start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-1432322244-1419771466-744254416-1001\...\Run: [cacaoweb] => C:\Users\Flo\AppData\Roaming\cacaoweb\cacaoweb.exe
InternetURL: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpatialAudioLicenseSrv.url -> URL: file:///C:\Users\Flo\AppData\Local\Temp\RtlUpd64\repair-bde.exe
Task: {011E8719-FDBC-4F4F-A128-6BBDCC0A5A19} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12]
Task: {8B166B78-BC34-40EB-B3B7-3A5874B6C2E6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe 
Task: C:\Windows\Tasks\update-S-1-5-21-1432322244-1419771466-744254416-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
HKU\S-1-5-21-1432322244-1419771466-744254416-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2014-11-27]
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-11-27]
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X]
2019-09-01 16:40 - 2019-03-31 20:54 - 000000000 ____D C:\Users\Flo\AppData\Roaming\cacaoweb
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
AlternateDataStreams: C:\ProgramData\Reprise:lgylqfxlctqffeusff`npefmfs`joejfpfh
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1432322244-1419771466-744254416-1001\...\webcompanion.com -> hxxp://webcompanion.com
EmptyTemp:
cmd: ipconfig /flushdns
end::