start 
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-332028018-4059070928-3311543854-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2014-08-27 21:19 - 2014-10-10 19:36 - 0000122 _____ () C:\Users\PANCIATICI\AppData\Roaming\WB.CFG
2016-04-09 23:47 - 2016-04-09 23:47 - 0007618 _____ () C:\Users\PANCIATICI\AppData\Local\Resmon.ResmonCfg
2014-08-27 18:13 - 2014-08-27 18:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
MSCONFIG\startupreg: cacaoweb => "C:\Users\PANCIATICI\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer


EmptyTemp:
end