start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\90.1.9508.212\Installer\chrmstp.exe"
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\88.0.7844.104\Installer\chrmstp.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {615EDFB3-F952-4503-87F6-4B5397ED3570} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {C8E75F56-85CB-4639-B1EF-0C4C0CDB6041} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {CE4E256D-4DEF-4468-947C-CA2E89B90AB4} - System32\Tasks\BlueStacksHelper => C:\ProgramData\Bitmoji\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\ASUS Console" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\ASUS P4G" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\ASUS USB Charger Plus" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\BlueStacksHelper" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\HP AR Program Upload - 3a48538c0894458eae4e2a2280fe29016d733ae5c6e949ee9e675cbe4a9ce411" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\HP AR Program Upload - 3c6498f9a24449bbb1ce34fa1023e8ab240a03ebc56b44f49aef58c72487cb2c" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(22): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3382590871-3823213782-2396755087-1002" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(23): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3382590871-3823213782-2396755087-500" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(24): schtasks.exe -> /Change /TN "\P4GIntlCtrl" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(25): schtasks.exe -> /Change /TN "\RtHDVBg" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(26): schtasks.exe -> /Change /TN "\RTKCPL" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(27): schtasks.exe -> /Change /TN "\WD Device Agent Task mac" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(28): schtasks.exe -> /Change /TN "\WD Discovery Service Task mac" /ENABLE
Task: {FEF9D8CF-906E-4056-B08D-1F4564A1DBFA} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(29): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
FF Extension: (Browsec VPN - Free VPN for Firefox) - C:\Users\MAC\AppData\Roaming\Mozilla\Firefox\Profiles\yf62nl8w.default\Extensions\browsec@browsec.com.xpi
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\MAC\AppData\Roaming\Mozilla\Firefox\Profiles\yf62nl8w.default\Extensions\sp@avast.com.xpi
FF Extension: (Avast Online Security) - C:\Users\MAC\AppData\Roaming\Mozilla\Firefox\Profiles\yf62nl8w.default\Extensions\wrc@avast.com.xpi
FF Plugin HKU\S-1-5-21-3382590871-3823213782-2396755087-1002: @tools.google.com/Google Update;version=3 -> C:\Users\MAC\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-3382590871-3823213782-2396755087-1002: @tools.google.com/Google Update;version=9 -> C:\Users\MAC\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [Pas de fichier]
CHR HKU\S-1-5-21-3382590871-3823213782-2396755087-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf]
CHR HKU\S-1-5-21-3382590871-3823213782-2396755087-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
R0 09C74B12; C:\WINDOWS\System32\drivers\09C74B12.sys
2021-07-14 14:28 - 2018-06-08 17:36 - 000000000 ____D C:\Users\MAC\AppData\Local\AVAST Software
2021-07-14 14:28 - 2014-10-19 16:41 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-14 14:20 - 2021-01-18 14:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-07-03 10:34 - 2014-10-13 12:48 - 000002828 ___SH C:\WINDOWS\SysWOW64\KGyGaAvL.sys
2019-11-28 13:19 - 2019-11-28 13:28 - 000000096 _____ () C:\Users\MAC\AppData\Roaming\Camdata.ini
2019-11-28 13:19 - 2019-11-28 13:28 - 000000408 _____ () C:\Users\MAC\AppData\Roaming\CamLayout.ini
2019-11-28 13:19 - 2019-11-28 13:28 - 000000408 _____ () C:\Users\MAC\AppData\Roaming\CamShapes.ini
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3382590871-3823213782-2396755087-1002 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3382590871-3823213782-2396755087-1002 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3382590871-3823213782-2396755087-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3382590871-3823213782-2396755087-1002 -> Pas de nom - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Pas de fichier
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab
HKLM\...\StartupApproved\Run32: => "vspdfprsrv.exe"
HKU\S-1-5-21-3382590871-3823213782-2396755087-1002\...\StartupApproved\Run: => "WahOO"
EmptyTemp:
cmd: ipconfig /flushdns
cmd: sfc /scannow
end::