start::
SystemRestore: on
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKU\S-1-5-21-248165921-2104806400-329976621-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [5117448 2022-06-18] 
Task: {A0E0D419-9A01-4998-8DB1-DB9A412378AC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
FF Extension: (Pas de nom) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [non trouvé(e)]
CHR Extension: (IGRAAL : Cashback & codes promo) - C:\Users\MICETKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm
CHR HKU\S-1-5-21-248165921-2104806400-329976621-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
2022-07-01 16:03 - 2022-07-01 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2022-07-01 14:43 - 2022-07-01 14:43 - 000000000 _____ C:\Users\MICETKA\Downloads\Non confirmé 906945.crdownload
2022-07-01 14:43 - 2022-07-01 14:43 - 000000000 _____ C:\Users\MICETKA\Downloads\Non confirmé 151185.crdownload
2022-07-01 14:41 - 2022-07-01 14:41 - 000000000 _____ C:\Users\MICETKA\Downloads\Non confirmé 896747.crdownload
2022-07-01 14:41 - 2022-07-01 14:41 - 000000000 _____ C:\Users\MICETKA\Downloads\Non confirmé 177454.crdownload
2022-07-01 14:38 - 2022-07-01 14:38 - 000000000 _____ C:\Users\MICETKA\Downloads\Non confirmé 662921.crdownload
2022-07-01 16:04 - 2018-04-19 12:06 - 000000000 ____D C:\Program Files (x86)\Avira
2022-07-01 16:03 - 2021-04-15 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2022-07-01 16:03 - 2018-04-19 12:06 - 000000000 ____D C:\ProgramData\Avira
2022-07-01 16:02 - 2018-04-19 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2022-07-01 16:02 - 2018-04-19 12:52 - 000000000 ____D C:\Program Files\KMSpico
2022-07-01 14:55 - 2018-04-19 12:52 - 000004608 ____N C:\WINDOWS\SECOH-QAD.exe
C:\Windows\SECOH-QAD.dll
2021-03-04 16:43 - 2022-02-15 11:33 - 000000121 _____ () C:\Users\MICETKA\AppData\Roaming\Camdata.ini
2021-03-04 16:43 - 2022-02-15 11:33 - 000000408 _____ () C:\Users\MICETKA\AppData\Roaming\CamLayout.ini
2021-03-04 16:43 - 2022-02-15 11:33 - 000000408 _____ () C:\Users\MICETKA\AppData\Roaming\CamShapes.ini
2021-03-04 16:43 - 2022-02-15 11:33 - 000004509 _____ () C:\Users\MICETKA\AppData\Roaming\CamStudio.cfg
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => -> Pas de fichier
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => -> Pas de fichier
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
FirewallRules: [{E0E566DA-5815-4739-9B0B-AB30A3B4B9FD}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => Pas de fichier
FirewallRules: [{B200D2AC-E3D4-4FD9-8B55-D3337510DBB8}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => Pas de fichier
EmptyTemp:
cmd: ipconfig /flushdns
cmd: sfc /scannow
cmd: netsh winsock reset 
end::