Start::
CreateRestorePoint
O38 - TASK: {D65E6DD6-C7DD-4D5B-B70B-3C257A5C2516} [64Bits][\FlashHelper TaskMachineCore] - (.重庆重橙网络科技有限公司 - Flash Helper Service.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashHelperService.exe [3538800]
C:\WINDOWS\System32\Tasks\FlashHelper TaskMachineCore - (.重庆重橙网络科技有限公司.) --
C:\Windows\SysWOW64\Macromed\Flash\FlashHelperService.exe
G2 - GCE: Preference [Sytse][User Data\Default\Extensions] [ogihbjnikncdlelafgpobpimcjmbdfmk]
G2 - GCE: Preference [Sytse][User Data\Default\Sync Extension Settings] [ogihbjnikncdlelafgpobpimcjmbdfmk]
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]:BznMMQqmAG.url
O42 - Logiciel: Adobe Flash Player 33 PPAPI - (.Adobe.) [HKLM][64Bits] -- Adobe Flash Player PPAPI =>.Adobe Inc.®
O42 - Logiciel: KMSpico - (..) [HKLM][64Bits] -- {8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [Unsigned] =>HackTool.KMSpico
HKCU\SOFTWARE\AdobeFlash
O43 - CFD: 03/11/2020 - [] D -- C:\Program Files\KMSpico [Unsigned] =>HackTool.KMSpico
O43 - CFD: 14/11/2020 - [0] D -- C:\Program Files\Kms_vl_all =>HackTool.KMSpico
O43 - CFD: 07/01/2021 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
O43 - CFD: 25/06/2019 - [] D -- C:\ProgramData\Adobe Flash Player =>Riskware.FlashPlayer
O43 - CFD: 14/11/2020 - [] D -- C:\ProgramData\KMS_VL_ALL-32-beta =>HackTool.KMSpico
O43 - CFD: 26/02/2020 - [] D -- C:\Program Files (x86)\Common Files\KMSpico =>HackTool.KMSpico
O43 - CFD: 22/03/2020 - [0] D -- C:\Users\31657\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
O43 - CFD: 08/12/2020 - [] D -- C:\Users\31657\AppData\LocalLow\AdobeFlash
O108 - CMH1: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.) [Unsigned]
O108 - CMH6: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.) [Unsigned]
O87 - FAEL: "{DDD52F1D-2C26-4895-8688-A70A17060FC7}" [In-None-P17-TRUE] .(...) -- C:\Program Files\CCleaner\CCleaner64.exe [Unsigned] (.not file.) =>.SUP.Orphan
O87 - FAEL: "{A86F29CA-2687-496D-BBAF-EA3877950CB6}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\CCleaner\CCleaner64.exe [Unsigned] (.not file.) =>.SUP.Orphan
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 =>HackTool.KMSpico
C:\Program Files\KMSpico =>HackTool.KMSpico
C:\Program Files\Kms_vl_all =>HackTool.KMSpico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
C:\ProgramData\Adobe Flash Player =>Riskware.FlashPlayer
C:\ProgramData\KMS_VL_ALL-32-beta =>HackTool.KMSpico
C:\Program Files (x86)\Common Files\KMSpico =>HackTool.KMSpico
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 =>.SUP.Orphan
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>.SUP.Orphan
HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 =>.SUP.Orphan
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 =>.SUP.Orphan
C:\WINDOWS\Installer\19db3.msp =>.SUP.Obsolete.Adobe
C:\Users\31657\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome
C:\Users\31657\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome
C:\Users\31657\AppData\Local\Google\Chrome\User Data\Default\File System\002 =>.SUP.Temporary.Chrome
C:\Users\31657\AppData\Local\Google\Chrome\User Data\Default\File System\003 =>.SUP.Temporary.Chrome
C:\Users\31657\AppData\Local\Google\Chrome\User Data\Default\File System\004 =>.SUP.Temporary.Chrome
C:\Users\31657\AppData\Local\Google\Chrome\User Data\Default\File System\005 =>.SUP.Temporary.Chrome
[HKU\S-1-5-21-1094498001-609716494-228896458-1001\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings]:pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.Optional.QuickStart
ShortcutFix
EmptyTracing
EmptyTemp
EmptyFlash
EmptyPrefetch
ProxyFix
EmptyCLSID
End::