start::
closeprocesses:
createrestorepoint:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File 
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare) 
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" 
HKU\S-1-5-21-2652124737-3112696915-937875129-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated) 
GroupPolicy\User: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR Notifications: Default -> hxxps://drive.google.com; hxxps://forums.commentcamarche.net; hxxps://spark.adobe.com 
S3 EpicOnlineServices; "C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe" [X] 
S3 VBAudioVMVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmvaio64_win10.sys [X] 
2021-01-25 18:26 - 2021-01-25 18:26 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 
2021-01-13 16:09 - 2021-01-13 16:09 - 000000000 ____D C:\Users\TEMP.DESKTOP-G6MDVP0.001\AppData\Roaming\Adobe 
2021-01-24 16:42 - 2020-11-21 18:17 - 000000000 ____D C:\Users\SKEMA\AppData\Local\Adobe 
2020-10-30 16:04 - 2020-10-30 16:04 - 000000377 _____ () C:\Users\SKEMA\AppData\Roaming\AdobeWLCMR2Cache.dat 
cmd: sfc /scannow
emptytemp:
end::