start::
closeprocesses:
createrestorepoint:
C:\Program Files (x86)\F-Secure
HKU\S-1-5-21-1335967941-1673278040-1567979082-1002\...\Run: [MicrosoftEdgeAutoLaunch_CF82B17A892419EC3CBA5BD96F5CD9B3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5 
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION 
Task: {103ECC2C-B769-4C11-8333-E2961367A093} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {10A06F7F-BBB5-4720-BC8E-1D8E5E18F473} - System32\Tasks\F-Secure\Software Updater\F-Secure Software Updater Automatic Installation => C:\Program Files (x86)\F-Secure\PSB\swup\fssua.exe <==== ATTENTION
Task: {6E8B8993-3427-41FB-9886-C3C66708CF2C} - System32\Tasks\AsLiftRightsForClient_SessionSessionId1 => C:\Users\Raymond\AppData\Local\pcvisit Software AG\caloa\pcvisit.Support.guest.15\release\15.0.3.5816\client.exe [7285416 2015-02-28] (pcvisit software ag -> pcvisit Software ag) 
Task: C:\WINDOWS\Tasks\AsLiftRightsForClient_SessionSessionId1.job => C:\Users\Raymond\AppData\Local\pcvisit Software AG\caloa\pcvisit.Support.guest.15\release\15.0.3.5816\client.exe 
Task: {1331F41C-EA7C-4C80-AD8D-FF3EAB8A45CE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe 
Task: {27B57458-D4FE-46A4-931F-5E11173ECB41} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FF6F654-1DF4-4B70-AC26-612C87DE7C16} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {39C72344-527F-4774-AE2E-335DBF321A52} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {4FC092FD-40E5-407F-B8E5-EECF5F9A607B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe 
Task: {5C67AB8A-2064-4873-A8AA-0694C4CDFB67} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5FE87118-83CF-471A-ABC7-CA6568D4308A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe 
Task: {6918F027-74B1-4773-B742-77571B133C1C} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\F-Secure\PSB\fsscan.exe
Task: {6D13B63D-E693-47AC-B342-C27A0FFF1802} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {6D25906E-A62C-40DF-AB71-C52B82B99C8F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe 
Task: {76C9CB40-58E1-421E-8600-962CC15180D8} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe 
Task: {783F39BF-86D9-4AC2-90C5-1B2494AE3742} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {784E024B-A574-443D-A0F6-0A4D3EDAE674} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} 
Task: {8DA6E151-2B4F-498C-9630-D0EBF793846B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A3CCA2B1-44E2-45E4-9164-8DF2786CD052} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe 
Task: {B3E16941-25B7-4113-9215-5B234173CACD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B49B4EAD-D9C6-470F-90C5-C03FF8099E5A} - System32\Tasks\F-Secure\Software Updater\LaunchSTDeployForPostBootActions (bc5bab78-2abd-4a80-aff5-05d5a8ca7fa9) => C:\ProgramData\F-Secure\swup2\working\deployer\Installation\InstallationSandbox#2019-02-15-T-12-00-51\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\ProgramData\F-Secure\swup2\working\deployer\Installation\InstallationSandbox#2019-02-15-T-12-00-51" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {B72680A9-2A66-49D1-8BA6-F2A8B3E9BD35} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} 
Task: {C6DCA586-E19B-4F92-B541-3A11237BCF20} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe 
Task: {CB0FDA7A-57F9-4199-B175-570D7FD48013} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CE899445-5BEB-47FF-BBA5-C686F53AF19F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DC648C5C-6761-42BF-BC40-A4AA4D42D41B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E2ACC2A3-DFD1-4656-989C-DB6F5ED67109} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E3EB780E-A556-42E1-A1A9-76291528EDB8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe 
Task: {E8E8FD32-213B-4F32-A3B6-A441C92AF058} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe 
Task: {EA956834-7F5C-46A5-A959-4E063FB069FC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe 
Task: {ED99EB66-6613-45F5-BE48-9EE787E76D28} - System32\Tasks\F-Secure\Software Updater\LaunchSTDeployForPostBootActions (19074398-e62d-402a-99c1-c7500a9689f6) => C:\ProgramData\F-Secure\swup2\working\deployer\Installation\InstallationSandbox#2019-02-22-T-12-01-54\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\ProgramData\F-Secure\swup2\working\deployer\Installation\InstallationSandbox#2019-02-22-T-12-01-54" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION 
Task: {EDDA35DC-B7DA-4323-B86E-202A735E40F7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FFB18CC3-3E76-4733-A13E-DB295597589E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe 
Task: C:\WINDOWS\Tasks\Scheduled scanning task.job => C:\Program Files (x86)\F-Secure\PSB\fsscan.exe 
DownloadDir: C:\Users\Raymond\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-1335967941-1673278040-1567979082-1002 -> hxxp://www.google.ch/
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-02-12] 
Edge HKU\S-1-5-21-1335967941-1673278040-1567979082-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] 
Edge HomePage: Default -> hxxps://www.msn.com/?PC=UF01
Edge StartupUrls: Default -> "hxxps://www.bluewin.ch/fr/index.html" 
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\FFExt\light_plugin_firefox\addon.xpi => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\FFExt\light_plugin_firefox\addon.xpi => non trouvé(e) 
R2 FSMA; C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE [215520 2016-04-06] (F-Secure Corporation -> F-Secure Corporation) 
R1 FSES; C:\WINDOWS\System32\drivers\fses.sys [55488 2016-01-18] (F-Secure Corporation -> F-Secure Corporation) 
2021-03-11 15:02 - 2021-03-11 15:06 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2021-03-11 15:01 - 2021-03-11 15:02 - 309444608 _____ C:\Users\Raymond\Downloads\EmsisoftAntiMalwareSetup64.msi 
2021-03-11 13:17 - 2021-03-11 14:25 - 000000000 ____D C:\Users\Raymond\AppData\Local\ESET
2021-03-11 13:17 - 2021-03-11 13:17 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Raymond\Downloads\esetonlinescanner.exe
2021-03-11 13:17 - 2021-03-11 13:17 - 000000825 _____ C:\Users\Raymond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-03-11 13:17 - 2021-03-11 13:17 - 000000697 _____ C:\Users\Raymond\Desktop\ESET Online Scanner.lnk 
2021-03-08 14:23 - 2021-03-08 14:26 - 000000000 ____D C:\ProgramData\HitmanPro 
2021-03-08 14:03 - 2021-03-08 14:03 - 000000000 ____D C:\ProgramData\Malwarebytes 
cmd: netsh advfirewall reset
emptytemp:
end::