start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKU\S-1-5-21-1680099599-500473341-1714618867-1123\...\MountPoints2: {18da1820-d832-11e7-9c90-605718ce5f85} - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1680099599-500473341-1714618867-1123\...\MountPoints2: {18da182c-d832-11e7-9c90-605718ce5f85} - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1680099599-500473341-1714618867-1123\...\MountPoints2: {eb998086-b673-11e8-be79-605718ce5f85} - D:\HiSuiteDownLoader.exe
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Pas de fichier)
HKU\S-1-5-21-1680099599-500473341-1714618867-1123\...\Run: [] => [X]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
Task: {3A910F9E-8AF7-493D-8428-AB0966D8DCB9} - \Opera scheduled assistant Autoupdate 1607421606 -> Pas de fichier
Task: {5C5B4CF3-38AA-4DF4-BA9A-36A3272F0654} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {F0A8EEE7-DD1F-4618-A340-D3122D0AF730} - System32\Tasks\{28E07DBE-2F81-4C2E-8862-378BB6F091D0} => C:\Program Files (x86)\Mouse Server\MouseServer.exe (Pas de fichier)
Task: {C257E494-3582-4DCD-B375-B75876C6D94C} - System32\Tasks\{56682A7C-E5C0-48E0-9A21-BFA927A63E37} => C:\Program Files (x86)\Mouse Server\MouseServer.exe (Pas de fichier)
KLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
OPR Extension: (Avira Password Manager) - C:\Users\jak\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg [2022-05-13]
OPR Extension: (Avira Phantom VPN gratuit – débloquez des sites) - C:\Users\jak\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd [2020-12-08]
HKLM\SYSTEM\ControlSet001\Services\NAL => C:\Windows\system32\Drivers\iqvw64e.sys
S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S3 SWUMX20; pas de ImagePath
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
2022-05-22 15:46 - 2022-05-22 15:46 - 005587480 _____ (Avira Operations GmbH & Co. KG) C:\Users\jak\Desktop\avira_fr_sptl1_1330939232-1653227141__adwb.exe
2022-05-21 16:50 - 2022-05-21 16:55 - 000000000 ____D C:\ProgramData\PC Cleaner
2022-05-21 16:49 - 2022-05-21 16:49 - 006851152 _____ (PC Helpsoft ) C:\Users\jak\Downloads\PC_Cleaner.exe
2022-05-22 22:25 - 2016-09-17 18:02 - 000000000 ____D C:\Program Files (x86)\Avira
2022-05-22 22:18 - 2020-05-25 18:09 - 000000000 ____D C:\Users\jak\AppData\Roaming\NCH Software
2022-05-22 22:18 - 2018-08-06 17:15 - 000000000 ____D C:\Program Files (x86)\NCH Software
2022-05-22 22:11 - 2016-09-17 18:02 - 000000000 ____D C:\ProgramData\Avira
2022-05-22 15:50 - 2020-09-07 19:17 - 000000000 ____D C:\Users\jak\AppData\Local\Avira
2021-04-23 19:00 - 2021-04-23 19:00 - 000000093 _____ () C:\Users\jak\AppData\Roaming\ARCompanion.log
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\jak\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Toolbar: HKU\S-1-5-21-1680099599-500473341-1714618867-1123 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
EmptyTemp:
cmd: sfc /scannow
cmd: ipconfig /flushdns
cmd: netsh winsock reset 
end::