start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\...\RunOnce: [ZHPCleaner_File1] => CMD /c DEL "C:\Users\Alexandre\AppData\Local\Temp\aria-debug-3984.log" /F /Q <==== ATTENTION
Task: {B5E90F2D-0B77-4030-9C42-121CB4DB1FC3} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
FF Extension: (uBlock Origin) - C:\Users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\zdkqqupt.default\Extensions\uBlock0@raymondhill.net.xpi [2019-03-14]
CHR HKU\S-1-5-21-3166757265-2865098428-1234438810-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-08-28]
2020-01-18 16:58 - 2014-02-06 22:47 - 000000000 ____D C:\BraCa Soft
AlternateDataStreams: C:\WINDOWS\system32\CNC_BXC.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC_BXI.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC_BXL.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHI12A.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHL12A.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA6.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCAN.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHW12A.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMLMBX.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\java.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\javaw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExFolderView.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SER9PL.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WISPTIS.EXE:$CmdTcID [64]
EmptyTemp:
cmd: ipconfig /flushdns
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
cmd: DISM /Online /Cleanup-image /Restorehealth
end::