start::
closeprocesses:
createrestorepoint:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2320812424-4220983261-1301286699-1001\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe (Pas de fichier)
HKU\S-1-5-21-2320812424-4220983261-1301286699-1001\...\MountPoints2: {d18f44a8-99b7-11ec-b9c7-182649db0d6b} - "E:\setup.exe" 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {1A949640-8C31-40C1-8948-E898047C75E6} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c (Pas de fichier)
Task: {28BE5ED1-D0F3-441E-ABA3-5DE8AB959DDE} - System32\Tasks\ASUS Live Update2 => "C:\Program Files\Google\Chrome\Application\chrome.exe" streamcode"."icu
Task: {4827206F-9C94-4716-AB18-5BBC3876B9D4} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler (Pas de fichier)
Task: {5122CABC-B211-4051-9951-C39442DCB338} - System32\Tasks\Opera scheduled Autoupdate 1649269049 => C:\Users\Ashin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {7721CB16-39A7-466A-945D-CC612B138452} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (Pas de fichier)
Task: {A09E3F98-9DEF-45F6-ABED-088D15AA68CF} - System32\Tasks\Firefox Default Browser Agent 01B86521F3A500B2 => C:\Users\Ashin\AppData\Roaming\sghatcw.exe (Pas de fichier) <==== ATTENTION
AutoConfigURL: [{CDA22FBD-D812-4433-A886-24BE28074969}] => hxxp://35.236.159.79/win.pac <==== ATTENTION
AutoConfigURL: [S-1-5-21-2320812424-4220983261-1301286699-1001] => hxxp://35.236.159.79/win.pac <==== ATTENTION
Hosts: 0.0.0.0 keystone.mwbsys.com
ManualProxies: 0hxxp://35.236.159.79/win.pac <==== ATTENTION
Edge Extension: (Avira Safe Shopping) - C:\Users\Ashin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2022-04-14]
C:\Users\Ashin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1206.2\npAvastBrowserUpdate3.dll [Pas de fichier]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1206.2\npAvastBrowserUpdate3.dll [Pas de fichier]
CHR Notifications: Default -> hxxps://haxbyq.com
C:\Users\Ashin\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll
C:\Users\Ashin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh
C:\Users\Ashin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
S3 Disc Soft Lite Bus Service; "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" [X]
S2 MBAMScheduler; "\mbamscheduler.exe" [X]
R2 MBAMService; C:\Program Files\MalwarebytesPremiumPortable_2.2.1.1043-Rev3\App\Malwarebytes\mbamservice.exe [1136608 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2022-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
2022-07-05 22:01 - 2022-07-06 18:27 - 000000000 ____D C:\Users\Ashin\AppData\Roaming\shftool
2022-07-05 22:01 - 2022-07-06 18:27 - 000000000 ____D C:\Users\Ashin\AppData\Roaming\ONbTpmLw5L
2022-07-05 22:01 - 2022-07-06 18:27 - 000000000 ____D C:\Users\Ashin\AppData\Roaming\a7KgyBv3lZ
2022-07-05 22:01 - 2022-07-05 22:03 - 000000000 ____D C:\Users\Ashin\AppData\Roaming\jNSpzs9Op
C:\Users\Ashin\AppData\LocalLow\************
2022-07-15 22:22 - 2022-03-04 23:27 - 000002440 _____ C:\WINDOWS\system32\Tasks\ASUS Live Update2
2022-07-15 22:08 - 2022-07-15 22:08 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2022-07-15 22:08 - 2022-07-15 22:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-15 22:08 - 2016-03-10 15:09 - 000065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-15 22:08 - 2016-03-10 15:08 - 000140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2022-07-15 22:08 - 2016-03-10 15:08 - 000027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-15 22:07 - 2017-04-02 12:59 - 000000000 ____D C:\Program Files\MalwarebytesPremiumPortable_2.2.1.1043-Rev3
2022-07-15 22:06 - 2022-07-15 22:06 - 000000000 ____D C:\Users\Ashin\Downloads\Nouveau dossier
2022-07-15 22:03 - 2022-07-15 22:03 - 002556344 _____ (Malwarebytes) C:\Users\Ashin\Downloads\MBSetup.exe
2022-07-15 21:43 - 2022-07-15 21:43 - 008551608 _____ (Malwarebytes) C:\Users\Ashin\Downloads\adwcleaner_8.3.2.exe
hosts:
cmd: netsh advfirewall reset
emptytemp:
end::