-B434-2EF604E45D3D}
2018-08-20 11:27 - 2018-08-20 11:27 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-08-20 11:26 - 2018-08-20 13:25 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-13 14:20 - 2018-08-13 14:20 - 000000000 ____D C:\Program Files\AVAST Software
2018-08-27 16:51 - 2017-11-06 18:36 - 000000000 ____D C:\Users\Gian-Pietro ANIELLO\AppData\Roaming\ObviousIdea
2018-08-13 14:24 - 2017-12-07 11:35 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-08-13 14:20 - 2016-10-21 14:06 - 000000000 ____D C:\ProgramData\AVAST Software
2017-07-29 21:53 - 2017-07-29 21:53 - 009614711 _____ (Snoop05) C:\Program Files (x86)\minimal_adb_fastboot_v1.4.2_setup.exe
CustomCLSID: HKU\S-1-5-21-1522434549-2725168364-1566747796-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll => Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
Task: {7F43E47D-6961-418C-BCA7-90342DBB36F5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {B636E69A-4B8B-4B3A-9A6D-26880A1AB1D8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Shortcut: C:\Users\Gian-Pietro ANIELLO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamb 2.1.0.0 beta 2\Yamb - Website.lnk -> hxxp://yamb.unite-video.com
cmd: ipconfig /flushdns
end::